feat: add option to configure available tls cipher suites for relay (#1914)

* feat: add option to configure available tls cipher suites for relay

* feat: add option to control CheckCertificateRevocation flag of MailKit

* Update Rnwood.Smtp4dev/Startup.cs

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Rob Wood <[email protected]>
Co-authored-by: Copilot <[email protected]>

Author: 3 people

Rnwood.Smtp4dev/Server/Settings/RelayOptions.cs

@@ -24,7 +24,11 @@ public int SmtpPort
         }
 
         public SecureSocketOptions TlsMode { get; set; } = SecureSocketOptions.Auto;
+      
+        public string[] SslCipherSuitesPolicy { get; set; } = System.Array.Empty<string>();
 
+        public bool CheckCertificateRevocation { get; set; } = true;
+        
         public string[] AutomaticEmails { get; set; } = System.Array.Empty<string>();
 
         public string AutomaticRelayExpression { get; set; }

Rnwood.Smtp4dev/Server/Settings/RelayOptionsSource.cs

@@ -17,7 +17,11 @@ public int? SmtpPort
 
 
         public SecureSocketOptions? TlsMode { get; set; }
+        
+        public string[] SslCipherSuitesPolicy { get; set; } = System.Array.Empty<string>();
 
+        public bool CheckCertificateRevocation { get; set; } = true;
+        
         public string[] AutomaticEmails { get; set; } = System.Array.Empty<string>();
 
         public string AutomaticRelayExpression { get; set; }

Rnwood.Smtp4dev/Startup.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Globalization;
 using System.IO;
 using System.Net;
@@ -22,6 +23,7 @@
 using Rnwood.Smtp4dev.Service;
 using Serilog;
 using System.Linq;
+using System.Net.Security;
 using Microsoft.Data.Sqlite;
 using Microsoft.EntityFrameworkCore.Infrastructure;
 using Microsoft.AspNetCore.Http;
@@ -235,6 +237,25 @@ public void ConfigureServices(IServiceCollection services)
                 }
 
                 SmtpClient result = new SmtpClient();
+#if NET5_0_OR_GREATER
+                if (relayOptions.SslCipherSuitesPolicy.Length > 0)
+                {
+                    try
+                    {
+                        var suites = new List<TlsCipherSuite>(relayOptions.SslCipherSuitesPolicy.Length);
+                        foreach (var suite in relayOptions.SslCipherSuitesPolicy)
+                        {
+                            suites.Add(Enum.Parse<TlsCipherSuite>(suite, true));
+                        }
+
+                        result.SslCipherSuitesPolicy = new CipherSuitesPolicy(suites.ToArray());
+                    } catch (PlatformNotSupportedException e)
+                    {
+                        Log.Logger.Warning("Ssl cipher suites policy is not supported on this platform: {exception}", e);
+                    }
+                }
+#endif
+                result.CheckCertificateRevocation = relayOptions.CheckCertificateRevocation;
                 result.Connect(relayOptions.SmtpServer, relayOptions.SmtpPort, relayOptions.TlsMode);
 
                 if (!string.IsNullOrEmpty(relayOptions.Login))