From 0b879568e94065074a02f9650216c48a1f681702 Mon Sep 17 00:00:00 2001
From: Richard Russon <rich@flatcap.org>
Date: Wed, 1 Jun 2016 21:38:22 +0100
Subject: neomutt-ssl_ciphers

---
 conn/config.c |  2 +-
 conn/gnutls.c | 59 +++++++++++++++++++++++++++------------------------
 2 files changed, 32 insertions(+), 29 deletions(-)

diff --git a/conn/config.c b/conn/config.c
index a97ba08c3..4627b260c 100644
--- a/conn/config.c
+++ b/conn/config.c
@@ -66,7 +66,7 @@ static struct ConfigDef ConnVarsSsl[] = {
   { "certificate_file", DT_PATH|D_PATH_FILE, IP "~/.mutt_certificates", 0, NULL,
     "File containing trusted certificates"
   },
-  { "ssl_ciphers", DT_STRING, 0, 0, NULL,
+  { "ssl_ciphers", DT_STRING, IP "@SYSTEM", 0, NULL,
     "Ciphers to use when using SSL"
   },
   { "ssl_client_cert", DT_PATH|D_PATH_FILE, 0, 0, NULL,
diff --git a/conn/gnutls.c b/conn/gnutls.c
index 4d4a80892..bcf4ea831 100644
--- a/conn/gnutls.c
+++ b/conn/gnutls.c
@@ -762,35 +762,38 @@ static int tls_set_priority(struct TlsSockData *data)
   else
     buf_strcpy(priority, "NORMAL");
 
-  const bool c_ssl_use_tlsv1_3 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1_3");
-  if (!c_ssl_use_tlsv1_3)
+  if (mutt_str_equal(c_ssl_ciphers, "@SYSTEM"))
   {
-    nproto--;
-    buf_addstr(priority, ":-VERS-TLS1.3");
-  }
-  const bool c_ssl_use_tlsv1_2 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1_2");
-  if (!c_ssl_use_tlsv1_2)
-  {
-    nproto--;
-    buf_addstr(priority, ":-VERS-TLS1.2");
-  }
-  const bool c_ssl_use_tlsv1_1 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1_1");
-  if (!c_ssl_use_tlsv1_1)
-  {
-    nproto--;
-    buf_addstr(priority, ":-VERS-TLS1.1");
-  }
-  const bool c_ssl_use_tlsv1 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1");
-  if (!c_ssl_use_tlsv1)
-  {
-    nproto--;
-    buf_addstr(priority, ":-VERS-TLS1.0");
-  }
-  const bool c_ssl_use_sslv3 = cs_subset_bool(NeoMutt->sub, "ssl_use_sslv3");
-  if (!c_ssl_use_sslv3)
-  {
-    nproto--;
-    buf_addstr(priority, ":-VERS-SSL3.0");
+    const bool c_ssl_use_tlsv1_3 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1_3");
+    if (!c_ssl_use_tlsv1_3)
+    {
+      nproto--;
+      buf_addstr(priority, ":-VERS-TLS1.3");
+    }
+    const bool c_ssl_use_tlsv1_2 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1_2");
+    if (!c_ssl_use_tlsv1_2)
+    {
+      nproto--;
+      buf_addstr(priority, ":-VERS-TLS1.2");
+    }
+    const bool c_ssl_use_tlsv1_1 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1_1");
+    if (!c_ssl_use_tlsv1_1)
+    {
+      nproto--;
+      buf_addstr(priority, ":-VERS-TLS1.1");
+    }
+    const bool c_ssl_use_tlsv1 = cs_subset_bool(NeoMutt->sub, "ssl_use_tlsv1");
+    if (!c_ssl_use_tlsv1)
+    {
+      nproto--;
+      buf_addstr(priority, ":-VERS-TLS1.0");
+    }
+    const bool c_ssl_use_sslv3 = cs_subset_bool(NeoMutt->sub, "ssl_use_sslv3");
+    if (!c_ssl_use_sslv3)
+    {
+      nproto--;
+      buf_addstr(priority, ":-VERS-SSL3.0");
+    }
   }
 
   if (nproto == 0)