* Add the /tls1_3 modifier to establish connections use the TLS protocol

     version 1.3.

2 files changed, 27 insertions, 9 deletions

diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c
index 43db47aa..8ac8ba63 100644
--- a/imap/src/c-client/mail.c
+++ b/imap/src/c-client/mail.c
@@ -827,19 +827,29 @@ long mail_valid_net_parse_work (char *name,NETMBX *mb,char *service)
 	else if (mailssldriver && !compare_cstring (s,"ssl") && !mb->tlsflag)
 	  mb->sslflag = mb->notlsflag = T;
 	else if (!compare_cstring(s, "tls1") 
-			&& !mb->tls1_1 && !mb->tls1_2 && !mb->dtls1)
+			&& !mb->tls1_1 && !mb->tls1_2 && !mb->tls1_3
+			&& !mb->dtls1 && !mb->dtls1_2)
 	  mb->sslflag = mb->notlsflag = mb->tls1 = T;
-#ifdef TLSV1_2
 	else if (!compare_cstring(s, "tls1_1") 
-			&& !mb->tls1 && !mb->tls1_2 && !mb->dtls1)
+			&& !mb->tls1 && !mb->tls1_2 && !mb->tls1_3
+			&& !mb->dtls1 && !mb->dtls1_2)
 	  mb->sslflag = mb->notlsflag = mb->tls1_1 = T;
 	else if (!compare_cstring(s, "tls1_2") 
-			&& !mb->tls1 && !mb->tls1_1 && !mb->dtls1)
+			&& !mb->tls1 && !mb->tls1_1 && !mb->tls1_3
+			&& !mb->dtls1 && !mb->dtls1_2)
 	  mb->sslflag = mb->notlsflag = mb->tls1_2 = T;
-#endif
+	else if (!compare_cstring(s, "tls1_3") 
+			&& !mb->tls1 && !mb->tls1_1 && !mb->tls1_2
+			&& !mb->dtls1 && !mb->dtls1_2)
+	  mb->sslflag = mb->notlsflag = mb->tls1_3 = T;
 	else if (!compare_cstring(s, "dtls1")
-			&& !mb->tls1 && !mb->tls1_1 && !mb->tls1_2)
+			&& !mb->tls1 && !mb->tls1_1 && !mb->tls1_2
+			&& !mb->tls1_3 && !mb->dtls1_2)
 	  mb->sslflag = mb->notlsflag = mb->dtls1 = T;
+	else if (!compare_cstring(s, "dtls1_2")
+			&& !mb->tls1 && !mb->tls1_1 && !mb->tls1_2
+			&& !mb->tls1_3 && !mb->dtls1)
+	  mb->sslflag = mb->notlsflag = mb->dtls1_2 = T;
 	else if (mailssldriver && !compare_cstring (s,"novalidate-cert"))
 	  mb->novalidate = T;
 				/* hack for compatibility with the past */
@@ -6220,7 +6230,9 @@ NETSTREAM *net_open (NETMBX *mb,NETDRIVER *dv,unsigned long port,
   flags |= mb->tls1 || mb->tlsflag ? NET_TRYTLS1   : 0;
   flags |= mb->tls1_1 ? NET_TRYTLS1_1 : 0;
   flags |= mb->tls1_2 ? NET_TRYTLS1_2 : 0;
+  flags |= mb->tls1_3 ? NET_TRYTLS1_3 : 0;
   flags |= mb->dtls1  ? NET_TRYDTLS1  : 0;
+  flags |= mb->dtls1_2  ? NET_TRYDTLS1_2  : 0;
   if (strlen (mb->host) >= NETMAXHOST) {
     sprintf (tmp,"Invalid host name: %.80s",mb->host);
     MM_LOG (tmp,ERROR);
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h
index fc3f3862..e5755e54 100644
--- a/imap/src/c-client/mail.h
+++ b/imap/src/c-client/mail.h
@@ -442,13 +442,17 @@
 				/* try SSL mode */
 #define NET_TRYSSL ((unsigned long) 0x8000000)
 				/* try TLS1 mode */
-#define NET_TRYTLS1   ((unsigned long) 0x1000000)
+#define NET_TRYTLS1   ((unsigned long) 0x4000000)
 				/* try TLS1_1 mode */
 #define NET_TRYTLS1_1 ((unsigned long) 0x2000000)
 				/* try TLS1_2 mode */
-#define NET_TRYTLS1_2 ((unsigned long) 0x4000000)
+#define NET_TRYTLS1_2 ((unsigned long) 0x1000000)
+				/* try TLS1_3 mode */
+#define NET_TRYTLS1_3 ((unsigned long) 0x800000)
 				/* try DTLS1 mode */
-#define NET_TRYDTLS1   ((unsigned long) 0x8000000)
+#define NET_TRYDTLS1   ((unsigned long) 0x400000)
+				/* try DTLS1_2 mode */
+#define NET_TRYDTLS1_2   ((unsigned long) 0x200000)
 
 /* Close options */
 
@@ -691,7 +695,9 @@ typedef struct net_mailbox {
   unsigned int tls1    : 1;	/* Use TLSv1 */
   unsigned int tls1_1  : 1;	/* Use TLSv1.1 */
   unsigned int tls1_2  : 1;	/* Use TLSV1.2 */
+  unsigned int tls1_3  : 1;	/* Use TLSV1.3 */
   unsigned int dtls1   : 1;	/* Use DTLSv1 */
+  unsigned int dtls1_2 : 1;	/* Use DTLSv1.2 */
   unsigned int trysslflag : 1;	/* try SSL driver first flag */
   unsigned int novalidate : 1;	/* don't validate certificates */
   unsigned int tlsflag : 1;	/* TLS flag */