From ffbe69a5caa0cd3738e93d0a195c12f03dd452a0 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 26 May 2016 11:18:53 +0200 Subject: Fix a few inconsistencies. --- NEWS | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 44e02b21..e02a7f0c 100644 --- a/NEWS +++ b/NEWS @@ -69,17 +69,18 @@ fetchmail-6.4.0 (not yet released): TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with STARTTLS). If the OpenSSL version used at build and run-time supports these versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3. - Doing so is discouraged because these SSLv3 protocol is broken. + Doing so is discouraged because the SSLv3 protocol is broken. Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug #768843. While this change is supposed to be compatible with common configurations, - users are advised to change all explicit --sslproto ssl2, --sslproto - ssl3, --sslproto tls1 to --sslproto auto, so that they can enable TLSv1.1 and - TLSv1.2 on systems with OpenSSL 1.0.1 or newer. + users may have to and are advised to change all explicit --sslproto ssl2 + (change to newer protocols required), --sslproto ssl3, --sslproto tls1 to + --sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where + supported by the server. The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1, - tls1.1+, tls1.2, tls1.2+ (case insensitively). + tls1.1+, tls1.2, tls1.2+ (case insensitively), see CHANGES below for details. * Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to override this has been added, but may be removed in future fetchmail versions -- cgit v1.2.3