1 files changed, 39 insertions, 2 deletions

diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c
index 2a198f494..27f64b92e 100644
--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
@@ -1137,8 +1137,8 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
     ngx_str_t                  login, passwd;
     ngx_connection_t          *c;
 #if (NGX_MAIL_SSL)
-    ngx_str_t                  verify, subject, issuer, serial, fingerprint,
-                               raw_cert, cert;
+    ngx_str_t                  protocol, cipher, verify, subject, issuer,
+                               serial, fingerprint, raw_cert, cert;
     ngx_mail_ssl_conf_t       *sslcf;
 #endif
     ngx_mail_core_srv_conf_t  *cscf;
@@ -1155,6 +1155,25 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
 
 #if (NGX_MAIL_SSL)
 
+    if (c->ssl) {
+
+        if (ngx_ssl_get_protocol(c, pool, &protocol) != NGX_OK) {
+            return NULL;
+        }
+
+        protocol.len = ngx_strlen(protocol.data);
+
+        if (ngx_ssl_get_cipher_name(c, pool, &cipher) != NGX_OK) {
+            return NULL;
+        }
+
+        cipher.len = ngx_strlen(cipher.data);
+
+    } else {
+        ngx_str_null(&protocol);
+        ngx_str_null(&cipher);
+    }
+
     sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
 
     if (c->ssl && sslcf->verify) {
@@ -1252,6 +1271,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
 
     if (c->ssl) {
         len += sizeof("Auth-SSL: on" CRLF) - 1
+               + sizeof("Auth-SSL-Protocol: ") - 1 + protocol.len
+                     + sizeof(CRLF) - 1
+               + sizeof("Auth-SSL-Cipher: ") - 1 + cipher.len
+                     + sizeof(CRLF) - 1
                + sizeof("Auth-SSL-Verify: ") - 1 + verify.len
                      + sizeof(CRLF) - 1
                + sizeof("Auth-SSL-Subject: ") - 1 + subject.len
@@ -1373,6 +1396,20 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
         b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF,
                              sizeof("Auth-SSL: on" CRLF) - 1);
 
+        if (protocol.len) {
+            b->last = ngx_cpymem(b->last, "Auth-SSL-Protocol: ",
+                                 sizeof("Auth-SSL-Protocol: ") - 1);
+            b->last = ngx_copy(b->last, protocol.data, protocol.len);
+            *b->last++ = CR; *b->last++ = LF;
+        }
+
+        if (cipher.len) {
+            b->last = ngx_cpymem(b->last, "Auth-SSL-Cipher: ",
+                                 sizeof("Auth-SSL-Cipher: ") - 1);
+            b->last = ngx_copy(b->last, cipher.data, cipher.len);
+            *b->last++ = CR; *b->last++ = LF;
+        }
+
         if (verify.len) {
             b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ",
                                  sizeof("Auth-SSL-Verify: ") - 1);