On Wed, Sep 06, 2017 at 06:38:06PM +0300, Ilias Tsitsimpis wrote: > > Glad it worked out! > > > I do find the documentation about the tls/ssl options in > > /usr/share/doc/offlineimap/examples/offlineimap.conf.gz > > pretty confusing, and had tried various configurations that I thought > > should have worked. > > The documentation reads: > > Set SSL version to use (optional). > > It is best to leave this unset, in which case the correct version will be `> automatically detected. In rare cases, it may be necessary to specify a > particular version from: tls1, tls1_1, tls1_2, ssl3, ssl23. >
Well, the statement that the "correct" version will be automatically detected is misleading in the present case? The "rare" cases probably need a bit more explanation. How would a non-expert realise what they need to do and which option needs changing? I also found the large number of ssl/tls options and how they interact confusing. This is probably because I only have a sketchy grasp of the details of ssl/tls protocols. I will try to find time to look at the file again to highlight where I was unclear. I didn't want to make suggestions about changes myself, precisely because I felt unsure and because of the risks of misdocumenting security critical features. Thanks for your work on offlineimap. ael
