TLS overhaul, bumping version to 6.4

Removes SSLv2, enables TLSv1.1 and v1.2 more easily,
permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS.
Only negotiates TLSv1 and newer by default, SSLv3 must now be specified
explicitly, as a consequence of the POODLE attack.

This is meant to be a minimally upgraded version, and cannot be usefully
done as a 6.3.X release.

It is strongly recommended that users review their configuration -
especially --sslproto - per instructions in the NEWS file and manual
page.  It has changed semantics and in many cases --sslproto auto or
perhaps --sslproto tls1.2+ should be used now.

1 files changed, 0 insertions, 35 deletions

diff --git a/tls.c b/tls.c
deleted file mode 100644
index c66a4f55..00000000
--- a/tls.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/** \file tls.c - collect common TLS functionality 
- * \author Matthias Andree
- * \date 2006
- */
-
-#include "fetchmail.h"
-
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-/** return true if user allowed TLS */
-int maybe_tls(struct query *ctl) {
-#ifdef SSL_ENABLE
-         /* opportunistic  or forced TLS */
-    return (!ctl->sslproto || !strcasecmp(ctl->sslproto,"tls1"))
-	&& !ctl->use_ssl;
-#else
-    (void)ctl;
-    return 0;
-#endif
-}
-
-/** return true if user requires TLS, note though that this code must
- * always use a logical AND with maybe_tls(). */
-int must_tls(struct query *ctl) {
-#ifdef SSL_ENABLE
-    return maybe_tls(ctl)
-	&& (ctl->sslfingerprint || ctl->sslcertck
-		|| (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1")));
-#else
-    (void)ctl;
-    return 0;
-#endif
-}