tls: set timer to plugin.timeout - 1 (was 10s)

baudehlo · Jun 10, 2014 · 5975af8 · 5975af8
1 parent 87b71fc
commit 5975af8
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/config/tls.ini b/config/tls.ini
@@ -1,7 +1,6 @@
 ; See 'haraka -h tls'
 
 ; ciphers: a list of permitted ciphers
-
 ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
 
 ; no_tls_hosts - if you find servers with broken TLS, add their IP to this

diff --git a/plugins/tls.js b/plugins/tls.js
@@ -90,10 +90,13 @@ exports.hook_unrecognized_command = function (next, connection, params) {
     connection.respond(220, "Go ahead.");
 
     var plugin = this;
+    // adjust plugin.timeout like so: echo '45' > config/tls.timeout
+    var timeout = plugin.timeout - 1;
+
     var timer = setTimeout(function () {
         connection.logerror(plugin, 'timeout');
-        return next();
+        return next(DENYSOFTDISCONNECT);
-    }, 10 * 1000);
+    }, timeout * 1000);
 
     /* Upgrade the connection to TLS. */
     connection.client.upgrade(plugin.tls_opts, function (authorized, verifyError, cert, cipher) {