add support for (disabling) TLS v1.1 and v1.2
This commit is contained in:
Oswald Buddenhagen
parent
c7ebe2da95
commit
fbba8f1cda
|
|
@ -1980,6 +1980,10 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
|
|||
server->sconf.use_sslv3 = parse_bool( cfg );
|
||||
else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
|
||||
server->sconf.use_tlsv1 = parse_bool( cfg );
|
||||
else if (!strcasecmp( "UseTLSv1.1", cfg->cmd ))
|
||||
server->sconf.use_tlsv11 = parse_bool( cfg );
|
||||
else if (!strcasecmp( "UseTLSv1.2", cfg->cmd ))
|
||||
server->sconf.use_tlsv12 = parse_bool( cfg );
|
||||
else if (!strcasecmp( "RequireCRAM", cfg->cmd ))
|
||||
server->require_cram = parse_bool( cfg );
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -63,6 +63,8 @@ typedef struct server_conf {
|
|||
unsigned use_sslv2:1;
|
||||
unsigned use_sslv3:1;
|
||||
unsigned use_tlsv1:1;
|
||||
unsigned use_tlsv11:1;
|
||||
unsigned use_tlsv12:1;
|
||||
|
||||
/* these are actually variables and are leaked at the end */
|
||||
SSL_CTX *SSLContext;
|
||||
|
|
|
|||
10
src/mbsync.1
10
src/mbsync.1
|
|
@ -294,6 +294,16 @@ Use TLSv1 for communication with the IMAP server over SSL?
|
|||
(Default: \fIyes\fR)
|
||||
..
|
||||
.TP
|
||||
\fBUseTLSv1.1\fR \fIyes\fR|\fIno\fR
|
||||
Use TLSv1.1 for communication with the IMAP server over SSL?
|
||||
(Default: \fIno\fR)
|
||||
..
|
||||
.TP
|
||||
\fBUseTLSv1.2\fR \fIyes\fR|\fIno\fR
|
||||
Use TLSv1.2 for communication with the IMAP server over SSL?
|
||||
(Default: \fIno\fR)
|
||||
..
|
||||
.TP
|
||||
\fBPipelineDepth\fR \fIdepth\fR
|
||||
Maximum number of IMAP commands which can be simultaneously in flight.
|
||||
Setting this to \fI1\fR disables pipelining.
|
||||
|
|
|
|||
15
src/socket.c
15
src/socket.c
|
|
@ -231,14 +231,9 @@ static int
|
|||
init_ssl_ctx( const server_conf_t *conf )
|
||||
{
|
||||
server_conf_t *mconf = (server_conf_t *)conf;
|
||||
const SSL_METHOD *method;
|
||||
int options = 0;
|
||||
|
||||
if (conf->use_tlsv1 && !conf->use_sslv2 && !conf->use_sslv3)
|
||||
method = TLSv1_client_method();
|
||||
else
|
||||
method = SSLv23_client_method();
|
||||
mconf->SSLContext = SSL_CTX_new( method );
|
||||
mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() );
|
||||
|
||||
if (!conf->use_sslv2)
|
||||
options |= SSL_OP_NO_SSLv2;
|
||||
|
|
@ -246,6 +241,14 @@ init_ssl_ctx( const server_conf_t *conf )
|
|||
options |= SSL_OP_NO_SSLv3;
|
||||
if (!conf->use_tlsv1)
|
||||
options |= SSL_OP_NO_TLSv1;
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
if (!conf->use_tlsv11)
|
||||
options |= SSL_OP_NO_TLSv1_1;
|
||||
#endif
|
||||
#ifdef SSL_OP_NO_TLSv1_2
|
||||
if (!conf->use_tlsv12)
|
||||
options |= SSL_OP_NO_TLSv1_2;
|
||||
#endif
|
||||
|
||||
SSL_CTX_set_options( mconf->SSLContext, options );
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user