aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.SSL-SERVER5
1 files changed, 5 insertions, 0 deletions
diff --git a/README.SSL-SERVER b/README.SSL-SERVER
index 60a7d332..a5e07551 100644
--- a/README.SSL-SERVER
+++ b/README.SSL-SERVER
@@ -9,6 +9,11 @@ In order to let any mail client (not just fetchmail) verify server certificates
properly, so that users can be sure their connection is not eavesdropped, there
are several requirements that need to be fulfilled.
+0. Provide modern TLS implementations:
+
+ Make sure the server supports TLS 1.2 and 1.3.
+ Older versions are deprecated and may preclude modern clients.
+
1. Match certificate and DNS names:
The server certificate's "common name" or "subject alternative name" must