SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2) {
+ static gchar v2_hello = -1;
+
+ /* Zarafa server with disabled SSL v2 rejects connection when
+ SSL v2 compatible hello is sent, thus disabled this by default.
+ After all, SSL v3 should be used in general these days anyway.
+ */
+ if (v2_hello == -1)
+ v2_hello = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_HELLO"), "1") == 0 ? 1 : 0;
+
SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
- SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
+ SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, v2_hello ? PR_TRUE : PR_FALSE);
} else {
SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);