aboutsummaryrefslogtreecommitdiffstats
path: root/README.SSL-SERVER
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2021-08-27 01:16:48 +0200
committerMatthias Andree <matthias.andree@gmx.de>2021-08-27 01:16:48 +0200
commit452d2c59028b7aa9de9467826d62ff698848522f (patch)
tree0f12738b81ceb67d6a05451847b112423813a45a /README.SSL-SERVER
parent44431fed03e02e618d4b82c729822c605fbcb5d6 (diff)
downloadfetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.gz
fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.bz2
fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.zip
README.SSL-SERVER: require TLS 1.2/1.3
Diffstat (limited to 'README.SSL-SERVER')
-rw-r--r--README.SSL-SERVER5
1 files changed, 5 insertions, 0 deletions
diff --git a/README.SSL-SERVER b/README.SSL-SERVER
index 60a7d332..a5e07551 100644
--- a/README.SSL-SERVER
+++ b/README.SSL-SERVER
@@ -9,6 +9,11 @@ In order to let any mail client (not just fetchmail) verify server certificates
properly, so that users can be sure their connection is not eavesdropped, there
are several requirements that need to be fulfilled.
+0. Provide modern TLS implementations:
+
+ Make sure the server supports TLS 1.2 and 1.3.
+ Older versions are deprecated and may preclude modern clients.
+
1. Match certificate and DNS names:
The server certificate's "common name" or "subject alternative name" must