From 57988c83bb4b3f1780f045880ac4a8f36a51c55c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 17 Dec 2020 17:38:17 +0100
Subject: libinterimap: new option SSL_ciphersuites to set the TLSv1.3
 ciphersuites.

Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).
---
 lib/Net/IMAP/InterIMAP.pm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm
index 856c5c8..09f510f 100644
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -67,6 +67,7 @@ my %OPTIONS = (
     SSL_protocol_max => qr/\A(\P{Control}+)\z/,
     SSL_fingerprint => qr/\A((?:[A-Za-z0-9]+\$)?\p{AHex}+(?: (?:[A-Za-z0-9]+\$)?\p{AHex}+)*)\z/,
     SSL_cipherlist => qr/\A(\P{Control}+)\z/,
+    SSL_ciphersuites => qr/\A(\P{Control}*)\z/, # "an empty list is permissible"
     SSL_hostname => qr/\A(\P{Control}*)\z/,
     SSL_verify => qr/\A(YES|NO)\z/i,
     SSL_CApath => qr/\A(\P{Control}+)\z/,
@@ -1766,6 +1767,9 @@ sub _start_ssl($$) {
     if (defined (my $str = $self->{SSL_cipherlist})) {
         $self->_ssl_error("SSL_CTX_set_cipher_list()") unless Net::SSLeay::CTX_set_cipher_list($ctx, $str) == 1;
     }
+    if (defined (my $str = $self->{SSL_ciphersuites})) {
+        $self->_ssl_error("SSL_CTX_set_ciphersuites()") unless Net::SSLeay::CTX_set_ciphersuites($ctx, $str) == 1;
+    }
 
     my $vpm = Net::SSLeay::X509_VERIFY_PARAM_new() or $self->_ssl_error("X509_VERIFY_PARAM_new()");
     my $purpose = Net::SSLeay::X509_PURPOSE_SSL_SERVER();
-- 
cgit v1.2.3