aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2010-11-19 15:14:30 +0100
committerMatthias Andree <matthias.andree@gmx.de>2010-11-19 15:14:30 +0100
commit846ffbb938c7ecf6819a5c3b844adf306bf87f02 (patch)
treed147e254ca1870cc3b9e33685151dfcb5c9a4a0b
parentd1a40cf7cefbffe5ae41612f60b176ad0fc59847 (diff)
downloadfetchmail-846ffbb938c7ecf6819a5c3b844adf306bf87f02.tar.gz
fetchmail-846ffbb938c7ecf6819a5c3b844adf306bf87f02.tar.bz2
fetchmail-846ffbb938c7ecf6819a5c3b844adf306bf87f02.zip
Document Sunil's forced-STARTTLS change.
-rw-r--r--fetchmail.man16
1 files changed, 9 insertions, 7 deletions
diff --git a/fetchmail.man b/fetchmail.man
index 9ab9d97e..351c38c6 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -477,20 +477,22 @@ Forces an SSL/TLS protocol. Possible values are \fB''\fP,
\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged
and should only be used as a last resort) \&'\fBSSL3\fP', and
\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for
-connections without \-\-ssl, use \&'\fBTLS1\fP' that fetchmail will
+connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
opportunistically try STARTTLS negotiation with TLS1. You can configure
this option explicitly if the default handshake (TLS1 if \-\-ssl is not
-used, does not work for your server.
+used) does not work for your server.
.IP
Use this option with '\fBTLS1\fP' value to enforce a STARTTLS
connection. In this mode, it is highly recommended to also use
-\-\-sslcertck (see below).
+\-\-sslcertck (see below). Note that this will then cause fetchmail
+v6.3.19 to force STARTTLS negotiation even if it is not advertised by
+the server.
.IP
To defeat opportunistic TLSv1 negotiation when the server advertises
-STARTTLS or STLS, use \fB''\fP. This option, even if the argument is
-the empty string, will also suppress the diagnostic 'SERVER:
-opportunistic upgrade to TLS.' message in verbose mode. The default is
-to try appropriate protocols depending on context.
+STARTTLS or STLS, and use a cleartext connection use \fB''\fP. This
+option, even if the argument is the empty string, will also suppress the
+diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose
+mode. The default is to try appropriate protocols depending on context.
.TP
.B \-\-sslcertck
(Keyword: sslcertck)