9 files changed, 318 insertions, 33 deletions
diff --git a/src/net/imap/IMAPConnection.cpp b/src/net/imap/IMAPConnection.cpp
index 4002eded..53f8ba9f 100644
--- a/src/net/imap/IMAPConnection.cpp
+++ b/src/net/imap/IMAPConnection.cpp
@@ -112,8 +112,9 @@ void IMAPConnection::connect()
 #if VMIME_HAVE_TLS_SUPPORT
 	if (store->isIMAPS())  // dedicated port/IMAPS
 	{
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(store->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(store->getCertificateVerifier(),
+			 store->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
@@ -474,8 +475,9 @@ void IMAPConnection::startTLS()
 				("STARTTLS", resp->getErrorLog(), "bad response");
 		}
 
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(m_store.acquire()->getCertificateVerifier(),
+			 m_store.acquire()->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
diff --git a/src/net/pop3/POP3Connection.cpp b/src/net/pop3/POP3Connection.cpp
index 948242d7..dd0024e9 100644
--- a/src/net/pop3/POP3Connection.cpp
+++ b/src/net/pop3/POP3Connection.cpp
@@ -106,8 +106,9 @@ void POP3Connection::connect()
 #if VMIME_HAVE_TLS_SUPPORT
 	if (store->isPOP3S())  // dedicated port/POP3S
 	{
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(store->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(store->getCertificateVerifier(),
+			 store->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
@@ -544,8 +545,9 @@ void POP3Connection::startTLS()
 		if (!response->isSuccess())
 			throw exceptions::command_error("STLS", response->getFirstLine());
 
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(m_store.acquire()->getCertificateVerifier(),
+			 m_store.acquire()->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
diff --git a/src/net/session.cpp b/src/net/session.cpp
index 970ef71d..a444d000 100644
--- a/src/net/session.cpp
+++ b/src/net/session.cpp
@@ -39,18 +39,19 @@ namespace net {
 
 
 session::session()
+	: m_tlsProps(vmime::create <tls::TLSProperties>())
 {
 }
 
 
 session::session(const session& sess)
-	: object(), m_props(sess.m_props)
+	: object(), m_props(sess.m_props), m_tlsProps(vmime::create <tls::TLSProperties>(*sess.m_tlsProps))
 {
 }
 
 
 session::session(const propertySet& props)
-	: m_props(props)
+	: m_props(props), m_tlsProps(vmime::create <tls::TLSProperties>())
 {
 }
 
@@ -136,6 +137,18 @@ propertySet& session::getProperties()
 }
 
 
+void session::setTLSProperties(ref <tls::TLSProperties> tlsProps)
+{
+	m_tlsProps = vmime::create <tls::TLSProperties>(*tlsProps);
+}
+
+
+ref <tls::TLSProperties> session::getTLSProperties() const
+{
+	return m_tlsProps;
+}
+
+
 } // net
 } // vmime
 
diff --git a/src/net/smtp/SMTPConnection.cpp b/src/net/smtp/SMTPConnection.cpp
index 88170243..e831ccfc 100644
--- a/src/net/smtp/SMTPConnection.cpp
+++ b/src/net/smtp/SMTPConnection.cpp
@@ -107,8 +107,9 @@ void SMTPConnection::connect()
 #if VMIME_HAVE_TLS_SUPPORT
 	if (transport->isSMTPS())  // dedicated port/SMTPS
 	{
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(transport->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(transport->getCertificateVerifier(),
+			 transport->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
@@ -479,8 +480,9 @@ void SMTPConnection::startTLS()
 				resp->getCode(), resp->getEnhancedCode());
 		}
 
-		ref <tls::TLSSession> tlsSession =
-			tls::TLSSession::create(getTransport()->getCertificateVerifier());
+		ref <tls::TLSSession> tlsSession = tls::TLSSession::create
+			(getTransport()->getCertificateVerifier(),
+			 getTransport()->getSession()->getTLSProperties());
 
 		ref <tls::TLSSocket> tlsSocket =
 			tlsSession->getSocket(m_socket);
diff --git a/src/net/tls/TLSProperties.cpp b/src/net/tls/TLSProperties.cpp
new file mode 100644
index 00000000..1986db79
--- /dev/null
+++ b/src/net/tls/TLSProperties.cpp
@@ -0,0 +1,44 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
+
+#include "vmime/net/tls/TLSProperties.hpp"
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
+
diff --git a/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
new file mode 100644
index 00000000..2a161dee
--- /dev/null
+++ b/src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
@@ -0,0 +1,113 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
+
+#include <gnutls/gnutls.h>
+#if GNUTLS_VERSION_NUMBER < 0x030000
+#include <gnutls/extra.h>
+#endif
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+	: m_data(vmime::create <TLSProperties_GnuTLS>())
+{
+	setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+	: object(),
+	  m_data(vmime::create <TLSProperties_GnuTLS>())
+{
+	*m_data.dynamicCast <TLSProperties_GnuTLS>() = *props.m_data.dynamicCast <TLSProperties_GnuTLS>();
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
+{
+	switch (cipherSuite)
+	{
+	case CIPHERSUITE_HIGH:
+
+		setCipherSuite("SECURE256:%SSL3_RECORD_VERSION");
+		break;
+
+	case CIPHERSUITE_MEDIUM:
+
+		setCipherSuite("SECURE128:%SSL3_RECORD_VERSION");
+		break;
+
+	case CIPHERSUITE_LOW:
+
+		setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+		break;
+
+	default:
+	case CIPHERSUITE_DEFAULT:
+
+		setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
+		break;
+	}
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite)
+{
+	m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const
+{
+	return m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite;
+}
+
+
+
+TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other)
+{
+	cipherSuite = other.cipherSuite;
+
+	return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
diff --git a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
index 97f61d9e..8297e779 100644
--- a/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
+++ b/src/net/tls/gnutls/TLSSession_GnuTLS.cpp
@@ -49,6 +49,7 @@
 
 #include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
 #include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
+#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
 
 #include "vmime/exception.hpp"
 
@@ -133,14 +134,14 @@ static TLSGlobal g_gnutlsGlobal;
 
 
 // static
-ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
+ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
 {
-	return vmime::create <TLSSession_GnuTLS>(cv);
+	return vmime::create <TLSSession_GnuTLS>(cv, props);
 }
 
 
-TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv)
-	: m_certVerifier(cv)
+TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
+	: m_certVerifier(cv), m_props(props)
 {
 	int res;
 
@@ -151,21 +152,16 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
 
 	// Sets some default priority on the ciphers, key exchange methods,
 	// macs and compression methods.
-#if HAVE_GNUTLS_PRIORITY_FUNCS
+#if VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
 	gnutls_dh_set_prime_bits(*m_gnutlsSession, 128);
 
 	if ((res = gnutls_priority_set_direct
-		(*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
+		(*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0)
 	{
-		if ((res = gnutls_priority_set_direct
-			(*m_gnutlsSession, "NORMAL", NULL)) != 0)
-		{
-			throwTLSException
-				("gnutls_priority_set_direct", res);
-		}
+		throwTLSException("gnutls_priority_set_direct", res);
 	}
 
-#else  // !HAVE_GNUTLS_PRIORITY_FUNCS
+#else  // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
 
 	gnutls_set_default_priority(*m_gnutlsSession);
 
@@ -241,7 +237,7 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
 
 	gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
 
-#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
+#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
 
 	// Initialize credentials
 	gnutls_credentials_set(*m_gnutlsSession,
diff --git a/src/net/tls/openssl/TLSProperties_OpenSSL.cpp b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp
new file mode 100644
index 00000000..0efc33c9
--- /dev/null
+++ b/src/net/tls/openssl/TLSProperties_OpenSSL.cpp
@@ -0,0 +1,112 @@
+//
+// VMime library (http://www.vmime.org)
+// Copyright (C) 2002-2013 Vincent Richard <[email protected]>
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License as
+// published by the Free Software Foundation; either version 3 of
+// the License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Linking this library statically or dynamically with other modules is making
+// a combined work based on this library.  Thus, the terms and conditions of
+// the GNU General Public License cover the whole combination.
+//
+
+#include "vmime/config.hpp"
+
+
+#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
+
+#include "vmime/base.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+namespace vmime {
+namespace net {
+namespace tls {
+
+
+TLSProperties::TLSProperties()
+	: m_data(vmime::create <TLSProperties_OpenSSL>())
+{
+	setCipherSuite(CIPHERSUITE_DEFAULT);
+}
+
+
+TLSProperties::TLSProperties(const TLSProperties& props)
+	: object(),
+	  m_data(vmime::create <TLSProperties_OpenSSL>())
+{
+	*m_data.dynamicCast <TLSProperties_OpenSSL>() = *props.m_data.dynamicCast <TLSProperties_OpenSSL>();
+}
+
+
+void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
+{
+	switch (cipherSuite)
+	{
+	case CIPHERSUITE_HIGH:
+
+		setCipherSuite("HIGH");
+		break;
+
+	case CIPHERSUITE_MEDIUM:
+
+		setCipherSuite("MEDIUM");
+		break;
+
+	case CIPHERSUITE_LOW:
+
+		setCipherSuite("LOW");
+		break;
+
+	default:
+	case CIPHERSUITE_DEFAULT:
+
+		setCipherSuite("DEFAULT");
+		break;
+	}
+}
+
+
+void TLSProperties::setCipherSuite(const string& cipherSuite)
+{
+	m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite = cipherSuite;
+}
+
+
+const string TLSProperties::getCipherSuite() const
+{
+	return m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite;
+}
+
+
+
+TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other)
+{
+	cipherSuite = other.cipherSuite;
+
+	return *this;
+}
+
+
+} // tls
+} // net
+} // vmime
+
+
+#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
+
diff --git a/src/net/tls/openssl/TLSSession_OpenSSL.cpp b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
index fcf82c7b..953e4ebc 100644
--- a/src/net/tls/openssl/TLSSession_OpenSSL.cpp
+++ b/src/net/tls/openssl/TLSSession_OpenSSL.cpp
@@ -28,6 +28,7 @@
 
 
 #include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
+#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
 #include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
 
 #include "vmime/exception.hpp"
@@ -45,19 +46,19 @@ static OpenSSLInitializer::autoInitializer openSSLInitializer;
 
 
 // static
-ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
+ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
 {
-	return vmime::create <TLSSession_OpenSSL>(cv);
+	return vmime::create <TLSSession_OpenSSL>(cv, props);
 }
 
 
-TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv)
-	: m_sslctx(0), m_certVerifier(cv)
+TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv, ref <TLSProperties> props)
+	: m_sslctx(0), m_certVerifier(cv), m_props(props)
 {
 	m_sslctx = SSL_CTX_new(SSLv23_client_method());
 	SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
 	SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
-	SSL_CTX_set_cipher_list(m_sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
+	SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str());
 	SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF);
 }