summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/OS/Makefile-Base3
-rwxr-xr-xsrc/scripts/MakeLinks3
-rw-r--r--src/src/expand.c2
-rw-r--r--src/src/globals.c12
-rw-r--r--src/src/globals.h2
-rw-r--r--src/src/tls-cipher-stdname.c393
-rw-r--r--src/src/tls-gnu.c56
-rw-r--r--src/src/tls-openssl.c57
8 files changed, 487 insertions, 41 deletions
diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index 79bec063b..b99cb9ffc 100644
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -816,7 +816,8 @@ store.o: $(HDRS) store.c
string.o: $(HDRS) string.c
tls.o: $(HDRS) tls.c \
tls-gnu.c tlscert-gnu.c \
- tls-openssl.c tlscert-openssl.c
+ tls-openssl.c tlscert-openssl.c \
+ tls-cipher-stdname.c
tod.o: $(HDRS) tod.c
transport.o: $(HDRS) transport.c
tree.o: $(HDRS) tree.c
diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks
index b71736797..8d8345c06 100755
--- a/src/scripts/MakeLinks
+++ b/src/scripts/MakeLinks
@@ -106,7 +106,8 @@ for f in blob.h dbfunctions.h dbstuff.h exim.h functions.h globals.h \
rda.c readconf.c receive.c retry.c rewrite.c rfc2047.c route.c search.c \
setenv.c environment.c \
sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \
- string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-gnu.c tls-openssl.c \
+ string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-cipher-stdname.c \
+ tls-gnu.c tls-openssl.c \
tod.c transport.c tree.c verify.c version.c \
dkim.c dkim.h dkim_transport.c dmarc.c dmarc.h \
valgrind.h memcheck.h \
diff --git a/src/src/expand.c b/src/src/expand.c
index dc0912d03..e3615cdb0 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -749,6 +749,7 @@ static var_entry var_table[] = {
{ "tls_in_bits", vtype_int, &tls_in.bits },
{ "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
{ "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
+ { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
{ "tls_in_ocsp", vtype_int, &tls_in.ocsp },
{ "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
{ "tls_in_peercert", vtype_cert, &tls_in.peercert },
@@ -759,6 +760,7 @@ static var_entry var_table[] = {
{ "tls_out_bits", vtype_int, &tls_out.bits },
{ "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
{ "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
+ { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
#ifdef SUPPORT_DANE
{ "tls_out_dane", vtype_bool, &tls_out.dane_verified },
#endif
diff --git a/src/src/globals.c b/src/src/globals.c
index b3362a34c..df71025a3 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1246,13 +1246,13 @@ date will be automatically added on the end. */
uschar *received_header_text = US
"Received: "
"${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
- "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
- "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
+ "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
+ "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
"by $primary_hostname "
- "${if def:received_protocol {with $received_protocol}} "
- #ifdef SUPPORT_TLS
- "${if def:tls_cipher {($tls_cipher)\n\t}}"
- #endif
+ "${if def:received_protocol {with $received_protocol }}"
+#ifdef SUPPORT_TLS
+ "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
+#endif
"(Exim $version_number)\n\t"
"${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
"id $message_exim_id"
diff --git a/src/src/globals.h b/src/src/globals.h
index f71f104e2..12cc1af56 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -88,6 +88,8 @@ typedef struct {
int tlsa_usage; /* TLSA record(s) usage */
#endif
uschar *cipher; /* Cipher used */
+ const uschar *cipher_stdname; /* Cipher used, RFC version */
+
BOOL on_connect; /* For older MTAs that don't STARTTLS */
uschar *on_connect_ports; /* Ports always tls-on-connect */
void *ourcert; /* Certificate we presented, binary */
diff --git a/src/src/tls-cipher-stdname.c b/src/src/tls-cipher-stdname.c
new file mode 100644
index 000000000..ab973af51
--- /dev/null
+++ b/src/src/tls-cipher-stdname.c
@@ -0,0 +1,393 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) Jeremy Harris 2019 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Translate an IETF TLS ciphersuite code to an IETF ciphersuite name,
+for use when the TLS library do not provide such names.
+This file is #included by the tls-<library>.c file.
+
+Values for these tables pulled on 2019/02/03 from
+https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */
+
+
+
+static const uschar * ctb_00[] = {
+[0x00] = US "TLS_NULL_WITH_NULL_NULL",
+[0x01] = US "TLS_RSA_WITH_NULL_MD5",
+[0x02] = US "TLS_RSA_WITH_NULL_SHA",
+[0x03] = US "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
+[0x04] = US "TLS_RSA_WITH_RC4_128_MD5",
+[0x05] = US "TLS_RSA_WITH_RC4_128_SHA",
+[0x06] = US "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+[0x07] = US "TLS_RSA_WITH_IDEA_CBC_SHA",
+[0x08] = US "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x09] = US "TLS_RSA_WITH_DES_CBC_SHA",
+[0x0A] = US "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x0B] = US "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+[0x0C] = US "TLS_DH_DSS_WITH_DES_CBC_SHA",
+[0x0D] = US "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x0E] = US "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x0F] = US "TLS_DH_RSA_WITH_DES_CBC_SHA",
+[0x10] = US "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x11] = US "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+[0x12] = US "TLS_DHE_DSS_WITH_DES_CBC_SHA",
+[0x13] = US "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x14] = US "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x15] = US "TLS_DHE_RSA_WITH_DES_CBC_SHA",
+[0x16] = US "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x17] = US "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
+[0x18] = US "TLS_DH_anon_WITH_RC4_128_MD5",
+[0x19] = US "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+[0x1A] = US "TLS_DH_anon_WITH_DES_CBC_SHA",
+[0x1B] = US "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+
+[0x1E] = US "TLS_KRB5_WITH_DES_CBC_SHA",
+[0x1F] = US "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+[0x20] = US "TLS_KRB5_WITH_RC4_128_SHA",
+[0x21] = US "TLS_KRB5_WITH_IDEA_CBC_SHA",
+[0x22] = US "TLS_KRB5_WITH_DES_CBC_MD5",
+[0x23] = US "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+[0x24] = US "TLS_KRB5_WITH_RC4_128_MD5",
+[0x25] = US "TLS_KRB5_WITH_IDEA_CBC_MD5",
+[0x26] = US "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+[0x27] = US "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
+[0x28] = US "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+[0x29] = US "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+[0x2A] = US "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+[0x2B] = US "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+[0x2C] = US "TLS_PSK_WITH_NULL_SHA",
+[0x2D] = US "TLS_DHE_PSK_WITH_NULL_SHA",
+[0x2E] = US "TLS_RSA_PSK_WITH_NULL_SHA",
+[0x2F] = US "TLS_RSA_WITH_AES_128_CBC_SHA",
+[0x30] = US "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+[0x31] = US "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+[0x32] = US "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+[0x33] = US "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+[0x34] = US "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+[0x35] = US "TLS_RSA_WITH_AES_256_CBC_SHA",
+[0x36] = US "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+[0x37] = US "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+[0x38] = US "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+[0x39] = US "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+[0x3A] = US "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+[0x3B] = US "TLS_RSA_WITH_NULL_SHA256",
+[0x3C] = US "TLS_RSA_WITH_AES_128_CBC_SHA256",
+[0x3D] = US "TLS_RSA_WITH_AES_256_CBC_SHA256",
+[0x3E] = US "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+[0x3F] = US "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+[0x40] = US "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+[0x41] = US "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x42] = US "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
+[0x43] = US "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x44] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+[0x45] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x46] = US "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
+
+[0x67] = US "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+[0x68] = US "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+[0x69] = US "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+[0x6A] = US "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+[0x6B] = US "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+[0x6C] = US "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+[0x6D] = US "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+
+[0x84] = US "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x85] = US "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
+[0x86] = US "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x87] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+[0x88] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x89] = US "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
+[0x8A] = US "TLS_PSK_WITH_RC4_128_SHA",
+[0x8B] = US "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x8C] = US "TLS_PSK_WITH_AES_128_CBC_SHA",
+[0x8D] = US "TLS_PSK_WITH_AES_256_CBC_SHA",
+[0x8E] = US "TLS_DHE_PSK_WITH_RC4_128_SHA",
+[0x8F] = US "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x90] = US "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
+[0x91] = US "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
+[0x92] = US "TLS_RSA_PSK_WITH_RC4_128_SHA",
+[0x93] = US "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x94] = US "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
+[0x95] = US "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
+[0x96] = US "TLS_RSA_WITH_SEED_CBC_SHA",
+[0x97] = US "TLS_DH_DSS_WITH_SEED_CBC_SHA",
+[0x98] = US "TLS_DH_RSA_WITH_SEED_CBC_SHA",
+[0x99] = US "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+[0x9A] = US "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+[0x9B] = US "TLS_DH_anon_WITH_SEED_CBC_SHA",
+[0x9C] = US "TLS_RSA_WITH_AES_128_GCM_SHA256",
+[0x9D] = US "TLS_RSA_WITH_AES_256_GCM_SHA384",
+[0x9E] = US "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+[0x9F] = US "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+[0xA0] = US "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+[0xA1] = US "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+[0xA2] = US "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+[0xA3] = US "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+[0xA4] = US "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+[0xA5] = US "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+[0xA6] = US "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+[0xA7] = US "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+[0xA8] = US "TLS_PSK_WITH_AES_128_GCM_SHA256",
+[0xA9] = US "TLS_PSK_WITH_AES_256_GCM_SHA384",
+[0xAA] = US "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
+[0xAB] = US "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
+[0xAC] = US "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
+[0xAD] = US "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
+[0xAE] = US "TLS_PSK_WITH_AES_128_CBC_SHA256",
+[0xAF] = US "TLS_PSK_WITH_AES_256_CBC_SHA384",
+[0xB0] = US "TLS_PSK_WITH_NULL_SHA256",
+[0xB1] = US "TLS_PSK_WITH_NULL_SHA384",
+[0xB2] = US "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
+[0xB3] = US "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
+[0xB4] = US "TLS_DHE_PSK_WITH_NULL_SHA256",
+[0xB5] = US "TLS_DHE_PSK_WITH_NULL_SHA384",
+[0xB6] = US "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
+[0xB7] = US "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
+[0xB8] = US "TLS_RSA_PSK_WITH_NULL_SHA256",
+[0xB9] = US "TLS_RSA_PSK_WITH_NULL_SHA384",
+[0xBA] = US "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBB] = US "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBC] = US "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBD] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBE] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBF] = US "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
+[0xC0] = US "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC1] = US "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC2] = US "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC3] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC4] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC5] = US "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
+};
+static const uschar * ctb_13[] = {
+[0x01] = US "TLS_AES_128_GCM_SHA256",
+[0x02] = US "TLS_AES_256_GCM_SHA384",
+[0x03] = US "TLS_CHACHA20_POLY1305_SHA256",
+[0x04] = US "TLS_AES_128_CCM_SHA256",
+[0x05] = US "TLS_AES_128_CCM_8_SHA256",
+};
+static const uschar * ctb_c0[] = {
+[0x01] = US "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+[0x02] = US "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+[0x03] = US "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+[0x04] = US "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+[0x05] = US "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+[0x06] = US "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+[0x07] = US "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+[0x08] = US "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+[0x09] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+[0x0A] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+[0x0B] = US "TLS_ECDH_RSA_WITH_NULL_SHA",
+[0x0C] = US "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+[0x0D] = US "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x0E] = US "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+[0x0F] = US "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+[0x10] = US "TLS_ECDHE_RSA_WITH_NULL_SHA",
+[0x11] = US "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+[0x12] = US "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x13] = US "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+[0x14] = US "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+[0x15] = US "TLS_ECDH_anon_WITH_NULL_SHA",
+[0x16] = US "TLS_ECDH_anon_WITH_RC4_128_SHA",
+[0x17] = US "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+[0x18] = US "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+[0x19] = US "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+[0x1A] = US "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
+[0x1B] = US "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x1C] = US "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x1D] = US "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
+[0x1E] = US "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+[0x1F] = US "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+[0x20] = US "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
+[0x21] = US "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+[0x22] = US "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+[0x23] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+[0x24] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+[0x25] = US "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+[0x26] = US "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+[0x27] = US "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+[0x28] = US "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+[0x29] = US "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+[0x2A] = US "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+[0x2B] = US "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+[0x2C] = US "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+[0x2D] = US "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+[0x2E] = US "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+[0x2F] = US "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+[0x30] = US "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+[0x31] = US "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+[0x32] = US "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+[0x33] = US "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
+[0x34] = US "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x35] = US "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
+[0x36] = US "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
+[0x37] = US "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+[0x38] = US "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
+[0x39] = US "TLS_ECDHE_PSK_WITH_NULL_SHA",
+[0x3A] = US "TLS_ECDHE_PSK_WITH_NULL_SHA256",
+[0x3B] = US "TLS_ECDHE_PSK_WITH_NULL_SHA384",
+[0x3C] = US "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x3D] = US "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x3E] = US "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
+[0x3F] = US "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
+[0x40] = US "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x41] = US "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x42] = US "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
+[0x43] = US "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
+[0x44] = US "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x45] = US "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x46] = US "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
+[0x47] = US "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
+[0x48] = US "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
+[0x49] = US "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
+[0x4A] = US "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
+[0x4B] = US "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
+[0x4C] = US "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x4D] = US "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x4E] = US "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x4F] = US "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x50] = US "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x51] = US "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x52] = US "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x53] = US "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x54] = US "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x55] = US "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x56] = US "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",
+[0x57] = US "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",
+[0x58] = US "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
+[0x59] = US "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
+[0x5A] = US "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
+[0x5B] = US "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
+[0x5C] = US "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
+[0x5D] = US "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
+[0x5E] = US "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
+[0x5F] = US "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
+[0x60] = US "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x61] = US "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x62] = US "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x63] = US "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x64] = US "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x65] = US "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x66] = US "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x67] = US "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x68] = US "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x69] = US "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x6A] = US "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6B] = US "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x6C] = US "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6D] = US "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x6E] = US "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6F] = US "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x70] = US "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x71] = US "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x72] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x73] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x74] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x75] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x76] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x77] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x78] = US "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x79] = US "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x7A] = US "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7B] = US "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x7C] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7D] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x7E] = US "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7F] = US "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x80] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
+[0x81] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
+[0x82] = US "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
+[0x83] = US "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
+[0x84] = US "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
+[0x85] = US "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
+[0x86] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x87] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x88] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x89] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8A] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8B] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8C] = US "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8D] = US "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8E] = US "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8F] = US "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x90] = US "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x91] = US "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x92] = US "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x93] = US "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x94] = US "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x95] = US "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x96] = US "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x97] = US "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x98] = US "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x99] = US "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x9A] = US "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x9B] = US "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x9C] = US "TLS_RSA_WITH_AES_128_CCM",
+[0x9D] = US "TLS_RSA_WITH_AES_256_CCM",
+[0x9E] = US "TLS_DHE_RSA_WITH_AES_128_CCM",
+[0x9F] = US "TLS_DHE_RSA_WITH_AES_256_CCM",
+[0xA0] = US "TLS_RSA_WITH_AES_128_CCM_8",
+[0xA1] = US "TLS_RSA_WITH_AES_256_CCM_8",
+[0xA2] = US "TLS_DHE_RSA_WITH_AES_128_CCM_8",
+[0xA3] = US "TLS_DHE_RSA_WITH_AES_256_CCM_8",
+[0xA4] = US "TLS_PSK_WITH_AES_128_CCM",
+[0xA5] = US "TLS_PSK_WITH_AES_256_CCM",
+[0xA6] = US "TLS_DHE_PSK_WITH_AES_128_CCM",
+[0xA7] = US "TLS_DHE_PSK_WITH_AES_256_CCM",
+[0xA8] = US "TLS_PSK_WITH_AES_128_CCM_8",
+[0xA9] = US "TLS_PSK_WITH_AES_256_CCM_8",
+[0xAA] = US "TLS_PSK_DHE_WITH_AES_128_CCM_8",
+[0xAB] = US "TLS_PSK_DHE_WITH_AES_256_CCM_8",
+[0xAC] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
+[0xAD] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
+[0xAE] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
+[0xAF] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
+[0xB0] = US "TLS_ECCPWD_WITH_AES_128_GCM_SHA256",
+[0xB1] = US "TLS_ECCPWD_WITH_AES_256_GCM_SHA384",
+[0xB2] = US "TLS_ECCPWD_WITH_AES_128_CCM_SHA256",
+[0xB3] = US "TLS_ECCPWD_WITH_AES_256_CCM_SHA384",
+[0xB4] = US "TLS_SHA256_SHA256",
+[0xB5] = US "TLS_SHA384_SHA384",
+};
+static const uschar * ctb_cc[] = {
+[0xA8] = US "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xA9] = US "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xAA] = US "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xAB] = US "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAC] = US "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAD] = US "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAE] = US "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
+};
+static const uschar * ctb_d0[] = {
+[0x01] = US "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",
+[0x02] = US "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384",
+[0x03] = US "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256",
+
+[0x05] = US "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256",
+};
+
+static const uschar *
+cipher_stdname_tb(uschar idx, const uschar ** tb, int lim)
+{
+return idx >= lim ? NULL : tb[idx];
+}
+
+static const uschar *
+cipher_stdname(uschar id0, uschar id1)
+{
+switch (id0)
+ {
+ case 0x00: return cipher_stdname_tb(id1, ctb_00, nelem(ctb_00));
+ case 0x13: return cipher_stdname_tb(id1, ctb_13, nelem(ctb_00));
+ case 0xc0: return cipher_stdname_tb(id1, ctb_c0, nelem(ctb_c0));
+ case 0xcc: return cipher_stdname_tb(id1, ctb_cc, nelem(ctb_cc));
+ case 0xd0: return cipher_stdname_tb(id1, ctb_d0, nelem(ctb_d0));
+ default: return NULL;
+ }
+}
+
+/* vi: aw ai sw=2
+*/
+/* End of tls-cipher-stdname.c */
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index c6a695cd5..d9efe8c2e 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -96,6 +96,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
# include <gnutls/dane.h>
#endif
+#include "tls-cipher-stdname.c"
+
+
/* GnuTLS 2 vs 3
GnuTLS 3 only:
@@ -1451,6 +1454,25 @@ return OK;
* Extract peer information *
*************************************************/
+static const uschar *
+cipher_stdname_kcm(gnutls_kx_algorithm_t kx, gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac)
+{
+uschar cs_id[2];
+gnutls_kx_algorithm_t kx_i;
+gnutls_cipher_algorithm_t cipher_i;
+gnutls_mac_algorithm_t mac_i;
+
+for (size_t i = 0;
+ gnutls_cipher_suite_info(i, cs_id, &kx_i, &cipher_i, &mac_i, NULL);
+ i++)
+ if (kx_i == kx && cipher_i == cipher && mac_i == mac)
+ return cipher_stdname(cs_id[0], cs_id[1]);
+return NULL;
+}
+
+
+
/* Called from both server and client code.
Only this is allowed to set state->peerdn and state->have_set_peerdn
and we use that to detect double-calls.
@@ -1479,7 +1501,6 @@ Returns: OK/DEFER/FAIL
static int
peer_status(exim_gnutls_state_st *state, uschar ** errstr)
{
-uschar cipherbuf[256];
const gnutls_datum_t *cert_list;
int old_pool, rc;
unsigned int cert_list_size = 0;
@@ -1504,28 +1525,29 @@ protocol = gnutls_protocol_get_version(state->session);
mac = gnutls_mac_get(state->session);
kx = gnutls_kx_get(state->session);
-string_format(cipherbuf, sizeof(cipherbuf),
- "%s:%s:%d",
- gnutls_protocol_get_name(protocol),
- gnutls_cipher_suite_get_name(kx, cipher, mac),
- (int) gnutls_cipher_get_key_size(cipher) * 8);
-
-/* I don't see a way that spaces could occur, in the current GnuTLS
-code base, but it was a concern in the old code and perhaps older GnuTLS
-releases did return "TLS 1.0"; play it safe, just in case. */
-for (uschar * p = cipherbuf; *p != '\0'; ++p)
- if (isspace(*p))
- *p = '-';
old_pool = store_pool;
-store_pool = POOL_PERM;
-state->ciphersuite = string_copy(cipherbuf);
+ {
+ store_pool = POOL_PERM;
+ state->ciphersuite = string_sprintf("%s:%s:%d",
+ gnutls_protocol_get_name(protocol),
+ gnutls_cipher_suite_get_name(kx, cipher, mac),
+ (int) gnutls_cipher_get_key_size(cipher) * 8);
+
+ /* I don't see a way that spaces could occur, in the current GnuTLS
+ code base, but it was a concern in the old code and perhaps older GnuTLS
+ releases did return "TLS 1.0"; play it safe, just in case. */
+
+ for (uschar * p = state->ciphersuite; *p; p++) if (isspace(*p)) *p = '-';
+ state->tlsp->cipher = state->ciphersuite;
+
+ state->tlsp->cipher_stdname = cipher_stdname_kcm(kx, cipher, mac);
+ }
store_pool = old_pool;
-state->tlsp->cipher = state->ciphersuite;
/* tls_peerdn */
cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
-if (cert_list == NULL || cert_list_size == 0)
+if (!cert_list || cert_list_size == 0)
{
DEBUG(D_tls) debug_printf("TLS: no certificate from peer (%p & %d)\n",
cert_list, cert_list_size);
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index aa24c3338..ba9e7da11 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -71,6 +71,7 @@ change this guard and punt the issue for a while longer. */
# define EXIM_HAVE_OPENSSL_DH_BITS
# define EXIM_HAVE_OPENSSL_TLS_METHOD
# define EXIM_HAVE_OPENSSL_KEYLOG
+# define EXIM_HAVE_OPENSSL_CIPHER_GET_ID
# else
# define EXIM_NEED_OPENSSL_INIT
# endif
@@ -96,6 +97,7 @@ change this guard and punt the issue for a while longer. */
# if OPENSSL_VERSION_NUMBER >= 0x010101000L
# define OPENSSL_HAVE_KEYLOG_CB
# define OPENSSL_HAVE_NUM_TICKETS
+# define EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
# endif
#endif
@@ -108,6 +110,13 @@ change this guard and punt the issue for a while longer. */
# include <openssl/x509v3.h>
#endif
+#ifndef EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
+# ifndef EXIM_HAVE_OPENSSL_CIPHER_GET_ID
+# define SSL_CIPHER_get_id(c) (c->id)
+# endif
+# include "tls-cipher-stdname.c"
+#endif
+
/*************************************************
* OpenSSL option parse *
*************************************************/
@@ -1911,28 +1920,46 @@ return OK;
/*
Argument: pointer to an SSL structure for the connection
- buffer to use for answer
- size of buffer
pointer to number of bits for cipher
-Returns: nothing
+Returns: pointer to allocated string in perm-pool
*/
-static void
-construct_cipher_name(SSL *ssl, uschar *cipherbuf, int bsize, int *bits)
+static uschar *
+construct_cipher_name(SSL * ssl, int * bits)
{
+int pool = store_pool;
/* With OpenSSL 1.0.0a, 'c' needs to be const but the documentation doesn't
yet reflect that. It should be a safe change anyway, even 0.9.8 versions have
the accessor functions use const in the prototype. */
const uschar * ver = CUS SSL_get_version(ssl);
const SSL_CIPHER * c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl);
+uschar * s;
SSL_CIPHER_get_bits(c, bits);
-string_format(cipherbuf, bsize, "%s:%s:%u", ver,
- SSL_CIPHER_get_name(c), *bits);
+store_pool = POOL_PERM;
+s = string_sprintf("%s:%s:%u", ver, SSL_CIPHER_get_name(c), *bits);
+store_pool = pool;
+DEBUG(D_tls) debug_printf("Cipher: %s\n", s);
+return s;
+}
+
-DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf);
+/* Get IETF-standard name for ciphersuite.
+Argument: pointer to an SSL structure for the connection
+Returns: pointer to string
+*/
+
+static const uschar *
+cipher_stdname_ssl(SSL * ssl)
+{
+#ifdef EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
+return CUS SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl));
+#else
+ushort id = 0xffff & SSL_CIPHER_get_id(SSL_get_current_cipher(ssl));
+return cipher_stdname(id >> 8, id & 0xff);
+#endif
}
@@ -2179,7 +2206,6 @@ int rc;
uschar * expciphers;
tls_ext_ctx_cb * cbinfo;
static uschar peerdn[256];
-static uschar cipherbuf[256];
/* Check for previous activation */
@@ -2307,10 +2333,13 @@ and initialize things. */
peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
+tls_in.cipher = construct_cipher_name(server_ssl, &tls_in.bits);
+tls_in.cipher_stdname = cipher_stdname_ssl(server_ssl);
+
DEBUG(D_tls)
{
uschar buf[2048];
- if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL)
+ if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)))
debug_printf("Shared ciphers: %s\n", buf);
#ifdef EXIM_HAVE_OPENSSL_KEYLOG
@@ -2326,9 +2355,6 @@ DEBUG(D_tls)
#endif
}
-construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits);
-tls_in.cipher = cipherbuf;
-
/* Record the certificate we presented */
{
X509 * crt = SSL_get_certificate(server_ssl);
@@ -2491,7 +2517,6 @@ exim_openssl_client_tls_ctx * exim_client_ctx;
static uschar peerdn[256];
uschar * expciphers;
int rc;
-static uschar cipherbuf[256];
#ifndef DISABLE_OCSP
BOOL request_ocsp = FALSE;
@@ -2713,8 +2738,8 @@ DEBUG(D_tls)
peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
-construct_cipher_name(exim_client_ctx->ssl, cipherbuf, sizeof(cipherbuf), &tlsp->bits);
-tlsp->cipher = cipherbuf;
+tlsp->cipher = construct_cipher_name(exim_client_ctx->ssl, &tlsp->bits);
+tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl);
/* Record the certificate we presented */
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 15:23:31 +0000