From 846ffbb938c7ecf6819a5c3b844adf306bf87f02 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Fri, 19 Nov 2010 15:14:30 +0100 Subject: Document Sunil's forced-STARTTLS change. --- fetchmail.man | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/fetchmail.man b/fetchmail.man index 9ab9d97e..351c38c6 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -477,20 +477,22 @@ Forces an SSL/TLS protocol. Possible values are \fB''\fP, \&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged and should only be used as a last resort) \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for -connections without \-\-ssl, use \&'\fBTLS1\fP' that fetchmail will +connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will opportunistically try STARTTLS negotiation with TLS1. You can configure this option explicitly if the default handshake (TLS1 if \-\-ssl is not -used, does not work for your server. +used) does not work for your server. .IP Use this option with '\fBTLS1\fP' value to enforce a STARTTLS connection. In this mode, it is highly recommended to also use -\-\-sslcertck (see below). +\-\-sslcertck (see below). Note that this will then cause fetchmail +v6.3.19 to force STARTTLS negotiation even if it is not advertised by +the server. .IP To defeat opportunistic TLSv1 negotiation when the server advertises -STARTTLS or STLS, use \fB''\fP. This option, even if the argument is -the empty string, will also suppress the diagnostic 'SERVER: -opportunistic upgrade to TLS.' message in verbose mode. The default is -to try appropriate protocols depending on context. +STARTTLS or STLS, and use a cleartext connection use \fB''\fP. This +option, even if the argument is the empty string, will also suppress the +diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose +mode. The default is to try appropriate protocols depending on context. .TP .B \-\-sslcertck (Keyword: sslcertck) -- cgit v1.2.3