1 files changed, 65 insertions, 0 deletions

diff --git a/alpine/alpine.c b/alpine/alpine.c
index bbccb793..11f3354e 100644
--- a/alpine/alpine.c
+++ b/alpine/alpine.c
@@ -646,6 +646,71 @@ main(int argc, char **argv)
 	  }
     }
 
+    if(ps_global->VAR_ENCRYPTION_RANGE
+	&& ps_global->VAR_ENCRYPTION_RANGE[0]){
+	char *min_s, *max_s, *s;
+	int   min_v, max_v;
+
+	if((s = strchr(ps_global->VAR_ENCRYPTION_RANGE, ',')) == NULL){
+	   snprintf(tmp_20k_buf, SIZEOF_20KBUF,
+	     _("Bad encryption range: \"%s\": resetting to default"),
+	      ps_global->VAR_ENCRYPTION_RANGE);
+	   tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
+	   init_error(ps_global, SM_ORDER | SM_DING, 3, 5, tmp_20k_buf);
+	   fs_give((void **) &ps_global->VAR_ENCRYPTION_RANGE);
+	   ps_global->VAR_ENCRYPTION_RANGE = cpystr(DF_ENCRYPTION_RANGE);
+	   s = strchr(ps_global->VAR_ENCRYPTION_RANGE, ','); /* try again */
+	}
+
+	if(s == NULL){
+	   snprintf(tmp_20k_buf, SIZEOF_20KBUF,
+	     _("Bad default encryption range: \"%s\""), 
+		ps_global->VAR_ENCRYPTION_RANGE);
+	   tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
+	   init_error(ps_global, SM_ORDER | SM_DING, 3, 5, tmp_20k_buf);
+	}
+	else {
+	   *s = ' ';
+	   get_pair(ps_global->VAR_ENCRYPTION_RANGE, &min_s, &max_s, 1, 0);
+	   *s = ',';
+
+	   min_v = pith_ssl_encryption_version(min_s);
+	   max_v = pith_ssl_encryption_version(max_s);
+
+	   if(min_v < 0 || max_v < 0){
+	      snprintf(tmp_20k_buf, SIZEOF_20KBUF,
+		_("Bad encryption range: \"%s\": resetting to default"),
+	           ps_global->VAR_ENCRYPTION_RANGE);
+	      tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
+	      init_error(ps_global, SM_ORDER | SM_DING, 3, 5, tmp_20k_buf);
+	      min_v = max_v = 0;
+	   }
+
+	   if(min_v > max_v){
+	      int bubble;
+	      snprintf(tmp_20k_buf, SIZEOF_20KBUF,
+		_("Minimum encryption protocol (%s) bigger than maximum value (%s). Reversing..."),
+		   min_s, max_s);
+	      tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
+	      init_error(ps_global, SM_ORDER | SM_DING, 3, 5, tmp_20k_buf);
+	      bubble = min_v;
+	      min_v = max_v;
+	      max_v = bubble;
+	   }
+
+	   if(max_v > 0 && max_v < (long) pith_ssl_encryption_version("tls1")){
+	      snprintf(tmp_20k_buf, SIZEOF_20KBUF,
+		_("Security alert: SSL maximum encryption version was set to SSLv3."),
+	           ps_global->VAR_ENCRYPTION_RANGE);
+	      tmp_20k_buf[SIZEOF_20KBUF-1] = '\0';
+	      init_error(ps_global, SM_ORDER | SM_DING, 3, 5, tmp_20k_buf);
+	   } 
+
+	   mail_parameters(NULL, SET_ENCRYPTION_RANGE_MIN, (void *) &min_v);
+           mail_parameters(NULL, SET_ENCRYPTION_RANGE_MAX, (void *) &max_v);
+	}
+    }
+
     /*
      * setup alternative authentication driver preference for IMAP opens
      */