commit dd5c2445cbb51d2c6804758dac8bafa1935a5545
Author: Oswald Buddenhagen <[email protected]>
Date: Sun Feb 3 17:47:05 2013 +0100
add support for (disabling) TLS v1.1 and v1.2
src/drv_imap.c | 4 ++++
src/isync.h | 2 ++
src/mbsync.1 | 10 ++++++++++
src/socket.c | 15 +++++++++------
4 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 3e10897..378c351 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1980,6 +1980,10 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep
)
server->sconf.use_sslv3 = parse_bool( cfg );
else if (!strcasecmp( "UseTLSv1", cfg->cmd ))
server->sconf.use_tlsv1 = parse_bool( cfg );
+ else if (!strcasecmp( "UseTLSv1.1", cfg->cmd ))
+ server->sconf.use_tlsv11 = parse_bool( cfg );
+ else if (!strcasecmp( "UseTLSv1.2", cfg->cmd ))
+ server->sconf.use_tlsv12 = parse_bool( cfg );
else if (!strcasecmp( "RequireCRAM", cfg->cmd ))
server->require_cram = parse_bool( cfg );
#endif
diff --git a/src/isync.h b/src/isync.h
index ef6759e..e8f238d 100644
--- a/src/isync.h
+++ b/src/isync.h
@@ -63,6 +63,8 @@ typedef struct server_conf {
unsigned use_sslv2:1;
unsigned use_sslv3:1;
unsigned use_tlsv1:1;
+ unsigned use_tlsv11:1;
+ unsigned use_tlsv12:1;
/* these are actually variables and are leaked at the end */
SSL_CTX *SSLContext;
diff --git a/src/mbsync.1 b/src/mbsync.1
index d452e31..5dba203 100644
--- a/src/mbsync.1
+++ b/src/mbsync.1
@@ -294,6 +294,16 @@ Use TLSv1 for communication with the IMAP server over SSL?
(Default: \fIyes\fR)
..
.TP
+\fBUseTLSv1.1\fR \fIyes\fR|\fIno\fR
+Use TLSv1.1 for communication with the IMAP server over SSL?
+(Default: \fIno\fR)
+..
+.TP
+\fBUseTLSv1.2\fR \fIyes\fR|\fIno\fR
+Use TLSv1.2 for communication with the IMAP server over SSL?
+(Default: \fIno\fR)
+..
+.TP
\fBPipelineDepth\fR \fIdepth\fR
Maximum number of IMAP commands which can be simultaneously in flight.
Setting this to \fI1\fR disables pipelining.
diff --git a/src/socket.c b/src/socket.c
index e372483..22be813 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -231,14 +231,9 @@ static int
init_ssl_ctx( const server_conf_t *conf )
{
server_conf_t *mconf = (server_conf_t *)conf;
- const SSL_METHOD *method;
int options = 0;
- if (conf->use_tlsv1 && !conf->use_sslv2 && !conf->use_sslv3)
- method = TLSv1_client_method();
- else
- method = SSLv23_client_method();
- mconf->SSLContext = SSL_CTX_new( method );
+ mconf->SSLContext = SSL_CTX_new( SSLv23_client_method() );
if (!conf->use_sslv2)
options |= SSL_OP_NO_SSLv2;
@@ -246,6 +241,14 @@ init_ssl_ctx( const server_conf_t *conf )
options |= SSL_OP_NO_SSLv3;
if (!conf->use_tlsv1)
options |= SSL_OP_NO_TLSv1;
+#ifdef SSL_OP_NO_TLSv1_1
+ if (!conf->use_tlsv11)
+ options |= SSL_OP_NO_TLSv1_1;
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+ if (!conf->use_tlsv12)
+ options |= SSL_OP_NO_TLSv1_2;
+#endif
SSL_CTX_set_options( mconf->SSLContext, options );
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
