Do not use SSL_V2_COMPATIBLE_HELLO by default

Zarafa server with disabled SSL v2 rejects connection when
SSL v2 compatible hello is sent, thus disabled this by default.
After all, SSL v3 should be used in general these days anyway.

Use environment variable CAMEL_SSL_V2_HELLO=1 in case your server
requires the old behavior.

diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index d9c6995..09b86ff 100644 (file)
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -554,8 +554,17 @@ enable_ssl (CamelTcpStreamSSL *ssl,
        SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
 
        if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2) {
+               static gchar v2_hello = -1;
+
+               /* Zarafa server with disabled SSL v2 rejects connection when
+                  SSL v2 compatible hello is sent, thus disabled this by default.
+                  After all, SSL v3 should be used in general these days anyway.
+               */
+               if (v2_hello == -1)
+                       v2_hello = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_HELLO"), "1") == 0 ? 1 : 0;
+
                SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
-               SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
+               SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, v2_hello ? PR_TRUE : PR_FALSE);
        } else {
                SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
                SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);