disable TLS 1.0 & 1.1 by default
these were not reasonable defaults any more.
This commit is contained in:
parent
e3056b26e9
commit
a7f1b86475
3
NEWS
3
NEWS
|
@ -12,7 +12,8 @@ they are flagged on the source side.
|
|||
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
|
||||
and Delete/--delete/-d to Gone/--gone/-g.
|
||||
|
||||
Superseded SSLVersions option with TLSVersions.
|
||||
Superseded SSLVersions option with TLSVersions, and disabled TLS v1.0
|
||||
and v1.1 by default.
|
||||
|
||||
Made the Channel side to expire with MaxMessages configurable.
|
||||
|
||||
|
|
|
@ -3711,7 +3711,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
|
|||
server->sconf.timeout = 20000;
|
||||
#ifdef HAVE_LIBSSL
|
||||
server->ssl_type = -1;
|
||||
server->sconf.ssl_versions = TLSv1 | TLSv1_1 | TLSv1_2 | TLSv1_3;
|
||||
server->sconf.ssl_versions = TLSv1_2 | TLSv1_3;
|
||||
server->sconf.system_certs = 1;
|
||||
#endif
|
||||
server->max_in_progress = INT_MAX;
|
||||
|
|
|
@ -419,7 +419,7 @@ Add/remove the specified TLS versions to/from the set of acceptable choices.
|
|||
Use old versions only when the server has problems with newer ones.
|
||||
Note that new versions are automatically enabled as soon as OpenSSL supports
|
||||
them, even if \fBmbsync\fR does not recognize them yet.
|
||||
(Default: All starting with 1.0).
|
||||
(Default: All starting with 1.2).
|
||||
.
|
||||
.TP
|
||||
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
|
||||
|
|
Loading…
Reference in New Issue
Block a user