lib-master: Add ssl_cipher_suites

author Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 26 Mar 2021 10:08:40 +0000 (12:08 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Tue, 13 Apr 2021 08:48:25 +0000 (08:48 +0000)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 26 Mar 2021 10:08:40 +0000 (12:08 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Tue, 13 Apr 2021 08:48:25 +0000 (08:48 +0000)
diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c

index dbe306c4d22e6282c36ec3dc0c0cb3940428c55b..90cd6383e0f2662d1bd1b2f1df165fb137cd72c7 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -29,6 +29,7 @@ static const struct setting_define master_service_ssl_setting_defines[] = {
         DEF(STR, ssl_client_key),
         DEF(STR, ssl_dh),
         DEF(STR, ssl_cipher_list),
+       DEF(STR, ssl_cipher_suites),
         DEF(STR, ssl_curve_list),
         DEF(STR, ssl_min_protocol),
         DEF(STR, ssl_cert_username_field),
@@ -62,6 +63,7 @@ static const struct master_service_ssl_settings master_service_ssl_default_setti
         .ssl_client_key = "",
         .ssl_dh = "",
         .ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
+       .ssl_cipher_suites = "", /* Use TLS library provided value */
         .ssl_curve_list = "",
         .ssl_min_protocol = "TLSv1",
         .ssl_cert_username_field = "commonName",
@@ -177,6 +179,8 @@ void master_service_ssl_settings_to_iostream_set(
         i_zero(set_r);
         set_r->min_protocol = p_strdup(pool, ssl_set->ssl_min_protocol);
         set_r->cipher_list = p_strdup(pool, ssl_set->ssl_cipher_list);
+       /* leave NULL if empty - let library decide */
+       set_r->ciphersuites = p_strdup_empty(pool, ssl_set->ssl_cipher_suites);
         /* NOTE: It's a bit questionable whether ssl_ca should be used for
            clients. But at least for now it's needed for login-proxy. */
         set_r->ca = p_strdup_empty(pool, ssl_set->ssl_ca);
diff --git a/src/lib-master/master-service-ssl-settings.h b/src/lib-master/master-service-ssl-settings.h

index 3d75ee4714bce190f09b4b1e856ffc19a00c0b8a..ec79c1f1d3171c09f97d2e07971748db16ecdf92 100644 (file)
--- a/src/lib-master/master-service-ssl-settings.h
+++ b/src/lib-master/master-service-ssl-settings.h
@@ -18,6 +18,7 @@ struct master_service_ssl_settings {
         const char *ssl_client_key;
         const char *ssl_dh;
         const char *ssl_cipher_list;
+       const char *ssl_cipher_suites;
         const char *ssl_curve_list;
         const char *ssl_min_protocol;
         const char *ssl_cert_username_field;
diff --git a/src/lib-storage/mail-storage-settings.c b/src/lib-storage/mail-storage-settings.c

index 21808b9bfc32f5710e6f8453df9ed93eb8178fc5..7a6e66e5b6b161b39c416d7e5d8e6c09a833081f 100644 (file)
--- a/src/lib-storage/mail-storage-settings.c
+++ b/src/lib-storage/mail-storage-settings.c
@@ -87,6 +87,7 @@ static const struct setting_define mail_storage_setting_defines[] = {
         DEF(STR, ssl_client_cert),
         DEF(STR, ssl_client_key),
         DEF(STR, ssl_cipher_list),
+       DEF(STR, ssl_cipher_suites),
         DEF(STR, ssl_curve_list),
         DEF(STR, ssl_min_protocol),
         DEF(STR, ssl_crypto_device),
@@ -155,6 +156,7 @@ const struct mail_storage_settings mail_storage_default_settings = {
         .ssl_client_cert = "",
         .ssl_client_key = "",
         .ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
+       .ssl_cipher_suites = "", /* Use TLS library provided value */
         .ssl_curve_list = "",
         .ssl_min_protocol = "TLSv1",
         .ssl_crypto_device = "",
@@ -824,6 +826,8 @@ void mail_storage_settings_init_ssl_client_settings(const struct mail_storage_se
         if (*mail_set->ssl_client_key != '\0')
                 ssl_set_r->cert.key = mail_set->ssl_client_key;
         ssl_set_r->cipher_list = mail_set->ssl_cipher_list;
+       if (*mail_set->ssl_cipher_suites != '\0')
+               ssl_set_r->ciphersuites = mail_set->ssl_cipher_suites;
         ssl_set_r->curve_list = mail_set->ssl_curve_list;
         ssl_set_r->min_protocol = mail_set->ssl_min_protocol;
         ssl_set_r->crypto_device = mail_set->ssl_crypto_device;
diff --git a/src/lib-storage/mail-storage-settings.h b/src/lib-storage/mail-storage-settings.h

index e09fe84519c3cd92bd7798ce8bc667807d55c03d..66e578d948979232483a0c4c7f024d86e269938f 100644 (file)
--- a/src/lib-storage/mail-storage-settings.h
+++ b/src/lib-storage/mail-storage-settings.h
@@ -69,6 +69,7 @@ struct mail_storage_settings {
         const char *ssl_client_cert;
         const char *ssl_client_key;
         const char *ssl_cipher_list;
+       const char *ssl_cipher_suites;
         const char *ssl_curve_list;
         const char *ssl_min_protocol;
         const char *ssl_crypto_device;
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 26 Mar 2021 10:08:40 +0000 (12:08 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Tue, 13 Apr 2021 08:48:25 +0000 (08:48 +0000)
src/lib-master/master-service-ssl-settings.c		patch \| blob \| blame \| history
src/lib-master/master-service-ssl-settings.h		patch \| blob \| blame \| history
src/lib-storage/mail-storage-settings.c		patch \| blob \| blame \| history
src/lib-storage/mail-storage-settings.h		patch \| blob \| blame \| history