From a7917f7d66b7fc781770ba7fd7d09b07d0f920f8 Mon Sep 17 00:00:00 2001
From: Matthias Andree tags.
---
fetchmail-FAQ.html | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html
index 899bdb07..fb83d79b 100644
--- a/fetchmail-FAQ.html
+++ b/fetchmail-FAQ.html
@@ -2154,7 +2154,9 @@ poll pop3.example.com proto pop3 uidl no dns
self-signed certificate), then this certificate validation will always
fail.
Certificate verification is always attempted. If it fails, since v6.4.0, by default the connection aborts (6.3 and older would carry on after printing a warning). +
Certificate verification is always attempted. If it fails, since v6.4.0,
+by default the connection aborts (6.3 and older would carry on after printing
+a warning, unless --sslcertck
was in effect).
If your server doesn't have a valid certificate though (e.g. it
has a self-signed certificate) then it will never verify, and the only way
@@ -2193,9 +2195,10 @@ his certificates properly.
In some situations, the server does not offer STARTTLS or STLS, but it would offer a TLS-wrapped operation on a dedicated, separate port. -In such a situation, adding ssl to the rcfile (or --ssl on the command line) is -all there is to it. Fetchmail will use the "other" default port for the "secure" -service.
+In such a situation, addingssl
to the rcfile
+(or --ssl
on the command line) is all there is to it.
+Fetchmail will use the default port for the "secure"
+service and negotiate TLS or SSL right away.
In order to prevent fetchmail 6.4.0 and newer versions from trying STLS or STARTTLS negotiation, and only as a last resort because it exposes -- cgit v1.2.3