From 48d35dcbb0eda84992c93b62c5e0125a3a6be21d Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@redhat.com>
Date: Mon, 2 Dec 2024 10:24:06 +0000
Subject: [PATCH] tls: Use automatic DH parameter selection with OpenSSL 1.1.0
 and later, rather than only for 3.0.0+.

---
 imap/tls.c      | 2 +-
 lib/imapoptions | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/imap/tls.c b/imap/tls.c
index f831427af8..219b81e570 100644
--- a/imap/tls.c
+++ b/imap/tls.c
@@ -1020,7 +1020,7 @@ EXPORTED int     tls_init_serverengine(const char *ident,
     SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
     SSL_CTX_set_dh_auto(s_ctx, 1);
 #elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
     /* Load DH params for DHE-* key exchanges */
diff --git a/lib/imapoptions b/lib/imapoptions
index 73487ad0ab..4de289bd5d 100644
--- a/lib/imapoptions
+++ b/lib/imapoptions
@@ -3139,7 +3139,7 @@ product version in the capabilities
 
 { "tls_server_dhparam", NULL, STRING, "3.1.4" }
 /* File containing the DH parameters belonging to the certificate in
-   tls_server_cert. Used by OpenSSL before version 3.0. */
+   tls_server_cert. Used by OpenSSL before version 1.1.1. */
 
 { "tls_server_key", NULL, STRING, "3.1.8" }
 /* File containing the private key belonging to the certificate in