[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions

[Brad Smith]

On 9/13/2017 4:51 PM, Apollon Oikonomopoulos wrote:
> Hi,
>
> I came up with the following patch while trying to figure out a good solution
> for the situation described in Debian bug #871987[1]. In short, OpenSSL in
> Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
> unless an application requests otherwise, only TLSv1.2 is supported. In the
> world of e-mail this is seemingly an issue, as there are still way too many old
> clients out there supporting only TLSv1 or TLSv1.1.
>
> Now, traditionally OpenSSL 0.9.8/1.0 used SSL_CTX_set_options() to allow
> *disabling* specific protocols, without offering a way to enable previously
> disabled protocols. OpenSSL 1.1 introduced a dedicated API[2] to set allowed
> protocol versions, taking a linear version approach: the application may
> request a minimum and a maximum allowed version (inclusive), allowing all
> versions inbetween as well.
>
> Dovecot's existing ssl_protocols option is probably not ideal to use with this
> new "linear" model. Instead, I introduced two new options,
> ssl_min_proto_version and ssl_max_proto_version, that map directly to OpenSSL
> 1.1 concepts.
>
> I have tested the patch with both OpenSSL 1.0 and OpenSSL 1.1. With OpenSSL 1.1
> it works as expected; with OpenSSL 1.0 it doesn't seem to break anything. Other
> than that, this is a first version; I'm sure there are still things to improve,
> so comments are welcome :)

Just FYI LibreSSL 2.6.0 and newer has picked up this API.