On 2012-05-23 at 15:57 -0400, Phil Pennock wrote: > OpenSSL 1.0.1 introduced support for TLSv1.1 and TLSv1.2. These are not > used by mutt. This patch fixes that. > > Counter-intuitively, the OpenSSL folks have TLSv1_client_method() > negotiate *only* TLSv1.0, and SSLv23_client_method() remains the only > method which can negotiate different versions. This is true at least as > of 1.0.1c (the latest release at time of writing). > > The attached patch uses SSLv23_client_method() and SSL_CTX_set_options() > to then disable SSLv2 and SSLv3. > > This mail is sent with such a patched mutt, and you should thus see that > the initial Received: header uses the cipher: > TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256
Ping. The patch (and detached PGP signature from key in strong set) can be retrieved from: http://people.spodhuis.org/phil.pennock/software/mutt-patches/ and is "patch-mutt-tlssni.v1" -- that version differs from the posted version in also updating the PATCHES file, since it's put up as a third-party patch. It would be good to see official mutt able to use TLS v1.1 and v1.2. -Phil
