18 files changed, 652 insertions, 36 deletions
diff --git a/SConstruct b/SConstruct
index 888e3f95..d1813bd1 100644
--- a/SConstruct
+++ b/SConstruct
@@ -222,10 +222,13 @@ libvmime_messaging_sources = [
 libvmime_net_tls_sources = [
 	'net/tls/TLSSession.cpp', 'net/tls/TLSSession.hpp',
 	'net/tls/TLSSocket.cpp', 'net/tls/TLSSocket.hpp',
+	'net/tls/TLSProperties.cpp', 'net/tls/TLSProperties.hpp',
 	'net/tls/gnutls/TLSSession_GnuTLS.cpp', 'net/tls/gnutls/TLSSession_GnuTLS.hpp',
 	'net/tls/gnutls/TLSSocket_GnuTLS.cpp', 'net/tls/gnutls/TLSSocket_GnuTLS.hpp',
+	'net/tls/gnutls/TLSProperties_GnuTLS.cpp', 'net/tls/gnutls/TLSProperties_GnuTLS.hpp',
 	'net/tls/openssl/TLSSession_OpenSSL.cpp', 'net/tls/openssl/TLSSession_OpenSSL.hpp',
 	'net/tls/openssl/TLSSocket_OpenSSL.cpp', 'net/tls/openssl/TLSSocket_OpenSSL.hpp',
+	'net/tls/openssl/TLSProperties_OpenSSL.cpp', 'net/tls/openssl/TLSProperties_OpenSSL.hpp',
 	'net/tls/openssl/OpenSSLInitializer.cpp', 'net/tls/openssl/OpenSSLInitializer.hpp',
 	'net/tls/TLSSecuredConnectionInfos.cpp', 'net/tls/TLSSecuredConnectionInfos.hpp',
 	'security/cert/certificateChain.cpp', 'security/cert/certificateChain.hpp',
diff --git a/doc/book/net.tex b/doc/book/net.tex
index 7359c3e3..8b1c7fa7 100644
--- a/doc/book/net.tex
+++ b/doc/book/net.tex
@@ -1006,3 +1006,68 @@ Finally, to make the service use your own certificate verifier, simply write:
 theService->setCertificateVerifier(vmime::create <myCertVerifier>());
 \end{lstlisting}
 
+\subsection{SSL/TLS Properties} % --------------------------------------------
+
+If you want to customize behavior or set some options on TLS/SSL connection,
+you may use the TLSProperties object, and pass it to the service session. The
+TLS/SSL options must be set {\em before} creating any service with the session
+(ie. before calling either {\vcode getStore()} or {\vcode getTransport()} on
+the session), or they will not be used.
+
+The following example shows how to set the cipher suite preferences for TLS:
+
+\begin{lstlisting}[caption={Setting TLS cipher suite preferences}]
+vmime::ref <vmime::net::session> sess = /* ... */;
+
+vmime::ref <vmime::net::tls::TLSProperties> tlsProps =
+	vmime::create <vmime::net::tls::TLSProperties>();
+
+// for OpenSSL
+tlsProps->setCipherString("HIGH:!ADH:@STRENGTH");
+
+// for GNU TLS
+tlsProps->setCipherString("NORMAL:%SSL3_RECORD_VERSION");
+
+sess->setTLSProperties(tlsProps);
+\end{lstlisting}
+
+Please note that the cipher suite string format and meaning depend on the
+underlying TLS library (either OpenSSL or GNU TLS):
+
+\begin{itemize}
+\item for GNU TLS, read this: \newline
+\url{http://gnutls.org/manual/html\_node/Priority-Strings.html}
+
+\item for OpenSSL, read this: \newline
+\url{http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_STRINGS}
+\end{itemize}
+
+You may also set cipher suite preferences using predefined constants that
+map to generic security modes:
+
+\begin{lstlisting}[caption={Setting TLS cipher suite preferences using predefined modes}]
+sess->setCipherSuite(vmime::net::tls::TLSProperties::CIPHERSUITE_HIGH);
+\end{lstlisting}
+
+The following constants are available:
+
+\noindent\begin{tabularx}{1.0\textwidth}{|l|X|}
+\hline
+	{\bf Constant} &
+	{\bf Meaning} \\
+\hline
+	CIPHERSUITE\_HIGH &
+	High encryption cipher suites ($>$ 128 bits) \\
+\hline
+	CIPHERSUITE\_MEDIUM &
+	Medium encryption cipher suites ($>=$ 128 bits) \\
+\hline
+	CIPHERSUITE\_LOW &
+	Low encryption cipher suites ($>=$ 64 bits) \\
+\hline
+	CIPHERSUITE\_DEFAULT &
+	Default cipher suite (actual cipher suites used depends
+	on the underlying SSL/TLS library) \\
+\hline
+\end{tabularx}
+
diff --git a/src/net/imap/IMAPConnection.cpp b/src/net/imap/IMAPConnection.cpp
index 4002eded..53f8ba9f 100644
--- a/src/net/imap/IMAPConnection.cpp
+++ b/src/net/imap/IMAPConnection.cpp
@@ -112,8 +112,9 @@ void IMAPConnection::connect()
 #if VMIME_HAVE_TLS_SUPPORT
 	if (store->isIMAPS())  // dedicated port/IMAPS
 	{
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(store->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(store->getCertificateVerifier(),
+			 store->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
@@ -474,8 +475,9 @@ void IMAPConnection::startTLS()
 				("STARTTLS", resp->getErrorLog(), "bad response");
 		}
 
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(m_store.acquire()->getCertificateVerifier(),
+			 m_store.acquire()->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
diff --git a/src/net/pop3/POP3Connection.cpp b/src/net/pop3/POP3Connection.cpp
index 948242d7..dd0024e9 100644
--- a/src/net/pop3/POP3Connection.cpp
+++ b/src/net/pop3/POP3Connection.cpp
@@ -106,8 +106,9 @@ void POP3Connection::connect()
 #if VMIME_HAVE_TLS_SUPPORT
 	if (store->isPOP3S())  // dedicated port/POP3S
 	{
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(store->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(store->getCertificateVerifier(),
+			 store->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
@@ -544,8 +545,9 @@ void POP3Connection::startTLS()
 		if (!response->isSuccess())
 			throw exceptions::command_error("STLS", response->getFirstLine());
 
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(m_store.acquire()->getCertificateVerifier(),
+			 m_store.acquire()->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
diff --git a/src/net/session.cpp b/src/net/session.cpp
index 970ef71d..a444d000 100644
--- a/src/net/session.cpp
+++ b/src/net/session.cpp
@@ -39,18 +39,19 @@ namespace net {
 
 
 session::session()
+	: m_tlsProps(vmime::create <tls::TLSProperties>())
 {
 }
 
 
 session::session(const session& sess)
-	: object(), m_props(sess.m_props)
+	: object(), m_props(sess.m_props), m_tlsProps(vmime::create <tls::TLSProperties>(*sess.m_tlsProps))
 {
 }
 
 
 session::session(const propertySet& props)
-	: m_props(props)
+	: m_props(props), m_tlsProps(vmime::create <tls::TLSProperties>())
 {
 }
 
@@ -136,6 +137,18 @@ propertySet& session::getProperties()
 }
 
 
+void session::setTLSProperties(ref <tls::TLSProperties> tlsProps)
+{
+	m_tlsProps = vmime::create <tls::TLSProperties>(*tlsProps);
+}
+
+
+ref <tls::TLSProperties> session::getTLSProperties() const
+{
+	return m_tlsProps;
+}
+
+
 } // net
 } // vmime
 
diff --git a/src/net/smtp/SMTPConnection.cpp b/src/net/smtp/SMTPConnection.cpp
index 88170243..e831ccfc 100644
--- a/src/net/smtp/SMTPConnection.cpp
+++ b/src/net/smtp/SMTPConnection.cpp
@@ -107,8 +107,9 @@ void SMTPConnection::connect()
 #if VMIME_HAVE_TLS_SUPPORT
 	if (transport->isSMTPS())  // dedicated port/SMTPS
 	{
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(transport->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(transport->getCertificateVerifier(),
+			 transport->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
@@ -479,8 +480,9 @@ void SMTPConnection::startTLS()
 				resp->getCode(), resp->getEnhancedCode());
 		}
 
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(getTransport()->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(getTransport()->getCertificateVerifier(),
+			 getTransport()->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
diff --git a/src/net/tls/TLSProperties.cpp b/src/net/tls/TLSProperties.cpp
new file mode 100644
index 00000000..1986db79
--- /dev/null
+++ b/src/net/tls/TLSProperties.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
diff --git a/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
new file mode 100644
index 00000000..2a161dee
--- /dev/null
+++ b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
@@ -0,0 +1,113 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
+
+#include <gnutls/gnutls.h>
+#if GNUTLS_VERSION_NUMBER < 0x030000
+#include <gnutls/extra.h>
+#endif
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+	: m_data(vmime::create <TLSProperties_GnuTLS>())
+{
+	setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+	: object(),
+	  m_data(vmime::create <TLSProperties_GnuTLS>())
+{
+	*m_data.dynamicCast <TLSProperties_GnuTLS>() = *props.m_data.dynamicCast <TLSProperties_GnuTLS>();
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
+{
+	switch (cipherSuite)
+	{
+	case CIPHERSUITE_HIGH:
+
+		setCipherSuite("SECURE256:%SSL3_RECORD_VERSION");
+		break;
+
+	case CIPHERSUITE_MEDIUM:
+
+		setCipherSuite("SECURE128:%SSL3_RECORD_VERSION");
+		break;
+
+	case CIPHERSUITE_LOW:
+
+		setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+		break;
+
+	default:
+	case CIPHERSUITE_DEFAULT:
+
+		setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+		break;
+	}
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite)
+{
+	m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const
+{
+	return m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite;
+}
+
+
+
+TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other)
+{
+	cipherSuite = other.cipherSuite;
+
+	return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
index 97f61d9e..8297e779 100644
--- a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
+++ b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
@@ -49,6 +49,7 @@
 
 #include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
 #include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
 
 #include "vmime/exception.hpp"
 
@@ -133,14 +134,14 @@ static TLSGlobal g_gnutlsGlobal;
 
 
 // static
-ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
+ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
 {
-	return vmime::create <TLSSession_GnuTLS>(cv);
+	return vmime::create <TLSSession_GnuTLS>(cv, props);
 }
 
 
-TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv)
-	: m_certVerifier(cv)
+TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
+	: m_certVerifier(cv), m_props(props)
 {
 	int res;
 
@@ -151,21 +152,16 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
 
 	// Sets some default priority on the ciphers, key exchange methods,
 	// macs and compression methods.
-#if HAVE_GNUTLS_PRIORITY_FUNCS
+#if VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
 	gnutls_dh_set_prime_bits(*m_gnutlsSession, 128);
 
 	if ((res = gnutls_priority_set_direct
-		(*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
+		(*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0)
 	{
-		if ((res = gnutls_priority_set_direct
-			(*m_gnutlsSession, "NORMAL", NULL)) != 0)
-		{
-			throwTLSException
-				("gnutls_priority_set_direct", res);
-		}
+		throwTLSException("gnutls_priority_set_direct", res);
 	}
 
-#else  // !HAVE_GNUTLS_PRIORITY_FUNCS
+#else  // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
 
 	gnutls_set_default_priority(*m_gnutlsSession);
 
@@ -241,7 +237,7 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
 
 	gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
 
-#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
+#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
 
 	// Initialize credentials
 	gnutls_credentials_set(*m_gnutlsSession,
diff --git a/src/net/tls/openssl/TLSProperties_OpenSSL.cpp b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp
new file mode 100644
index 00000000..0efc33c9
--- /dev/null
+++ b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp
@@ -0,0 +1,112 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+	: m_data(vmime::create <TLSProperties_OpenSSL>())
+{
+	setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+	: object(),
+	  m_data(vmime::create <TLSProperties_OpenSSL>())
+{
+	*m_data.dynamicCast <TLSProperties_OpenSSL>() = *props.m_data.dynamicCast <TLSProperties_OpenSSL>();
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
+{
+	switch (cipherSuite)
+	{
+	case CIPHERSUITE_HIGH:
+
+		setCipherSuite("HIGH");
+		break;
+
+	case CIPHERSUITE_MEDIUM:
+
+		setCipherSuite("MEDIUM");
+		break;
+
+	case CIPHERSUITE_LOW:
+
+		setCipherSuite("LOW");
+		break;
+
+	default:
+	case CIPHERSUITE_DEFAULT:
+
+		setCipherSuite("DEFAULT");
+		break;
+	}
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite)
+{
+	m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const
+{
+	return m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite;
+}
+
+
+
+TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other)
+{
+	cipherSuite = other.cipherSuite;
+
+	return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/src/net/tls/openssl/TLSSession_OpenSSL.cpp b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
index fcf82c7b..953e4ebc 100644
--- a/src/net/tls/openssl/TLSSession_OpenSSL.cpp
+++ b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
@@ -28,6 +28,7 @@
 
 
 #include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
 #include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
 
 #include "vmime/exception.hpp"
@@ -45,19 +46,19 @@ static OpenSSLInitializer::autoInitializer openSSLInitializer;
 
 
 // static
-ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
+ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
 {
-	return vmime::create <TLSSession_OpenSSL>(cv);
+	return vmime::create <TLSSession_OpenSSL>(cv, props);
 }
 
 
-TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv)
-	: m_sslctx(0), m_certVerifier(cv)
+TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv, ref <TLSProperties> props)
+	: m_sslctx(0), m_certVerifier(cv), m_props(props)
 {
 	m_sslctx = SSL_CTX_new(SSLv23_client_method());
 	SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
 	SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
-	SSL_CTX_set_cipher_list(m_sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+	SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str());
 	SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF);
 }
 
diff --git a/vmime/net/session.hpp b/vmime/net/session.hpp
index a6c6e775..b92c2ac7 100644
--- a/vmime/net/session.hpp
+++ b/vmime/net/session.hpp
@@ -33,6 +33,8 @@
 
 #include "vmime/security/authenticator.hpp"
 
+#include "vmime/net/tls/TLSProperties.hpp"
+
 #include "vmime/utility/url.hpp"
 
 #include "vmime/propertySet.hpp"
@@ -141,9 +143,23 @@ public:
 	  */
 	propertySet& getProperties();
 
+	/** Set properties for SSL/TLS secured connections in this session.
+	  *
+	  * @param tlsProps SSL/TLS properties
+	  */
+	void setTLSProperties(ref <tls::TLSProperties> tlsProps);
+
+	/** Get properties for SSL/TLS secured connections in this session.
+	  *
+	  * @return SSL/TLS properties
+	  */
+	ref <tls::TLSProperties> getTLSProperties() const;
+
 private:
 
 	propertySet m_props;
+
+	ref <tls::TLSProperties> m_tlsProps;
 };
 
 
diff --git a/vmime/net/tls/TLSProperties.hpp b/vmime/net/tls/TLSProperties.hpp
new file mode 100644
index 00000000..23540eeb
--- /dev/null
+++ b/vmime/net/tls/TLSProperties.hpp
@@ -0,0 +1,105 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/types.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+/** Holds options for a TLS session.
+  */
+class VMIME_EXPORT TLSProperties : public object
+{
+public:
+
+	TLSProperties();
+	TLSProperties(const TLSProperties&);
+
+
+	/** Predefined generic cipher suites (work with all TLS libraries). */
+	enum GenericCipherSuite
+	{
+		CIPHERSUITE_HIGH,           /**< High encryption cipher suites (> 128 bits). */
+		CIPHERSUITE_MEDIUM,         /**< Medium encryption cipher suites (>= 128 bits). */
+		CIPHERSUITE_LOW,            /**< Low encryption cipher suites (>= 64 bits). */
+
+		CIPHERSUITE_DEFAULT         /**< Default cipher suite. */
+	};
+
+	/** Sets the cipher suite preferences for a SSL/TLS session, using
+	  * predefined, generic suites. This works with all underlying TLS
+	  * libraries (OpenSSL and GNU TLS).
+	  *
+	  * @param cipherSuite predefined cipher suite
+	  */
+	void setCipherSuite(const GenericCipherSuite cipherSuite);
+
+	/** Sets the cipher suite preferences for a SSL/TLS session, using
+	  * a character string. The format and meaning of the string depend
+	  * on the underlying TLS library.
+	  *
+	  * For GNU TLS, read this:
+	  * http://gnutls.org/manual/html_node/Priority-Strings.html
+	  *
+	  * For OpenSSL, read this:
+	  * http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+	  *
+	  * @param cipherSuite cipher suite as a string
+	  */
+	void setCipherSuite(const string& cipherSuite);
+
+	/** Returns the cipher suite preferences for a SSL/TLS session, as
+	  * a character string. The format and meaning of the string depend
+	  * on the underlying TLS library (see setCipherSuite() method).
+	  *
+	  * @return cipher suite string
+	  */
+	const string getCipherSuite() const;
+
+private:
+
+	ref <object> m_data;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+#endif // VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
diff --git a/vmime/net/tls/TLSSession.hpp b/vmime/net/tls/TLSSession.hpp
index 5cd14435..faca9d11 100644
--- a/vmime/net/tls/TLSSession.hpp
+++ b/vmime/net/tls/TLSSession.hpp
@@ -34,6 +34,7 @@
 #include "vmime/types.hpp"
 
 #include "vmime/net/tls/TLSSocket.hpp"
+#include "vmime/net/tls/TLSProperties.hpp"
 
 #include "vmime/security/cert/certificateVerifier.hpp"
 
@@ -53,9 +54,10 @@ public:
 	  *
 	  * @param cv object responsible for verifying certificates
 	  * sent by the server
+	  * @param props TLS properties for this session
 	  * @return a new TLS session
 	  */
-	static ref <TLSSession> create(ref <security::cert::certificateVerifier> cv);
+	static ref <TLSSession> create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
 
 	/** Create a new socket that adds a TLS security layer around
 	  * an existing socket. You should create only one socket
diff --git a/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp b/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp
new file mode 100644
index 00000000..2038778a
--- /dev/null
+++ b/vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSProperties_GnuTLS : public object
+{
+public:
+
+	TLSProperties_GnuTLS& operator=(const TLSProperties_GnuTLS& other);
+
+
+	string cipherSuite;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
+
diff --git a/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp b/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp
index 1f70a1c7..45fee070 100644
--- a/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp
+++ b/vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp
@@ -38,6 +38,7 @@
 
 #include "vmime/net/tls/TLSSession.hpp"
 #include "vmime/net/tls/TLSSocket.hpp"
+#include "vmime/net/tls/TLSProperties.hpp"
 
 
 namespace vmime {
@@ -51,7 +52,7 @@ class TLSSession_GnuTLS : public TLSSession
 
 public:
 
-	TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv);
+	TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
 	~TLSSession_GnuTLS();
 
 
@@ -73,6 +74,7 @@ private:
 #endif // LIBGNUTLS_VERSION
 
 	ref <security::cert::certificateVerifier> m_certVerifier;
+	ref <TLSProperties> m_props;
 };
 
 
diff --git a/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp b/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp
new file mode 100644
index 00000000..5d2f075a
--- /dev/null
+++ b/vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp
@@ -0,0 +1,68 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#ifndef VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
+#define VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
+
+
+#ifndef VMIME_BUILDING_DOC
+
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/types.hpp"
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+class TLSProperties_OpenSSL : public object
+{
+public:
+
+	TLSProperties_OpenSSL& operator=(const TLSProperties_OpenSSL& other);
+
+
+	string cipherSuite;
+};
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+#endif // VMIME_BUILDING_DOC
+
+#endif // VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
+
diff --git a/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp b/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp
index 74c49a19..85f018f1 100644
--- a/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp
+++ b/vmime/net/tls/openssl/TLSSession_OpenSSL.hpp
@@ -38,6 +38,7 @@
 
 #include "vmime/net/tls/TLSSession.hpp"
 #include "vmime/net/tls/TLSSocket.hpp"
+#include "vmime/net/tls/TLSProperties.hpp"
 
 
 #include <openssl/ssl.h>
@@ -54,7 +55,7 @@ class TLSSession_OpenSSL : public TLSSession
 
 public:
 
-	TLSSession_OpenSSL(const ref <security::cert::certificateVerifier> cv);
+	TLSSession_OpenSSL(const ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
 	~TLSSession_OpenSSL();
 
 
@@ -90,6 +91,7 @@ private:
 	SSL_CTX* m_sslctx;
 
 	ref <security::cert::certificateVerifier> m_certVerifier;
+	ref <TLSProperties> m_props;
 };