From ab576dfc8a0ddad6ce8800f5cacfbe5b21cce087 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Fri, 26 Aug 2005 08:47:27 +0000 Subject: Add K6. How can I tell fetchmail not to try TLS if the server advertises it? svn path=/trunk/; revision=4266 --- fetchmail-FAQ.html | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'fetchmail-FAQ.html') diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index d8acb849..a0390528 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -121,6 +121,8 @@ methods: K3. How can I get fetchmail to work with ssh?
K4. What do I have to do to use the IMAP-GSS protocol?
K5. How can I use fetchmail with SSL?
+K6. How can I tell fetchmail not to try TLS if the server + advertises it?

Runtime fatal errors:

@@ -2227,6 +2229,25 @@ verified against the fingerprint given. If it's different, it may mean that a man-in-the-middle attack is in progress - or it might just mean that the server changed its key. It's up to you to determine which has happened.

+
+

K6. How can I tell fetchmail not to use TLS + if the server advertises it?

+ +

Some servers advertise STLS (POP3) or STARTTLS (IMAP), and fetchmail +will automatically attempt TLS negotiation if SSL was enabled at compile +time. This can however cause problems if the upstream didn't configure +his certificates properly.

+ +

In order to prevent fetchmail from trying TLS (STLS, STARTTLS) +negotiation, add this option:

+ +
sslproto ssl23
+ +

This restricts fetchmail's SSL/TLS protocol choice from the default +"SSLv2, SSLv3, TLSv1" to the two SSL variants, disabling TLSv1. Note +however that this causes the connection to be unencrypted unless an +encrypting "plugin" is used or SSL is requested explicitly.

+

R1. Fetchmail isn't working, and -v shows `SMTP connect failed' messages.

-- cgit v1.2.3