commit a7f1b8647562d3df8b1173c0140c145da9147a73
Author: Oswald Buddenhagen <o...@users.sf.net>
Date: Mon May 16 16:26:15 2022 +0200
disable TLS 1.0 & 1.1 by default
these were not reasonable defaults any more.
NEWS | 3 ++-
src/drv_imap.c | 2 +-
src/mbsync.1 | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index cbaee113..58383b84 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,8 @@ they are flagged on the source side.
Renamed the ReNew/--renew/-N options to Upgrade/--upgrade/-u
and Delete/--delete/-d to Gone/--gone/-g.
-Superseded SSLVersions option with TLSVersions.
+Superseded SSLVersions option with TLSVersions, and disabled TLS v1.0
+and v1.1 by default.
Made the Channel side to expire with MaxMessages configurable.
diff --git a/src/drv_imap.c b/src/drv_imap.c
index da988f63..4a9c669b 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -3711,7 +3711,7 @@ imap_parse_store( conffile_t *cfg, store_conf_t **storep )
server->sconf.timeout = 20000;
#ifdef HAVE_LIBSSL
server->ssl_type = -1;
- server->sconf.ssl_versions = TLSv1 | TLSv1_1 | TLSv1_2 | TLSv1_3;
+ server->sconf.ssl_versions = TLSv1_2 | TLSv1_3;
server->sconf.system_certs = 1;
#endif
server->max_in_progress = INT_MAX;
diff --git a/src/mbsync.1 b/src/mbsync.1
index 11bda41a..518f1109 100644
--- a/src/mbsync.1
+++ b/src/mbsync.1
@@ -419,7 +419,7 @@ Add/remove the specified TLS versions to/from the set of
acceptable choices.
Use old versions only when the server has problems with newer ones.
Note that new versions are automatically enabled as soon as OpenSSL supports
them, even if \fBmbsync\fR does not recognize them yet.
-(Default: All starting with 1.0).
+(Default: All starting with 1.2).
.
.TP
\fBSystemCertificates\fR \fByes\fR|\fBno\fR
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
