From b1a5cb02bc7412abc6ba3da29dd0f4eaed0c77e0 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Wed, 20 Feb 2013 13:48:54 +0100
Subject: [PATCH] Do not use SSL_V2_COMPATIBLE_HELLO by default

Zarafa server with disabled SSL v2 rejects connection when
SSL v2 compatible hello is sent, thus disabled this by default.
After all, SSL v3 should be used in general these days anyway.

Use environment variable CAMEL_SSL_V2_HELLO=1 in case your server
requires the old behavior.
---
 camel/camel-tcp-stream-ssl.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index d9c6995..09b86ff 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -554,8 +554,17 @@ enable_ssl (CamelTcpStreamSSL *ssl,
 	SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
 
 	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2) {
+		static gchar v2_hello = -1;
+
+		/* Zarafa server with disabled SSL v2 rejects connection when
+		   SSL v2 compatible hello is sent, thus disabled this by default.
+		   After all, SSL v3 should be used in general these days anyway.
+		*/
+		if (v2_hello == -1)
+			v2_hello = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_HELLO"), "1") == 0 ? 1 : 0;
+
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
-		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
+		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, v2_hello ? PR_TRUE : PR_FALSE);
 	} else {
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
 		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
-- 
2.7.4