disable TLS 1.0 & 1.1 by default
these were not reasonable defaults any more.
This commit is contained in:
parent
e3056b26e9
commit
a7f1b86475
3
NEWS
3
NEWS
|
@ -12,7 +12,8 @@ they are flagged on the source side.
|
||||||
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
|
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
|
||||||
and Delete/--delete/-d to Gone/--gone/-g.
|
and Delete/--delete/-d to Gone/--gone/-g.
|
||||||
|
|
||||||
Superseded SSLVersions option with TLSVersions.
|
Superseded SSLVersions option with TLSVersions, and disabled TLS v1.0
|
||||||
|
and v1.1 by default.
|
||||||
|
|
||||||
Made the Channel side to expire with MaxMessages configurable.
|
Made the Channel side to expire with MaxMessages configurable.
|
||||||
|
|
||||||
|
|
|
@ -3711,7 +3711,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
|
||||||
server->sconf.timeout = 20000;
|
server->sconf.timeout = 20000;
|
||||||
#ifdef HAVE_LIBSSL
|
#ifdef HAVE_LIBSSL
|
||||||
server->ssl_type = -1;
|
server->ssl_type = -1;
|
||||||
server->sconf.ssl_versions = TLSv1 | TLSv1_1 | TLSv1_2 | TLSv1_3;
|
server->sconf.ssl_versions = TLSv1_2 | TLSv1_3;
|
||||||
server->sconf.system_certs = 1;
|
server->sconf.system_certs = 1;
|
||||||
#endif
|
#endif
|
||||||
server->max_in_progress = INT_MAX;
|
server->max_in_progress = INT_MAX;
|
||||||
|
|
|
@ -419,7 +419,7 @@ Add/remove the specified TLS versions to/from the set of acceptable choices.
|
||||||
Use old versions only when the server has problems with newer ones.
|
Use old versions only when the server has problems with newer ones.
|
||||||
Note that new versions are automatically enabled as soon as OpenSSL supports
|
Note that new versions are automatically enabled as soon as OpenSSL supports
|
||||||
them, even if \fBmbsync\fR does not recognize them yet.
|
them, even if \fBmbsync\fR does not recognize them yet.
|
||||||
(Default: All starting with 1.0).
|
(Default: All starting with 1.2).
|
||||||
.
|
.
|
||||||
.TP
|
.TP
|
||||||
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
|
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
|
||||||
|
|
Loading…
Reference in New Issue
Block a user