Jakob Bohm writes:
On 25/07/2017 03:17, Sam Varshavchik wrote:Download: http://www.courier-mta.org/download.htmlNew development build of Courier is available. The major change is a top-to- bottom rewrite of the SMTP client, and a new mail filter (making use of the rewritten SMTP client). The SMTP client rewrite will result in a (several) version change bump, down the road.The OpenSSL 1.1.0 change is also in the courier-imap package, and the maildrop change in the maildrop package.Changes:- OpenSSL 1.1.0 update. Custom protocol level format selection has been deprecated. The TLS_PROTOCOL setting is removed from all configuration files, and the latest supported TLS version will always be used. No changes to the GnuTLS alternative option.Is there (still?) a setting to configure the oldest TLS version to accept (e.g. to accept or reject TLS 1.0 depending if that is needed by any of the authorized clients)?
The *method() OpenSSL API calls that were directly controlled by this TLS_PROTOCOL setting are marked as deprecated in OpenSSL 1.0. Using them generates a compiler warning, and they're going to be gone at some point. There was no point in still using them, as the next major/minor/whatever update to OpenSSL will remove them completely from the API.
Have you included the (separate from the cipher priority list) ability to set OpenSSL options from the courier configuration (this is a common omission, I don't remember if courier is one of the affected programs). Note that for OpenSSL, this would automatically include the ability to set the minimum TLS version, but that might not be true for GnuTLS, and the syntax would certainly differ.
Hmmm. That's a good point. Looks like those options were tied into the TLS_PROTOCOL setting; they all used the sole remaining protocol method selector; but also added the specific option setting. Yeah, I did remove all of that too, but looks like I'll need to bring it back.
pgp3zCL2Nsywh.pgp
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
