From 57988c83bb4b3f1780f045880ac4a8f36a51c55c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 17 Dec 2020 17:38:17 +0100
Subject: libinterimap: new option SSL_ciphersuites to set the TLSv1.3
 ciphersuites.

Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
---
 Changelog                          |  3 +++
 doc/interimap.1.md                 | 12 +++++++-----
 doc/pullimap.1.md                  | 12 +++++++-----
 lib/Net/IMAP/InterIMAP.pm          |  4 ++++
 tests/list                         |  1 +
 tests/tls-ciphers/interimap.remote |  1 +
 tests/tls-ciphers/remote.conf      |  1 +
 tests/tls-ciphers/t                | 31 +++++++++++++++++++++++++++++++
 tests/tls-rsa+ecdsa/t              |  4 +++-
 9 files changed, 58 insertions(+), 11 deletions(-)
 create mode 120000 tests/tls-ciphers/interimap.remote
 create mode 120000 tests/tls-ciphers/remote.conf
 create mode 100644 tests/tls-ciphers/t

diff --git a/Changelog b/Changelog
index afee1ca..29ca360 100644
--- a/Changelog
+++ b/Changelog
@@ -18,6 +18,9 @@ interimap (0.5.5) upstream;
    settings SSL_protocol_{min,max} are not used, however it's cumbersome
    to do individual checks for specific settings, let alone maintain
    test coverage with multiple OpenSSL versions.
+ * libinterimap: new option SSL_ciphersuites to set the TLSv1.3
+   ciphersuites; also, clarify that SSL_cipherlist only applies to
+   TLSv1.2 and below, see SSL_CTX_set_cipher_list(3ssl).
  + `make release`: also bump libinterimap version and pin it in 'use'
    declarations.
  + Make error messages more uniform and consistent.
diff --git a/doc/interimap.1.md b/doc/interimap.1.md
index ae6224b..2d588ae 100644
--- a/doc/interimap.1.md
+++ b/doc/interimap.1.md
@@ -401,12 +401,14 @@ Valid options are:
     `TLSv1.1`, `TLSv1.2`, and `TLSv1.3`, depending on the OpenSSL
     version used.
 
-*SSL_cipherlist*
+*SSL_cipherlist*, *SSL_ciphersuites*
 
-:   The cipher list to send to the server.  Although the server
-    determines which cipher suite is used, it should take the first
-    supported cipher in the list sent by the client.  See
-    [`ciphers`(1ssl)] for more information.
+:   Sets the TLSv1.2 and below cipher list resp. TLSv1.3 cipher suites.
+    The combination of these lists is sent to the server, which then
+    determines which cipher to use (normally the first supported one
+    from the list sent by the client).  The default suites depend on the
+    OpenSSL version and its configuration, see [`ciphers`(1ssl)] for
+    more information.
 
 *SSL_fingerprint*
 
diff --git a/doc/pullimap.1.md b/doc/pullimap.1.md
index b0bc2fd..89969b2 100644
--- a/doc/pullimap.1.md
+++ b/doc/pullimap.1.md
@@ -220,12 +220,14 @@ Valid options are:
     `TLSv1.1`, `TLSv1.2`, and `TLSv1.3`, depending on the OpenSSL
     version used.
 
-*SSL_cipherlist*
+*SSL_cipherlist*, *SSL_ciphersuites*
 
-:   The cipher list to send to the server.  Although the server
-    determines which cipher suite is used, it should take the first
-    supported cipher in the list sent by the client.  See
-    [`ciphers`(1ssl)] for more information.
+:   Sets the TLSv1.2 and below cipher list resp. TLSv1.3 cipher suites.
+    The combination of these lists is sent to the server, which then
+    determines which cipher to use (normally the first supported one
+    from the list sent by the client).  The default suites depend on the
+    OpenSSL version and its configuration, see [`ciphers`(1ssl)] for
+    more information.
 
 *SSL_fingerprint*
 
diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm
index 856c5c8..09f510f 100644
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -67,6 +67,7 @@ my %OPTIONS = (
     SSL_protocol_max => qr/\A(\P{Control}+)\z/,
     SSL_fingerprint => qr/\A((?:[A-Za-z0-9]+\$)?\p{AHex}+(?: (?:[A-Za-z0-9]+\$)?\p{AHex}+)*)\z/,
     SSL_cipherlist => qr/\A(\P{Control}+)\z/,
+    SSL_ciphersuites => qr/\A(\P{Control}*)\z/, # "an empty list is permissible"
     SSL_hostname => qr/\A(\P{Control}*)\z/,
     SSL_verify => qr/\A(YES|NO)\z/i,
     SSL_CApath => qr/\A(\P{Control}+)\z/,
@@ -1766,6 +1767,9 @@ sub _start_ssl($$) {
     if (defined (my $str = $self->{SSL_cipherlist})) {
         $self->_ssl_error("SSL_CTX_set_cipher_list()") unless Net::SSLeay::CTX_set_cipher_list($ctx, $str) == 1;
     }
+    if (defined (my $str = $self->{SSL_ciphersuites})) {
+        $self->_ssl_error("SSL_CTX_set_ciphersuites()") unless Net::SSLeay::CTX_set_ciphersuites($ctx, $str) == 1;
+    }
 
     my $vpm = Net::SSLeay::X509_VERIFY_PARAM_new() or $self->_ssl_error("X509_VERIFY_PARAM_new()");
     my $purpose = Net::SSLeay::X509_PURPOSE_SSL_SERVER();
diff --git a/tests/list b/tests/list
index cb31a73..d1058ba 100644
--- a/tests/list
+++ b/tests/list
@@ -54,6 +54,7 @@ split-set   Split large sets to avoid extra-long command lines
     tls-rsa+ecdsa           pubkey fingerprint pinning for dual-cert RSA+ECDSA
     tls-sni                 TLS servername extension (SNI)
     tls-protocols           force TLS protocol versions
+    tls-ciphers             force TLS cipher list/suites
 
 . Live synchronization (60s)
     sync-live            local/remote simulation
diff --git a/tests/tls-ciphers/interimap.remote b/tests/tls-ciphers/interimap.remote
new file mode 120000
index 0000000..daf3741
--- /dev/null
+++ b/tests/tls-ciphers/interimap.remote
@@ -0,0 +1 @@
+../tls/interimap.remote
\ No newline at end of file
diff --git a/tests/tls-ciphers/remote.conf b/tests/tls-ciphers/remote.conf
new file mode 120000
index 0000000..6029749
--- /dev/null
+++ b/tests/tls-ciphers/remote.conf
@@ -0,0 +1 @@
+../tls/remote.conf
\ No newline at end of file
diff --git a/tests/tls-ciphers/t b/tests/tls-ciphers/t
new file mode 100644
index 0000000..0dfc771
--- /dev/null
+++ b/tests/tls-ciphers/t
@@ -0,0 +1,31 @@
+# backup config
+install -m0600 "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~"
+with_remote_config() {
+    install -m0600 "$XDG_CONFIG_HOME/interimap/config~" "$XDG_CONFIG_HOME/interimap/config"
+    cat >>"$XDG_CONFIG_HOME/interimap/config"
+}
+
+with_remote_config <<-EOF
+	SSL_protocol_max = TLSv1.2
+	SSL_cipherlist = DHE-RSA-AES128-SHA256:ALL:!COMPLEMENTOFDEFAULT:!eNULL
+EOF
+interimap --debug || error
+grep -Fx "remote: SSL cipher: DHE-RSA-AES128-SHA256 (128 bits)" <"$STDERR" || error
+
+with_remote_config <<-EOF
+	SSL_protocol_max = TLSv1.2
+	SSL_cipherlist = NONEXISTENT:ECDHE-RSA-AES256-SHA384:ALL:!COMPLEMENTOFDEFAULT:!eNULL
+	SSL_ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+EOF
+interimap --debug || error
+grep -Fx "remote: SSL cipher: ECDHE-RSA-AES256-SHA384 (256 bits)" <"$STDERR" || error
+
+with_remote_config <<-EOF
+	SSL_protocol_min = TLSv1.3
+	SSL_cipherlist = DHE-RSA-AES128-SHA256
+	SSL_ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+EOF
+interimap --debug || error
+grep -Fx "remote: SSL cipher: TLS_CHACHA20_POLY1305_SHA256 (256 bits)" <"$STDERR" || error
+
+# vim: set filetype=sh :
diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t
index 8b811fd..c9f5b96 100644
--- a/tests/tls-rsa+ecdsa/t
+++ b/tests/tls-rsa+ecdsa/t
@@ -36,7 +36,9 @@ grep -Fx -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_S
          -e "remote: Peer certificate matches pinned SPKI digest sha256\$$PKEY_ALT_SHA256" \
          <"$STDERR" || error
 
-# force RSA (XXX do we really have to force TLSv1.2 here?)
+# force RSA
+# XXX we also have to force TLS <=1.2 here as the TLSv1.3 ciphersuites
+# don't specify the certificate type (nor key exchange)
 cat >>"$XDG_CONFIG_HOME/interimap/config" <<-EOF
 	SSL_protocol_max = TLSv1.2
 	SSL_cipherlist = EECDH+AESGCM+aRSA
-- 
cgit v1.2.3