From a7917f7d66b7fc781770ba7fd7d09b07d0f920f8 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 29 Mar 2021 14:51:32 +0200 Subject: Update K6 again and format in tags. --- fetchmail-FAQ.html | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 899bdb07..fb83d79b 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -2154,7 +2154,9 @@ poll pop3.example.com proto pop3 uidl no dns self-signed certificate), then this certificate validation will always fail.

-

Certificate verification is always attempted. If it fails, since v6.4.0, by default the connection aborts (6.3 and older would carry on after printing a warning). +

Certificate verification is always attempted. If it fails, since v6.4.0, +by default the connection aborts (6.3 and older would carry on after printing +a warning, unless --sslcertck was in effect). If your server doesn't have a valid certificate though (e.g. it has a self-signed certificate) then it will never verify, and the only way @@ -2193,9 +2195,10 @@ his certificates properly.

In some situations, the server does not offer STARTTLS or STLS, but it would offer a TLS-wrapped operation on a dedicated, separate port. -In such a situation, adding ssl to the rcfile (or --ssl on the command line) is -all there is to it. Fetchmail will use the "other" default port for the "secure" -service.

+In such a situation, adding ssl to the rcfile +(or --ssl on the command line) is all there is to it. +Fetchmail will use the default port for the "secure" +service and negotiate TLS or SSL right away.

In order to prevent fetchmail 6.4.0 and newer versions from trying STLS or STARTTLS negotiation, and only as a last resort because it exposes -- cgit v1.2.3