diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2011-04-11 14:08:32 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2011-04-11 14:08:32 +0200 |
| commit | c22a3afca46c83ee6d53a6ee58deb122f309c460 (patch) | |
| tree | 7b91c2e12dcc8ca2253fc239761207e9ee6fabb0 /fetchmail.man | |
| parent | 4ab1f5f5f64505f46789c61a6e5a206f3c2ee83e (diff) | |
| download | fetchmail-c22a3afca46c83ee6d53a6ee58deb122f309c460.tar.gz fetchmail-c22a3afca46c83ee6d53a6ee58deb122f309c460.tar.bz2 fetchmail-c22a3afca46c83ee6d53a6ee58deb122f309c460.zip | |
Remove support for SSLv2 (fixes Debian Bug #622054).
SSLv2 has been deprecated since 1996, and is insecure.
Remove --sslproto SSL2 support.
Set SSL_OP_NO_SSLvSSL_CTX 2 option so that the SSLv23 multi-version
client no longer negotiates SSLv2.
Note that some distributions (such as Debian) build OpenSSL 1.0.0
without SSLv2 support, so on those, the build would fail.
Fixes Debian Bug #622054
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622054
Diffstat (limited to 'fetchmail.man')
| -rw-r--r-- | fetchmail.man | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fetchmail.man b/fetchmail.man index 495a60e3..69aa887f 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -474,8 +474,9 @@ Also see \-\-sslcert above. (Keyword: sslproto) .br Forces an SSL/TLS protocol. Possible values are \fB''\fP, -\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged -and should only be used as a last resort) \&'\fBSSL3\fP', and +\&'\fBSSL23\fP' (note however that fetchmail, since v6.3.20, prohibits +negotiation of SSLv2 -- it has been deprecated for 15 years and is +insecure), \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will opportunistically try STARTTLS negotiation with TLS1. You can configure |