supersede SSLVersions option with TLSVersions
the new one isn't an exhaustive set anymore, but a delta to the default (or previous setting). this has the advantage that new versions aren't automatically disabled anymore as soon as mbsync learns about them if the user has a setting they fail to adjust.
This commit is contained in:
parent
7e0e14a686
commit
e3056b26e9
2
NEWS
2
NEWS
|
@ -12,6 +12,8 @@ they are flagged on the source side.
|
|||
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
|
||||
and Delete/--delete/-d to Gone/--gone/-g.
|
||||
|
||||
Superseded SSLVersions option with TLSVersions.
|
||||
|
||||
Made the Channel side to expire with MaxMessages configurable.
|
||||
|
||||
MaxMessages and MaxSize can be used together now.
|
||||
|
|
|
@ -3797,8 +3797,44 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
|
|||
error( "%s:%d: Invalid SSL type\n", cfg->file, cfg->line );
|
||||
cfg->err = 1;
|
||||
}
|
||||
} else if (!strcasecmp( "TLSVersions", cfg->cmd )) {
|
||||
arg = cfg->val;
|
||||
do {
|
||||
int or_mask = 0, and_mask = 0, val;
|
||||
if (*arg == '+') {
|
||||
or_mask = ~0;
|
||||
} else if (*arg == '-') {
|
||||
and_mask = ~0;
|
||||
} else {
|
||||
error( "%s:%d: TLSVersions arguments must start with +/-\n", cfg->file, cfg->line );
|
||||
cfg->err = 1;
|
||||
continue;
|
||||
}
|
||||
arg++;
|
||||
if (!strcmp( "1.0", arg )) {
|
||||
val = TLSv1;
|
||||
} else if (!strcmp( "1.1", arg )) {
|
||||
val = TLSv1_1;
|
||||
} else if (!strcmp( "1.2", arg )) {
|
||||
val = TLSv1_2;
|
||||
} else if (!strcmp( "1.3", arg )) {
|
||||
val = TLSv1_3;
|
||||
} else {
|
||||
error( "%s:%d: Unrecognized TLS version '%s'\n", cfg->file, cfg->line, arg );
|
||||
cfg->err = 1;
|
||||
continue;
|
||||
}
|
||||
or_mask &= val;
|
||||
and_mask &= val;
|
||||
server->sconf.ssl_versions = (server->sconf.ssl_versions & ~and_mask) | or_mask;
|
||||
} while ((arg = get_arg( cfg, ARG_OPTIONAL, NULL )));
|
||||
} else if (!strcasecmp( "SSLVersion", cfg->cmd ) ||
|
||||
!strcasecmp( "SSLVersions", cfg->cmd )) {
|
||||
static int sslv_warned;
|
||||
if (!sslv_warned) {
|
||||
sslv_warned = 1;
|
||||
warn( "Notice: SSLVersions is deprecated. Use TLSVersions instead.\n" );
|
||||
}
|
||||
server->sconf.ssl_versions = 0;
|
||||
arg = cfg->val;
|
||||
do {
|
||||
|
|
|
@ -414,10 +414,12 @@ so it is the default (unless a tunnel is used).
|
|||
right after connecting the secure IMAP port 993.
|
||||
.
|
||||
.TP
|
||||
\fBSSLVersions\fR [\fBSSLv3\fR] [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR] [\fBTLSv1.3\fR]
|
||||
Select the acceptable SSL/TLS versions.
|
||||
\fBTLSVersions\fR {\fB+\fR|\fB-\fR}{\fB1.0\fR|\fB1.1\fR|\fB1.2\fR|\fB1.3\fR} ...
|
||||
Add/remove the specified TLS versions to/from the set of acceptable choices.
|
||||
Use old versions only when the server has problems with newer ones.
|
||||
(Default: [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR] [\fBTLSv1.3\fR]).
|
||||
Note that new versions are automatically enabled as soon as OpenSSL supports
|
||||
them, even if \fBmbsync\fR does not recognize them yet.
|
||||
(Default: All starting with 1.0).
|
||||
.
|
||||
.TP
|
||||
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
|
||||
|
|
|
@ -36,7 +36,7 @@ Sync PullNew Push
|
|||
IMAPStore personal
|
||||
Host host.play.com
|
||||
Port 6789
|
||||
SSLType None
|
||||
TLSType None
|
||||
|
||||
Channel personal
|
||||
Far :personal:
|
||||
|
@ -66,7 +66,7 @@ CertificateFile ~/.st1-certificate.crt
|
|||
IMAPStore st2
|
||||
Host imap.another-domain.com
|
||||
Path non-standard/
|
||||
SSLVersions TLSv1.3
|
||||
TLSVersions -1.2
|
||||
|
||||
Channel rst
|
||||
Far :st1:somebox
|
||||
|
|
Loading…
Reference in New Issue
Block a user