README.SSL-SERVER: require TLS 1.2/1.3

author: Matthias Andree <matthias.andree@gmx.de> 2021-08-27 01:16:48 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2021-08-27 01:16:48 +0200
commit: 452d2c59028b7aa9de9467826d62ff698848522f (patch)
tree: 0f12738b81ceb67d6a05451847b112423813a45a
parent: 44431fed03e02e618d4b82c729822c605fbcb5d6 (diff)
download: fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.gz
fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.bz2
fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/README.SSL-SERVER b/README.SSL-SERVER
index 60a7d332..a5e07551 100644
--- a/README.SSL-SERVER
+++ b/README.SSL-SERVER
@@ -9,6 +9,11 @@ In order to let any mail client (not just fetchmail) verify server certificates
 properly, so that users can be sure their connection is not eavesdropped, there 
 are several requirements that need to be fulfilled.
 
+0. Provide modern TLS implementations:
+
+   Make sure the server supports TLS 1.2 and 1.3.
+   Older versions are deprecated and may preclude modern clients.
+
 1. Match certificate and DNS names:
 
    The server certificate's "common name" or "subject alternative name" must
author	Matthias Andree <matthias.andree@gmx.de>	2021-08-27 01:16:48 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2021-08-27 01:16:48 +0200
commit	452d2c59028b7aa9de9467826d62ff698848522f (patch)
tree	0f12738b81ceb67d6a05451847b112423813a45a
parent	44431fed03e02e618d4b82c729822c605fbcb5d6 (diff)
download	fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.gz fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.bz2 fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.zip