Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

tls: set timer to plugin.timeout - 1 (was 10s)

  • Loading branch information...
commit 5975af8cba66fef7ef05be447a4f858c4e035b13 1 parent 87b71fc
@msimerson msimerson authored
Showing with 5 additions and 3 deletions.
  1. +0 −1  config/tls.ini
  2. +5 −2 plugins/tls.js
View
1  config/tls.ini
@@ -1,7 +1,6 @@
; See 'haraka -h tls'
; ciphers: a list of permitted ciphers
-
ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
; no_tls_hosts - if you find servers with broken TLS, add their IP to this
View
7 plugins/tls.js
@@ -90,10 +90,13 @@ exports.hook_unrecognized_command = function (next, connection, params) {
connection.respond(220, "Go ahead.");
var plugin = this;
+ // adjust plugin.timeout like so: echo '45' > config/tls.timeout
+ var timeout = plugin.timeout - 1;
+
var timer = setTimeout(function () {
connection.logerror(plugin, 'timeout');
- return next();
- }, 10 * 1000);
+ return next(DENYSOFTDISCONNECT);
+ }, timeout * 1000);
/* Upgrade the connection to TLS. */
connection.client.upgrade(plugin.tls_opts, function (authorized, verifyError, cert, cipher) {
Please sign in to comment.
Something went wrong with that request. Please try again.