imapserver: add a tls_level option
Allow the user to block usage of known-bad versions of SSL and TLS. Signed-off-by: Ben Boeckel <mathstuf@gmail.com> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
parent
9bb27de375
commit
f03afcd224
@ -646,6 +646,17 @@ remotehost = examplehost
|
|||||||
#ssl_version = ssl23
|
#ssl_version = ssl23
|
||||||
|
|
||||||
|
|
||||||
|
# This option stands in the [Repository RemoteExample] section.
|
||||||
|
#
|
||||||
|
# TLS support level (optional).
|
||||||
|
#
|
||||||
|
# Specify the level of support that should be allowed for this repository.
|
||||||
|
# Can be used to disallow insecure SSL versions. Supported values are:
|
||||||
|
# tls_secure, tls_no_ssl, tls_compat (the default).
|
||||||
|
#
|
||||||
|
#tls_level = tls_compat
|
||||||
|
|
||||||
|
|
||||||
# This option stands in the [Repository RemoteExample] section.
|
# This option stands in the [Repository RemoteExample] section.
|
||||||
#
|
#
|
||||||
# Specify the port. If not specified, use a default port.
|
# Specify the port. If not specified, use a default port.
|
||||||
|
@ -92,6 +92,7 @@ class IMAPServer:
|
|||||||
self.__verifycert = None # disable cert verification
|
self.__verifycert = None # disable cert verification
|
||||||
self.fingerprint = repos.get_ssl_fingerprint()
|
self.fingerprint = repos.get_ssl_fingerprint()
|
||||||
self.sslversion = repos.getsslversion()
|
self.sslversion = repos.getsslversion()
|
||||||
|
self.tlslevel = repos.gettlslevel()
|
||||||
|
|
||||||
self.oauth2_refresh_token = repos.getoauth2_refresh_token()
|
self.oauth2_refresh_token = repos.getoauth2_refresh_token()
|
||||||
self.oauth2_client_id = repos.getoauth2_client_id()
|
self.oauth2_client_id = repos.getoauth2_client_id()
|
||||||
@ -478,6 +479,7 @@ class IMAPServer:
|
|||||||
timeout=socket.getdefaulttimeout(),
|
timeout=socket.getdefaulttimeout(),
|
||||||
fingerprint=self.fingerprint,
|
fingerprint=self.fingerprint,
|
||||||
use_socket=self.proxied_socket,
|
use_socket=self.proxied_socket,
|
||||||
|
tls_level=self.tlslevel,
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
self.ui.connecting(self.hostname, self.port)
|
self.ui.connecting(self.hostname, self.port)
|
||||||
|
@ -246,6 +246,9 @@ class IMAPRepository(BaseRepository):
|
|||||||
raise OfflineImapError(reason, OfflineImapError.ERROR.REPO)
|
raise OfflineImapError(reason, OfflineImapError.ERROR.REPO)
|
||||||
return cacertfile
|
return cacertfile
|
||||||
|
|
||||||
|
def gettlslevel(self):
|
||||||
|
return self.getconf('tls_level', 'tls_compat')
|
||||||
|
|
||||||
def getsslversion(self):
|
def getsslversion(self):
|
||||||
return self.getconf('ssl_version', None)
|
return self.getconf('ssl_version', None)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user