Merge pull request #188 from amousset/disable-tls-10-default
feat(transport): Disallow TLS 1.0 by default
This commit is contained in:
Alexis Mousset
GitHub
@@ -1,6 +1,6 @@
|
||||
//! A trait to represent a stream
|
||||
|
||||
use native_tls::{TlsConnector, TlsStream};
|
||||
use native_tls::{TlsConnector, TlsStream, Protocol};
|
||||
use smtp::client::mock::MockStream;
|
||||
use std::io::{self, ErrorKind, Read, Write};
|
||||
use std::net::{Ipv4Addr, Shutdown, SocketAddr, SocketAddrV4, TcpStream};
|
||||
@@ -25,6 +25,10 @@ impl ClientTlsParameters {
|
||||
}
|
||||
}
|
||||
|
||||
/// Accepted protocols by default.
|
||||
/// This removes TLS 1.0 compared to tls-native defaults.
|
||||
pub const DEFAULT_TLS_PROTOCOLS : &'static [Protocol] = &[Protocol::Tlsv11, Protocol::Tlsv12];
|
||||
|
||||
#[derive(Debug)]
|
||||
/// Represents the different types of underlying network streams
|
||||
pub enum NetworkStream {
|
||||
|
||||
@@ -8,6 +8,7 @@ use std::fmt;
|
||||
use std::fmt::{Display, Formatter};
|
||||
use std::io;
|
||||
use std::string::FromUtf8Error;
|
||||
use native_tls;
|
||||
|
||||
/// An enum of all error kinds.
|
||||
#[derive(Debug)]
|
||||
@@ -32,6 +33,8 @@ pub enum Error {
|
||||
Resolution,
|
||||
/// IO error
|
||||
Io(io::Error),
|
||||
/// TLS error
|
||||
Tls(native_tls::Error),
|
||||
}
|
||||
|
||||
impl Display for Error {
|
||||
@@ -64,6 +67,7 @@ impl StdError for Error {
|
||||
Resolution => "could not resolve hostname",
|
||||
Client(err) => err,
|
||||
Io(ref err) => err.description(),
|
||||
Tls(ref err) => err.description(),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -72,6 +76,7 @@ impl StdError for Error {
|
||||
ChallengeParsing(ref err) => Some(&*err as &StdError),
|
||||
Utf8Parsing(ref err) => Some(&*err as &StdError),
|
||||
Io(ref err) => Some(&*err as &StdError),
|
||||
Tls(ref err) => Some(&*err as &StdError),
|
||||
_ => None,
|
||||
}
|
||||
}
|
||||
@@ -83,6 +88,12 @@ impl From<io::Error> for Error {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<native_tls::Error> for Error {
|
||||
fn from(err: native_tls::Error) -> Error {
|
||||
Tls(err)
|
||||
}
|
||||
}
|
||||
|
||||
impl From<Response> for Error {
|
||||
fn from(response: Response) -> Error {
|
||||
match response.code.severity {
|
||||
|
||||
@@ -113,6 +113,7 @@ use smtp::client::Client;
|
||||
use smtp::client::net::ClientTlsParameters;
|
||||
use smtp::commands::*;
|
||||
use smtp::error::{Error, SmtpResult};
|
||||
use smtp::client::net::DEFAULT_TLS_PROTOCOLS;
|
||||
use smtp::extension::{ClientId, Extension, MailBodyParameter, MailParameter, ServerInfo};
|
||||
use std::io::Read;
|
||||
use std::net::{SocketAddr, ToSocketAddrs};
|
||||
@@ -322,9 +323,13 @@ impl<'a> SmtpTransport {
|
||||
/// Creates an encrypted transport over submission port, using the provided domain
|
||||
/// to validate TLS certificates.
|
||||
pub fn simple_builder(domain: String) -> Result<SmtpTransportBuilder, Error> {
|
||||
|
||||
let mut tls_builder = TlsConnector::builder()?;
|
||||
tls_builder.supported_protocols(DEFAULT_TLS_PROTOCOLS)?;
|
||||
|
||||
let tls_parameters = ClientTlsParameters::new(
|
||||
domain.clone(),
|
||||
TlsConnector::builder().unwrap().build().unwrap(),
|
||||
tls_builder.build().unwrap(),
|
||||
);
|
||||
|
||||
SmtpTransportBuilder::new(
|
||||
|
||||
Reference in New Issue
Block a user