supersede SSLVersions option with TLSVersions
the new one isn't an exhaustive set anymore, but a delta to the default (or previous setting). this has the advantage that new versions aren't automatically disabled anymore as soon as mbsync learns about them if the user has a setting they fail to adjust.
This commit is contained in:
parent
7e0e14a686
commit
e3056b26e9
2
NEWS
2
NEWS
|
@ -12,6 +12,8 @@ they are flagged on the source side.
|
||||||
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
|
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
|
||||||
and Delete/--delete/-d to Gone/--gone/-g.
|
and Delete/--delete/-d to Gone/--gone/-g.
|
||||||
|
|
||||||
|
Superseded SSLVersions option with TLSVersions.
|
||||||
|
|
||||||
Made the Channel side to expire with MaxMessages configurable.
|
Made the Channel side to expire with MaxMessages configurable.
|
||||||
|
|
||||||
MaxMessages and MaxSize can be used together now.
|
MaxMessages and MaxSize can be used together now.
|
||||||
|
|
|
@ -3797,8 +3797,44 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
|
||||||
error( "%s:%d: Invalid SSL type\n", cfg->file, cfg->line );
|
error( "%s:%d: Invalid SSL type\n", cfg->file, cfg->line );
|
||||||
cfg->err = 1;
|
cfg->err = 1;
|
||||||
}
|
}
|
||||||
|
} else if (!strcasecmp( "TLSVersions", cfg->cmd )) {
|
||||||
|
arg = cfg->val;
|
||||||
|
do {
|
||||||
|
int or_mask = 0, and_mask = 0, val;
|
||||||
|
if (*arg == '+') {
|
||||||
|
or_mask = ~0;
|
||||||
|
} else if (*arg == '-') {
|
||||||
|
and_mask = ~0;
|
||||||
|
} else {
|
||||||
|
error( "%s:%d: TLSVersions arguments must start with +/-\n", cfg->file, cfg->line );
|
||||||
|
cfg->err = 1;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
arg++;
|
||||||
|
if (!strcmp( "1.0", arg )) {
|
||||||
|
val = TLSv1;
|
||||||
|
} else if (!strcmp( "1.1", arg )) {
|
||||||
|
val = TLSv1_1;
|
||||||
|
} else if (!strcmp( "1.2", arg )) {
|
||||||
|
val = TLSv1_2;
|
||||||
|
} else if (!strcmp( "1.3", arg )) {
|
||||||
|
val = TLSv1_3;
|
||||||
|
} else {
|
||||||
|
error( "%s:%d: Unrecognized TLS version '%s'\n", cfg->file, cfg->line, arg );
|
||||||
|
cfg->err = 1;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
or_mask &= val;
|
||||||
|
and_mask &= val;
|
||||||
|
server->sconf.ssl_versions = (server->sconf.ssl_versions & ~and_mask) | or_mask;
|
||||||
|
} while ((arg = get_arg( cfg, ARG_OPTIONAL, NULL )));
|
||||||
} else if (!strcasecmp( "SSLVersion", cfg->cmd ) ||
|
} else if (!strcasecmp( "SSLVersion", cfg->cmd ) ||
|
||||||
!strcasecmp( "SSLVersions", cfg->cmd )) {
|
!strcasecmp( "SSLVersions", cfg->cmd )) {
|
||||||
|
static int sslv_warned;
|
||||||
|
if (!sslv_warned) {
|
||||||
|
sslv_warned = 1;
|
||||||
|
warn( "Notice: SSLVersions is deprecated. Use TLSVersions instead.\n" );
|
||||||
|
}
|
||||||
server->sconf.ssl_versions = 0;
|
server->sconf.ssl_versions = 0;
|
||||||
arg = cfg->val;
|
arg = cfg->val;
|
||||||
do {
|
do {
|
||||||
|
|
|
@ -414,10 +414,12 @@ so it is the default (unless a tunnel is used).
|
||||||
right after connecting the secure IMAP port 993.
|
right after connecting the secure IMAP port 993.
|
||||||
.
|
.
|
||||||
.TP
|
.TP
|
||||||
\fBSSLVersions\fR [\fBSSLv3\fR] [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR] [\fBTLSv1.3\fR]
|
\fBTLSVersions\fR {\fB+\fR|\fB-\fR}{\fB1.0\fR|\fB1.1\fR|\fB1.2\fR|\fB1.3\fR} ...
|
||||||
Select the acceptable SSL/TLS versions.
|
Add/remove the specified TLS versions to/from the set of acceptable choices.
|
||||||
Use old versions only when the server has problems with newer ones.
|
Use old versions only when the server has problems with newer ones.
|
||||||
(Default: [\fBTLSv1\fR] [\fBTLSv1.1\fR] [\fBTLSv1.2\fR] [\fBTLSv1.3\fR]).
|
Note that new versions are automatically enabled as soon as OpenSSL supports
|
||||||
|
them, even if \fBmbsync\fR does not recognize them yet.
|
||||||
|
(Default: All starting with 1.0).
|
||||||
.
|
.
|
||||||
.TP
|
.TP
|
||||||
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
|
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
|
||||||
|
|
|
@ -36,7 +36,7 @@ Sync PullNew Push
|
||||||
IMAPStore personal
|
IMAPStore personal
|
||||||
Host host.play.com
|
Host host.play.com
|
||||||
Port 6789
|
Port 6789
|
||||||
SSLType None
|
TLSType None
|
||||||
|
|
||||||
Channel personal
|
Channel personal
|
||||||
Far :personal:
|
Far :personal:
|
||||||
|
@ -66,7 +66,7 @@ CertificateFile ~/.st1-certificate.crt
|
||||||
IMAPStore st2
|
IMAPStore st2
|
||||||
Host imap.another-domain.com
|
Host imap.another-domain.com
|
||||||
Path non-standard/
|
Path non-standard/
|
||||||
SSLVersions TLSv1.3
|
TLSVersions -1.2
|
||||||
|
|
||||||
Channel rst
|
Channel rst
|
||||||
Far :st1:somebox
|
Far :st1:somebox
|
||||||
|
|
Loading…
Reference in New Issue
Block a user