From 7fe712882b909931088a318c08041b0e7974a000 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 2 Nov 2013 02:51:18 -0600 Subject: * Update to version 2.19.1 * Upgrade UW-IMAP to Panda IMAP from https://github.com/jonabbey/panda-imap. * Replace tabs by spaces in From and Subject fields to control for size in screen of these fields. Change only in index screen display. --- imap/src/osdep/unix/ssl_unix.c | 50 +++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 18 deletions(-) (limited to 'imap/src/osdep/unix/ssl_unix.c') diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c index 3f6bcce9..d77ed719 100644 --- a/imap/src/osdep/unix/ssl_unix.c +++ b/imap/src/osdep/unix/ssl_unix.c @@ -1,13 +1,5 @@ /* ======================================================================== - * Copyright 1988-2008 University of Washington - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * + * Copyright 2008-2009 Mark Crispin * ======================================================================== */ @@ -15,18 +7,24 @@ * Program: SSL authentication/encryption module * * Author: Mark Crispin - * Networks and Distributed Computing - * Computing & Communications - * University of Washington - * Administration Building, AG-44 - * Seattle, WA 98195 - * Internet: MRC@CAC.Washington.EDU * * Date: 22 September 1998 - * Last Edited: 13 January 2007 + * Last Edited: 8 November 2009 + * + * Previous versions of this file were + * + * Copyright 1988-2008 University of Washington + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * */ #define crypt ssl_private_crypt +#define STRING OPENSSL_STRING #include #include #include @@ -35,11 +33,27 @@ #include #include #include +#undef STRING #undef crypt #define SSLBUFLEN 8192 -#define SSLCIPHERLIST "ALL:!LOW" +/* + * PCI auditing compliance, disable: + * SSLv2 + * anonymous D-H (no certificate + * export encryption ciphers (40 and 56 bits) + * low encryption cipher suites (40 and 56 bits, excluding export) + * null encryption (disabling implied by "ALL") + * + * UW imapd just disables low-grade and null ("ALL:!LOW"). This setting + * will break clients that attempt to use the newly-prohibited mechanisms. + * + * I question the value of disabling SSLv2, as opposed to disabling the SSL + * ports (e.g., 993 for IMAP, 995 for POP3) and using TLS exclusively. + */ + +#define SSLCIPHERLIST "ALL:!SSLv2:!ADH:!EXP:!LOW" /* SSL I/O stream */ @@ -635,7 +649,7 @@ static long ssl_abort (SSLSTREAM *stream) char *ssl_host (SSLSTREAM *stream) { - return tcp_host (stream->tcpstream); + return stream ? tcp_host (stream->tcpstream) : "UNKNOWN"; } -- cgit v1.2.3-54-g00ecf