From a17f0687f5ad115b93ac962b7ec6d5aec9a92b2b Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Fri, 29 Apr 2016 14:30:46 +0300 Subject: [PATCH] lib-ldap: Set minimum protocol if supported by library --- src/lib-ldap/ldap-connection.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib-ldap/ldap-connection.c b/src/lib-ldap/ldap-connection.c index 7b5caa091d..8a468bde44 100644 --- a/src/lib-ldap/ldap-connection.c +++ b/src/lib-ldap/ldap-connection.c @@ -55,10 +55,11 @@ int ldap_connection_setup(struct ldap_connection *conn, const char **error_r) } ldap_set_option(conn->conn, LDAP_OPT_X_TLS, &opt); +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN /* refuse to connect to SSLv2 as it's completely insecure */ opt = LDAP_OPT_X_TLS_PROTOCOL_SSL3; ldap_set_option(conn->conn, LDAP_OPT_X_TLS_PROTOCOL_MIN, &opt); - +#endif opt = conn->set.timeout_secs; /* default timeout */ ldap_set_option(conn->conn, LDAP_OPT_TIMEOUT, &opt);