From f827307079714ea97e483942b25e3f6ab37cde8d Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 4 Jan 2023 11:46:02 +0100 Subject: Bump TLS provider library requirements again. --- README.SSL | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'README.SSL') diff --git a/README.SSL b/README.SSL index bcc2070a..7f9055c1 100644 --- a/README.SSL +++ b/README.SSL @@ -21,7 +21,7 @@ below and in the manual). fetchmail 6.4.0 will auto-negotiate TLSv1 or newer only. -Fetchmail 6.4.35 supports OpenSSL 3.0.7 and 1.1.1s and WolfSSL 5.4.0 or newer. +Fetchmail 6.4.35 supports OpenSSL 3.0.7 and 1.1.1s and WolfSSL 5.5.3 or newer. Note that WolfSSL 5 is a bit less flexible about its trust store, see INSTALL chapter 2.1 for details. @@ -29,16 +29,16 @@ Note that many messages printed by fetchmail will print "OpenSSL" even if wolfSSL is being used. Reason is that fetchmail uses wolfSSL's OpenSSL compatibility layer and not the native wolfSSL API. - -- Matthias Andree, 2022-11-01 + -- Matthias Andree, 2023-01-04 Quickstart ---------- -Use an up-to-date release of OpenSSL v1.1.1 or v3.0 or wolfSSL 5.4 or +Use an up-to-date release of OpenSSL v1.1.1 or v3.0 or wolfSSL 5.5 or newer, so as to get TLSv1.3 support and latest fixes. Older OpenSSL versions are unsupported upstream, and fetchmail rejects versions before v1.0.2f and -warns about versions before v1.1.1. +warns about versions before v1.1.1q or 3.0.7. wolfSSL needs to be configured with --enable-opensslall --enable-harden, else some required OpenSSL APIs are missing, especially for SNI (server name -- cgit v1.2.3