imapserver: add a tls_level option

Allow the user to block usage of known-bad versions of SSL and TLS. Signed-off-by: Ben Boeckel <mathstuf@gmail.com> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-08-24 23:32:00 -04:00
parent 9bb27de375
commit f03afcd224
3 changed files with 16 additions and 0 deletions
--- a/offlineimap.conf
+++ b/offlineimap.conf
@ -646,6 +646,17 @@ remotehost = examplehost
 #ssl_version = ssl23


+# This option stands in the [Repository RemoteExample] section.
+#
+# TLS support level (optional).
+#
+# Specify the level of support that should be allowed for this repository.
+# Can be used to disallow insecure SSL versions. Supported values are:
+# tls_secure, tls_no_ssl, tls_compat (the default).
+#
+#tls_level = tls_compat
+
+
 # This option stands in the [Repository RemoteExample] section.
 #
 # Specify the port.  If not specified, use a default port.