offlineimap.conf: fix and improve documentation about TLS/SSL
ssl2 is not allowed by imaplib2. However, tls1_1 and tls1_2 might be available. Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Nicolas Sebrecht
parent
8c9f63a9b5
commit
5783e8f777
@ -688,13 +688,20 @@ remotehost = examplehost
|
||||
#
|
||||
# It is best to leave this unset, in which case the correct version will be
|
||||
# automatically detected. In rare cases, it may be necessary to specify a
|
||||
# particular version from: tls1, ssl2, ssl3, ssl23.
|
||||
# particular version from: tls1, tls1_1, tls_1_2, ssl3, ssl23.
|
||||
#
|
||||
# ssl23 is the highest protocol version that both the client and server support.
|
||||
# Despite the name, this option can select “TLS” protocols as well as “SSL”.
|
||||
# tls1_1 and tls1_2 are available with OpenSSL since v1.0.1.
|
||||
#
|
||||
# See the configuration option tls_level to automatically disable insecure
|
||||
# protocols.
|
||||
# ssl23 automatically selects the highest protocol version that both the client
|
||||
# and server support. Despite the name, this option can select “TLS” protocols
|
||||
# as well as “SSL”.
|
||||
#
|
||||
# Be aware that a MITM attack can consist in downgrading the protocol version
|
||||
# which is used upon client/server agreement. So, they might fallback to the
|
||||
# less secure available protocol. Hence, it is considered more safe to manually
|
||||
# define the protocol version.
|
||||
#
|
||||
# See the configuration option tls_level to disable insecure protocols.
|
||||
#
|
||||
#ssl_version = ssl23
|
||||
|
||||
@ -704,11 +711,23 @@ remotehost = examplehost
|
||||
# TLS support level (optional).
|
||||
#
|
||||
# Specify the level of support that should be allowed for this repository.
|
||||
# Can be used to disallow insecure SSL versions as defined by IETF
|
||||
# (see https://tools.ietf.org/html/rfc6176).
|
||||
# Can be used to enable insecure SSL versions as defined by imaplib2.
|
||||
# See, IETF https://tools.ietf.org/html/rfc6176 to know more.
|
||||
#
|
||||
# Supported values are:
|
||||
# tls_secure, tls_no_ssl, tls_compat (the default).
|
||||
# tls_secure, tls_no_ssl, tls_compat (default).
|
||||
#
|
||||
# Current mapping:
|
||||
# - tls_secure:
|
||||
# - tls1_1
|
||||
# - tls1_2
|
||||
# - tls_no_ssl:
|
||||
# - all tls_secure
|
||||
# - tls1 (less desirable than tls1_1 or higher)
|
||||
# - tls_compat
|
||||
# - all tls_no_ssl
|
||||
# - ssl3 (less desirable than tls1)
|
||||
# - ssl23 (can fallback up to ssl3)
|
||||
#
|
||||
#tls_level = tls_compat
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user