feat: set imap ALPN when connecting to IMAP servers

IMAP has a registered protocol ID listed at <https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids> Requesting specific ALPN on the client should allow the server to multiplex multiple protocols on the same port and dispatch requests to the correct backend on the proxy such as HAProxy.
2026-04-19 06:26:30 +03:00 · 2024-07-10 23:20:41 +00:00
parent f84e603318
commit bd83fb3d38
3 changed files with 14 additions and 12 deletions
--- a/src/net/tls.rs
+++ b/src/net/tls.rs
@@ -14,9 +14,10 @@ static LETSENCRYPT_ROOT: Lazy<Certificate> = Lazy::new(|| {
    .unwrap()
 });

-pub fn build_tls(strict_tls: bool) -> TlsConnector {
+pub fn build_tls(strict_tls: bool, alpns: &[&str]) -> TlsConnector {
    let tls_builder = TlsConnector::new()
        .min_protocol_version(Some(Protocol::Tlsv12))
+        .request_alpns(alpns)
        .add_root_certificate(LETSENCRYPT_ROOT.clone());

    if strict_tls {
@@ -31,9 +32,10 @@ pub fn build_tls(strict_tls: bool) -> TlsConnector {
 pub async fn wrap_tls<T: AsyncRead + AsyncWrite + Unpin>(
    strict_tls: bool,
    hostname: &str,
+    alpns: &[&str],
    stream: T,
 ) -> Result<TlsStream<T>> {
-    let tls = build_tls(strict_tls);
+    let tls = build_tls(strict_tls, alpns);
    let tls_stream = tls.connect(hostname, stream).await?;
    Ok(tls_stream)
 }
@@ -46,7 +48,7 @@ mod tests {
    fn test_build_tls() {
        // we are using some additional root certificates.
        // make sure, they do not break construction of TlsConnector
-        let _ = build_tls(true);
-        let _ = build_tls(false);
+        let _ = build_tls(true, &[]);
+        let _ = build_tls(false, &[]);
    }
 }