diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2021-08-27 01:16:48 +0200 |
---|---|---|
committer | Matthias Andree <matthias.andree@gmx.de> | 2021-08-27 01:16:48 +0200 |
commit | 452d2c59028b7aa9de9467826d62ff698848522f (patch) | |
tree | 0f12738b81ceb67d6a05451847b112423813a45a /README.SSL-SERVER | |
parent | 44431fed03e02e618d4b82c729822c605fbcb5d6 (diff) | |
download | fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.gz fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.tar.bz2 fetchmail-452d2c59028b7aa9de9467826d62ff698848522f.zip |
README.SSL-SERVER: require TLS 1.2/1.3
Diffstat (limited to 'README.SSL-SERVER')
-rw-r--r-- | README.SSL-SERVER | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/README.SSL-SERVER b/README.SSL-SERVER index 60a7d332..a5e07551 100644 --- a/README.SSL-SERVER +++ b/README.SSL-SERVER @@ -9,6 +9,11 @@ In order to let any mail client (not just fetchmail) verify server certificates properly, so that users can be sure their connection is not eavesdropped, there are several requirements that need to be fulfilled. +0. Provide modern TLS implementations: + + Make sure the server supports TLS 1.2 and 1.3. + Older versions are deprecated and may preclude modern clients. + 1. Match certificate and DNS names: The server certificate's "common name" or "subject alternative name" must |