diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2021-09-13 22:43:34 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2021-09-13 23:00:47 +0200 |
| commit | 8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9 (patch) | |
| tree | 22824f825892beffc8a046d6b631a1587f59afd4 /README.SSL | |
| parent | fded2be1a60cacde4459f1b7193dfb803d9c3605 (diff) | |
| download | fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.tar.gz fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.tar.bz2 fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.zip | |
Note OpenSSL 3.0.0 support and licensing change.
While here, rearrange COPYING a little bit and add a few paragraphs.
Zeilen,
Diffstat (limited to 'README.SSL')
| -rw-r--r-- | README.SSL | 27 |
1 files changed, 14 insertions, 13 deletions
@@ -12,30 +12,31 @@ setup. In case of troubles, mail the README.SSL-SERVER file to your ISP and have them check their server configuration against it. -Note that fetchmail up to version 6.3.26 confused SSL/TLS protocol levels with -whether a service needs to use in-band negotiation (STLS/STARTTLS for -POP3/IMAP4) or is totally SSL-wrapped on a separate port. +Note that fetchmail up to version 6.3.26 used to confuse SSL/TLS protocol +levels with whether a service needs to use in-band negotiation (STLS/STARTTLS +for POP3/IMAP4) or is totally SSL-wrapped ("Implicit TLS") on a separate port. +Fetchmail 6.4 seeks to fix that to some extent without breaking the +command-line and rcfile interfaces too much (see --ssl and --sslproto options, +below and in the manual). -Also, fetchmail 6.4.0 and newer releases changed some of the semantics -as the result of a bug-fix, and will auto-negotiate TLSv1 or newer only. +fetchmail 6.4.0 will auto-negotiate TLSv1 or newer only. -Finally, due to other defaults changing, and several mail services not -supporting in-band negotiation of SSL or TLS by means of STLS or STARTTLS, -you may need to add ssl or --ssl to your configuration. +Fetchmail 6.4.22 supports OpenSSL 3.0.0 and 1.1.1. - -- Matthias Andree, 2021-03-29 + -- Matthias Andree, 2021-09-09 Quickstart ---------- -Use an up-to-date release of OpenSSL v1.1.1 or newer, so as to get +Use an up-to-date release of OpenSSL v1.1.1 or v3.0.0 or newer, so as to get TLSv1.3 support. Older OpenSSL versions are unsupported upstream, and -fetchmail rejects versions before v1.0.2 and warns about versions before v1.1.1. +fetchmail rejects versions before v1.0.2 and warns about versions before +v1.1.1. In all four examples below, the (--)sslcertck has become redundant -since fetchmail v6.4.0 but since fetchmail 6.3 releases will be in circulation -for a while, we'll leave it here to be safe. +since fetchmail v6.4.0, but since fetchmail 6.3 releases will be in circulation +for too long, (--)sslcertck will remain in the examples below for now. For use of SSL or TLS on a separate port (recommended), called Implicit TLS, the whole TCP connection is SSL-encrypted from the very beginning (SSL- or |