drew/smtprelay
1
0
Fork 1
mirror of https://github.com/decke/smtprelay.git synced 2026-05-10 01:14:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add configurable TLS profiles for listeners

Browse Source 
Add a tls_profile option that controls the minimum TLS version and
allowed cipher suites for STARTTLS/TLS listeners. Profiles align with
the Mozilla SSL Configuration Generator guidelines.

Profiles:
  default      - Go standard library defaults (no explicit constraints)
  modern       - TLS 1.3+ only (Mozilla modern)
  intermediate - TLS 1.2+ with AEAD + ECDHE suites only (Mozilla intermediate)
  legacy       - TLS 1.0+ with all Go cipher suites including insecure ones
This commit is contained in:
StrongWind
2026-05-08 13:04:09 -04:00
committed by Bernhard Fröhlich
parent d634a89b14
commit 8dcd6c8067
3 changed files with 81 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config.go
View File

@@ -31,6 +31,7 @@ var (
listenStr = flagset.String("listen", "127.0.0.1:25 [::1]:25", "Address and port to listen for incoming SMTP")
localCert = flagset.String("local_cert", "", "SSL certificate for STARTTLS/TLS")
localKey = flagset.String("local_key", "", "SSL private key for STARTTLS/TLS")
tlsProfile = flagset.String("tls_profile", "default", "TLS profile: modern | intermediate | default | legacy")
localForceTLS = flagset.Bool("local_forcetls", false, "Force STARTTLS (needs local_cert and local_key)")
readTimeoutStr = flagset.String("read_timeout", "60s", "Socket timeout for read operations")
writeTimeoutStr = flagset.String("write_timeout", "60s", "Socket timeout for write operations")