1package mox

2

3import (

4 "crypto/tls"

5 "fmt"

6

7 "golang.org/x/exp/slog"

8

9 "github.com/mjl-/mox/mlog"

10)

11

12// TLSReceivedComment returns a comment about TLS of the connection for use in a Receive header.

13func TLSReceivedComment(log mlog.Log, cs tls.ConnectionState) []string {

14 // todo future: we could use the "tls" clause for the Received header as specified in ../rfc/8314:496. however, the text implies it is only for submission, not regular smtp. and it cannot specify the tls version. for now, not worth the trouble.

15

16 // Comments from other mail servers:

17 // gmail.com: (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128)

18 // yahoo.com: (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256)

19 // proton.me: (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested)

20 // outlook.com: (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)

21

22 var l []string

23 add := func(s string) {

24 l = append(l, s)

25 }

26

27 versions := map[uint16]string{

28 tls.VersionTLS10: "TLS1.0",

29 tls.VersionTLS11: "TLS1.1",

30 tls.VersionTLS12: "TLS1.2",

31 tls.VersionTLS13: "TLS1.3",

32 }

33

34 if version, ok := versions[cs.Version]; ok {

35 add(version)

36 } else {

37 log.Info("unknown tls version identifier", slog.Any("version", cs.Version))

38 add(fmt.Sprintf("TLS identifier %x", cs.Version))

39 }

40

41 add(tls.CipherSuiteName(cs.CipherSuite))

42

43 // Make it a comment.

44 l[0] = "(" + l[0]

45 l[len(l)-1] = l[len(l)-1] + ")"

46

47 return l

48}

49