diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2010-11-19 15:14:30 +0100 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2010-11-19 15:14:30 +0100 |
commit | 846ffbb938c7ecf6819a5c3b844adf306bf87f02 (patch) | |
tree | d147e254ca1870cc3b9e33685151dfcb5c9a4a0b | |
parent | d1a40cf7cefbffe5ae41612f60b176ad0fc59847 (diff) | |
download | fetchmail-846ffbb938c7ecf6819a5c3b844adf306bf87f02.tar.gz fetchmail-846ffbb938c7ecf6819a5c3b844adf306bf87f02.tar.bz2 fetchmail-846ffbb938c7ecf6819a5c3b844adf306bf87f02.zip |
Document Sunil's forced-STARTTLS change.
-rw-r--r-- | fetchmail.man | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/fetchmail.man b/fetchmail.man index 9ab9d97e..351c38c6 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -477,20 +477,22 @@ Forces an SSL/TLS protocol. Possible values are \fB''\fP, \&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged and should only be used as a last resort) \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for -connections without \-\-ssl, use \&'\fBTLS1\fP' that fetchmail will +connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will opportunistically try STARTTLS negotiation with TLS1. You can configure this option explicitly if the default handshake (TLS1 if \-\-ssl is not -used, does not work for your server. +used) does not work for your server. .IP Use this option with '\fBTLS1\fP' value to enforce a STARTTLS connection. In this mode, it is highly recommended to also use -\-\-sslcertck (see below). +\-\-sslcertck (see below). Note that this will then cause fetchmail +v6.3.19 to force STARTTLS negotiation even if it is not advertised by +the server. .IP To defeat opportunistic TLSv1 negotiation when the server advertises -STARTTLS or STLS, use \fB''\fP. This option, even if the argument is -the empty string, will also suppress the diagnostic 'SERVER: -opportunistic upgrade to TLS.' message in verbose mode. The default is -to try appropriate protocols depending on context. +STARTTLS or STLS, and use a cleartext connection use \fB''\fP. This +option, even if the argument is the empty string, will also suppress the +diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose +mode. The default is to try appropriate protocols depending on context. .TP .B \-\-sslcertck (Keyword: sslcertck) |