Add flag to configure minimum TLS version.

2 years ago · 5b72f3cee0
parent a866e98e1e
commit 5b72f3cee0
6 changed files with 29 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,7 @@
 ### Added
 - Added listening function.
 - Added flag to configure connection timeout.
+- Added flag to configure minimum TLS version.

 ### Removed
 - Removed deprecated option `-x`.
--- a/README.md
+++ b/README.md
@ -75,7 +75,7 @@ If no configuration file is present or if the values should be overridden it is
 the account details via command line options:

 ```plain
-Usage: go-sendxmpp [-cdilnt] [-f value] [--help] [--http-upload value] [-j value] [-m value] [-p value] [--raw] [-r value] [--timeout value] [-u value] [parameters ...]
+Usage: go-sendxmpp [-cdilnt] [-f value] [--help] [--http-upload value] [-j value] [-m value] [-p value] [--raw] [-r value] [--timeout value] [--tls-version value] [-u value] [parameters ...]
 -c, --chatroom     Send message to a chatroom.
 -d, --debug        Show debugging info.
 -f, --file=value   Set configuration file. (Default:
@ -100,6 +100,9 @@ Usage: go-sendxmpp [-cdilnt] [-f value] [--help] [--http-upload value] [-j value
     --timeout=value
                    Connection timeout in seconds. [10]
 -t, --tls          Use direct TLS.
+     --tls-version=value
+                    Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1), 12
+                    (TLSv1.2) or 13 (TLSv1.3). [12]
 -u, --username=value
                    Username for XMPP account.
 ```
--- a/go-sendxmpp.go
+++ b/go-sendxmpp.go
@ -238,6 +238,8 @@ func main() {
 	flagRaw := getopt.BoolLong("raw", 0, "Send raw XML.")
 	flagListen := getopt.BoolLong("listen", 'l', "Listen for messages and print them to stdout.")
 	flagTimeout := getopt.IntLong("timeout", 0, 10, "Connection timeout in seconds.")
+	flagTLSMinVersion := getopt.IntLong("tls-version", 0, 12,
+		"Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1), 12 (TLSv1.2) or 13 (TLSv1.3).")

 	// Parse command line flags.
 	getopt.Parse()
@ -325,6 +327,19 @@ func main() {
 	tlsConfig.ServerName = user[strings.Index(user, "@")+1:]
 	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "xmpp-client")
 	tlsConfig.InsecureSkipVerify = *flagSkipVerify
+	switch *flagTLSMinVersion {
+	case 10:
+		tlsConfig.MinVersion = tls.VersionTLS10
+	case 11:
+		tlsConfig.MinVersion = tls.VersionTLS11
+	case 12:
+		tlsConfig.MinVersion = tls.VersionTLS12
+	case 13:
+		tlsConfig.MinVersion = tls.VersionTLS13
+	default:
+		fmt.Println("Unknown TLS version.")
+		os.Exit(0)
+	}

 	// Set XMPP connection options.
 	options := xmpp.Options{
--- a/man/go-sendxmpp.1
+++ b/man/go-sendxmpp.1
@ -41,6 +41,9 @@ Set file including the message\.
 \fB\-n\fR, \fB\-\-no\-tls\-verify\fR
 Skip verification of TLS certificates (not recommended)\.
 .TP
+\fB\-\-tls\-version\fR=[\fIvalue\fR]
+Minimal TLS version\. 10 (TSLv1\.0), 11 (TLSv1\.1) (Default: 12)
+.TP
 \fB\-p\fR, \fB\-\-password\fR=[\fIvalue\fR]
 Password for XMPP account\.
 .TP
--- a/man/go-sendxmpp.1.html
+++ b/man/go-sendxmpp.1.html
@ -127,6 +127,9 @@ are shown. If no JIDs are specified all received messages will be shown.</dd>
 </dt>
 <dd>Skip verification of TLS certificates (not recommended).</dd>
 <dt>
+<code>--tls-version</code>=[<var>value</var>]</dt>
+<dd>Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1) (Default: 12)</dd>
+<dt>
 <code>-p</code>, <code>--password</code>=[<var>value</var>]</dt>
 <dd>Password for XMPP account.</dd>
 <dt><code>--raw</code></dt>
--- a/man/go-sendxmpp.1.ronn
+++ b/man/go-sendxmpp.1.ronn
@ -47,6 +47,9 @@ Set file including the message.
 * `-n`, `--no-tls-verify`:
 Skip verification of TLS certificates (not recommended).

+* `--tls-version`=[<value>]:
+Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1) (Default: 12)
+
 * `-p`, `--password`=[<value>]:
 Password for XMPP account.