lib-ssl-iostream: Add additional supported protocols

ANY - Any protocol version accepted
TLSv1.3 - Self-explanatory
LATEST - The newest protocol only

diff --git a/src/lib-ssl-iostream/iostream-openssl-common.c b/src/lib-ssl-iostream/iostream-openssl-common.c
index 6fd67490dcb4177d3e7ca1095c2600bd083e9dcf..104d6f78f56173f36ee842faeeaff5ce14427c72 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-common.c
+++ b/src/lib-ssl-iostream/iostream-openssl-common.c
@@ -18,11 +18,30 @@ static const struct {
        int version;
        long opt;
 } protocol_versions[] = {
+#ifdef TLS_ANY_VERSION
+       { "ANY",           TLS_ANY_VERSION,     0 },
+#else
+       { "ANY",           SSL3_VERSION,   0 },
+#endif
        { SSL_TXT_SSLV3,   SSL3_VERSION,   0 },
        { SSL_TXT_TLSV1,   TLS1_VERSION,   SSL_OP_NO_SSLv3 },
        { SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 },
        { SSL_TXT_TLSV1_2, TLS1_2_VERSION,
                SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 },
+#if defined(TLS1_3_VERSION)
+       { "TLSv1.3",       TLS1_3_VERSION,
+               SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+               SSL_OP_NO_TLSv1_2 },
+#endif
+       /* Use latest protocol version. If this is used on some
+          ancient system which does not support ssl_min_protocol,
+          ensure only TLSv1.2 is supported. */
+#ifdef TLS_MAX_VERSION
+       { "LATEST",        TLS_MAX_VERSION,
+#else
+       { "LATEST",        0,
+#endif
+               SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 },
 };
 int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r,
                                    int *version_r)