From 5b72f3cee06cc484c5847199d6775a2e77af3e1e Mon Sep 17 00:00:00 2001
From: Martin Dosch <martin@mdosch.de>
Date: Sat, 12 Feb 2022 09:36:12 +0100
Subject: [PATCH] Add flag to configure minimum TLS version.

---
 CHANGELOG.md           |  1 +
 README.md              |  5 ++++-
 go-sendxmpp.go         | 15 +++++++++++++++
 man/go-sendxmpp.1      |  3 +++
 man/go-sendxmpp.1.html |  3 +++
 man/go-sendxmpp.1.ronn |  3 +++
 6 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c02a891..5fa3ebe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 ### Added
 - Added listening function.
 - Added flag to configure connection timeout.
+- Added flag to configure minimum TLS version.
 
 ### Removed
 - Removed deprecated option `-x`.
diff --git a/README.md b/README.md
index b63e09c..382f572 100644
--- a/README.md
+++ b/README.md
@@ -75,7 +75,7 @@ If no configuration file is present or if the values should be overridden it is
 the account details via command line options:
 
 ```plain
-Usage: go-sendxmpp [-cdilnt] [-f value] [--help] [--http-upload value] [-j value] [-m value] [-p value] [--raw] [-r value] [--timeout value] [-u value] [parameters ...]
+Usage: go-sendxmpp [-cdilnt] [-f value] [--help] [--http-upload value] [-j value] [-m value] [-p value] [--raw] [-r value] [--timeout value] [--tls-version value] [-u value] [parameters ...]
  -c, --chatroom     Send message to a chatroom.
  -d, --debug        Show debugging info.
  -f, --file=value   Set configuration file. (Default:
@@ -100,6 +100,9 @@ Usage: go-sendxmpp [-cdilnt] [-f value] [--help] [--http-upload value] [-j value
      --timeout=value
                     Connection timeout in seconds. [10]
  -t, --tls          Use direct TLS.
+     --tls-version=value
+                    Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1), 12
+                    (TLSv1.2) or 13 (TLSv1.3). [12]
  -u, --username=value
                     Username for XMPP account.
 ```
diff --git a/go-sendxmpp.go b/go-sendxmpp.go
index c0220a1..359f316 100644
--- a/go-sendxmpp.go
+++ b/go-sendxmpp.go
@@ -238,6 +238,8 @@ func main() {
 	flagRaw := getopt.BoolLong("raw", 0, "Send raw XML.")
 	flagListen := getopt.BoolLong("listen", 'l', "Listen for messages and print them to stdout.")
 	flagTimeout := getopt.IntLong("timeout", 0, 10, "Connection timeout in seconds.")
+	flagTLSMinVersion := getopt.IntLong("tls-version", 0, 12,
+		"Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1), 12 (TLSv1.2) or 13 (TLSv1.3).")
 
 	// Parse command line flags.
 	getopt.Parse()
@@ -325,6 +327,19 @@ func main() {
 	tlsConfig.ServerName = user[strings.Index(user, "@")+1:]
 	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "xmpp-client")
 	tlsConfig.InsecureSkipVerify = *flagSkipVerify
+	switch *flagTLSMinVersion {
+	case 10:
+		tlsConfig.MinVersion = tls.VersionTLS10
+	case 11:
+		tlsConfig.MinVersion = tls.VersionTLS11
+	case 12:
+		tlsConfig.MinVersion = tls.VersionTLS12
+	case 13:
+		tlsConfig.MinVersion = tls.VersionTLS13
+	default:
+		fmt.Println("Unknown TLS version.")
+		os.Exit(0)
+	}
 
 	// Set XMPP connection options.
 	options := xmpp.Options{
diff --git a/man/go-sendxmpp.1 b/man/go-sendxmpp.1
index d5a1092..ef69993 100644
--- a/man/go-sendxmpp.1
+++ b/man/go-sendxmpp.1
@@ -41,6 +41,9 @@ Set file including the message\.
 \fB\-n\fR, \fB\-\-no\-tls\-verify\fR
 Skip verification of TLS certificates (not recommended)\.
 .TP
+\fB\-\-tls\-version\fR=[\fIvalue\fR]
+Minimal TLS version\. 10 (TSLv1\.0), 11 (TLSv1\.1) (Default: 12)
+.TP
 \fB\-p\fR, \fB\-\-password\fR=[\fIvalue\fR]
 Password for XMPP account\.
 .TP
diff --git a/man/go-sendxmpp.1.html b/man/go-sendxmpp.1.html
index 51b2c6c..5085b14 100644
--- a/man/go-sendxmpp.1.html
+++ b/man/go-sendxmpp.1.html
@@ -127,6 +127,9 @@ are shown. If no JIDs are specified all received messages will be shown.</dd>
 </dt>
 <dd>Skip verification of TLS certificates (not recommended).</dd>
 <dt>
+<code>--tls-version</code>=[<var>value</var>]</dt>
+<dd>Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1) (Default: 12)</dd>
+<dt>
 <code>-p</code>, <code>--password</code>=[<var>value</var>]</dt>
 <dd>Password for XMPP account.</dd>
 <dt><code>--raw</code></dt>
diff --git a/man/go-sendxmpp.1.ronn b/man/go-sendxmpp.1.ronn
index 2281bee..ee4fae4 100644
--- a/man/go-sendxmpp.1.ronn
+++ b/man/go-sendxmpp.1.ronn
@@ -47,6 +47,9 @@ Set file including the message.
 * `-n`, `--no-tls-verify`:
 Skip verification of TLS certificates (not recommended).
 
+* `--tls-version`=[<value>]:
+Minimal TLS version. 10 (TSLv1.0), 11 (TLSv1.1) (Default: 12)
+
 * `-p`, `--password`=[<value>]:
 Password for XMPP account.