offlineimap.conf: fix and improve documentation about TLS/SSL

ssl2 is not allowed by imaplib2. However, tls1_1 and tls1_2 might be available.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Nicolas Sebrecht 2016-06-08 17:18:37 +02:00
parent 8c9f63a9b5
commit 5783e8f777

View File

@ -688,13 +688,20 @@ remotehost = examplehost
# #
# It is best to leave this unset, in which case the correct version will be # It is best to leave this unset, in which case the correct version will be
# automatically detected. In rare cases, it may be necessary to specify a # automatically detected. In rare cases, it may be necessary to specify a
# particular version from: tls1, ssl2, ssl3, ssl23. # particular version from: tls1, tls1_1, tls_1_2, ssl3, ssl23.
# #
# ssl23 is the highest protocol version that both the client and server support. # tls1_1 and tls1_2 are available with OpenSSL since v1.0.1.
# Despite the name, this option can select “TLS” protocols as well as “SSL”.
# #
# See the configuration option tls_level to automatically disable insecure # ssl23 automatically selects the highest protocol version that both the client
# protocols. # and server support. Despite the name, this option can select “TLS” protocols
# as well as “SSL”.
#
# Be aware that a MITM attack can consist in downgrading the protocol version
# which is used upon client/server agreement. So, they might fallback to the
# less secure available protocol. Hence, it is considered more safe to manually
# define the protocol version.
#
# See the configuration option tls_level to disable insecure protocols.
# #
#ssl_version = ssl23 #ssl_version = ssl23
@ -704,11 +711,23 @@ remotehost = examplehost
# TLS support level (optional). # TLS support level (optional).
# #
# Specify the level of support that should be allowed for this repository. # Specify the level of support that should be allowed for this repository.
# Can be used to disallow insecure SSL versions as defined by IETF # Can be used to enable insecure SSL versions as defined by imaplib2.
# (see https://tools.ietf.org/html/rfc6176). # See, IETF https://tools.ietf.org/html/rfc6176 to know more.
# #
# Supported values are: # Supported values are:
# tls_secure, tls_no_ssl, tls_compat (the default). # tls_secure, tls_no_ssl, tls_compat (default).
#
# Current mapping:
# - tls_secure:
# - tls1_1
# - tls1_2
# - tls_no_ssl:
# - all tls_secure
# - tls1 (less desirable than tls1_1 or higher)
# - tls_compat
# - all tls_no_ssl
# - ssl3 (less desirable than tls1)
# - ssl23 (can fallback up to ssl3)
# #
#tls_level = tls_compat #tls_level = tls_compat