aboutsummaryrefslogtreecommitdiffstats
path: root/README.SSL
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2021-09-13 22:43:34 +0200
committerMatthias Andree <matthias.andree@gmx.de>2021-09-13 23:00:47 +0200
commit8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9 (patch)
tree22824f825892beffc8a046d6b631a1587f59afd4 /README.SSL
parentfded2be1a60cacde4459f1b7193dfb803d9c3605 (diff)
downloadfetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.tar.gz
fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.tar.bz2
fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.zip
Note OpenSSL 3.0.0 support and licensing change.
While here, rearrange COPYING a little bit and add a few paragraphs. Zeilen,
Diffstat (limited to 'README.SSL')
-rw-r--r--README.SSL27
1 files changed, 14 insertions, 13 deletions
diff --git a/README.SSL b/README.SSL
index cf07d05e..425f574e 100644
--- a/README.SSL
+++ b/README.SSL
@@ -12,30 +12,31 @@ setup.
In case of troubles, mail the README.SSL-SERVER file to your ISP and
have them check their server configuration against it.
-Note that fetchmail up to version 6.3.26 confused SSL/TLS protocol levels with
-whether a service needs to use in-band negotiation (STLS/STARTTLS for
-POP3/IMAP4) or is totally SSL-wrapped on a separate port.
+Note that fetchmail up to version 6.3.26 used to confuse SSL/TLS protocol
+levels with whether a service needs to use in-band negotiation (STLS/STARTTLS
+for POP3/IMAP4) or is totally SSL-wrapped ("Implicit TLS") on a separate port.
+Fetchmail 6.4 seeks to fix that to some extent without breaking the
+command-line and rcfile interfaces too much (see --ssl and --sslproto options,
+below and in the manual).
-Also, fetchmail 6.4.0 and newer releases changed some of the semantics
-as the result of a bug-fix, and will auto-negotiate TLSv1 or newer only.
+fetchmail 6.4.0 will auto-negotiate TLSv1 or newer only.
-Finally, due to other defaults changing, and several mail services not
-supporting in-band negotiation of SSL or TLS by means of STLS or STARTTLS,
-you may need to add ssl or --ssl to your configuration.
+Fetchmail 6.4.22 supports OpenSSL 3.0.0 and 1.1.1.
- -- Matthias Andree, 2021-03-29
+ -- Matthias Andree, 2021-09-09
Quickstart
----------
-Use an up-to-date release of OpenSSL v1.1.1 or newer, so as to get
+Use an up-to-date release of OpenSSL v1.1.1 or v3.0.0 or newer, so as to get
TLSv1.3 support. Older OpenSSL versions are unsupported upstream, and
-fetchmail rejects versions before v1.0.2 and warns about versions before v1.1.1.
+fetchmail rejects versions before v1.0.2 and warns about versions before
+v1.1.1.
In all four examples below, the (--)sslcertck has become redundant
-since fetchmail v6.4.0 but since fetchmail 6.3 releases will be in circulation
-for a while, we'll leave it here to be safe.
+since fetchmail v6.4.0, but since fetchmail 6.3 releases will be in circulation
+for too long, (--)sslcertck will remain in the examples below for now.
For use of SSL or TLS on a separate port (recommended), called Implicit TLS,
the whole TCP connection is SSL-encrypted from the very beginning (SSL- or