offlineimap.conf: fix and improve documentation about TLS/SSL
ssl2 is not allowed by imaplib2. However, tls1_1 and tls1_2 might be available. Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
parent
8c9f63a9b5
commit
5783e8f777
@ -688,13 +688,20 @@ remotehost = examplehost
|
|||||||
#
|
#
|
||||||
# It is best to leave this unset, in which case the correct version will be
|
# It is best to leave this unset, in which case the correct version will be
|
||||||
# automatically detected. In rare cases, it may be necessary to specify a
|
# automatically detected. In rare cases, it may be necessary to specify a
|
||||||
# particular version from: tls1, ssl2, ssl3, ssl23.
|
# particular version from: tls1, tls1_1, tls_1_2, ssl3, ssl23.
|
||||||
#
|
#
|
||||||
# ssl23 is the highest protocol version that both the client and server support.
|
# tls1_1 and tls1_2 are available with OpenSSL since v1.0.1.
|
||||||
# Despite the name, this option can select “TLS” protocols as well as “SSL”.
|
|
||||||
#
|
#
|
||||||
# See the configuration option tls_level to automatically disable insecure
|
# ssl23 automatically selects the highest protocol version that both the client
|
||||||
# protocols.
|
# and server support. Despite the name, this option can select “TLS” protocols
|
||||||
|
# as well as “SSL”.
|
||||||
|
#
|
||||||
|
# Be aware that a MITM attack can consist in downgrading the protocol version
|
||||||
|
# which is used upon client/server agreement. So, they might fallback to the
|
||||||
|
# less secure available protocol. Hence, it is considered more safe to manually
|
||||||
|
# define the protocol version.
|
||||||
|
#
|
||||||
|
# See the configuration option tls_level to disable insecure protocols.
|
||||||
#
|
#
|
||||||
#ssl_version = ssl23
|
#ssl_version = ssl23
|
||||||
|
|
||||||
@ -704,11 +711,23 @@ remotehost = examplehost
|
|||||||
# TLS support level (optional).
|
# TLS support level (optional).
|
||||||
#
|
#
|
||||||
# Specify the level of support that should be allowed for this repository.
|
# Specify the level of support that should be allowed for this repository.
|
||||||
# Can be used to disallow insecure SSL versions as defined by IETF
|
# Can be used to enable insecure SSL versions as defined by imaplib2.
|
||||||
# (see https://tools.ietf.org/html/rfc6176).
|
# See, IETF https://tools.ietf.org/html/rfc6176 to know more.
|
||||||
#
|
#
|
||||||
# Supported values are:
|
# Supported values are:
|
||||||
# tls_secure, tls_no_ssl, tls_compat (the default).
|
# tls_secure, tls_no_ssl, tls_compat (default).
|
||||||
|
#
|
||||||
|
# Current mapping:
|
||||||
|
# - tls_secure:
|
||||||
|
# - tls1_1
|
||||||
|
# - tls1_2
|
||||||
|
# - tls_no_ssl:
|
||||||
|
# - all tls_secure
|
||||||
|
# - tls1 (less desirable than tls1_1 or higher)
|
||||||
|
# - tls_compat
|
||||||
|
# - all tls_no_ssl
|
||||||
|
# - ssl3 (less desirable than tls1)
|
||||||
|
# - ssl23 (can fallback up to ssl3)
|
||||||
#
|
#
|
||||||
#tls_level = tls_compat
|
#tls_level = tls_compat
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user