[pkg-fetchmail-maint] Bug#768843: fetchmail: Improved TLS support

Kurt Roeckx kurt at roeckx.be
Tue Nov 11 08:56:36 UTC 2014


On Tue, Nov 11, 2014 at 12:49:56AM +0100, Kurt Roeckx wrote:
> > Please have a look at the current state of fetchmail's "master" (note:
> > it is non-default, so you'll need to "git checkout master" after
> > cloning) branch in Git, either here
> > <https://gitorious.org/fetchmail/fetchmail/source/master:> or here:
> > <http://sourceforge.net/p/fetchmail/git/ci/master/tree/>
> 
> I'll try to take a look at this tomorrow.

At first look this all looks sane.  I just have a few minor
comments:
- The manpage still talks about using --sslproto "TLS1" to enforce
  STARTTLS in the "Secure Socket Layers (SSL) and Transport Layer
  Security (TLS)" section.
- README.SSL isn't updated
- Please avoid using things like TLSv1_2_client_method() and just
  disable all lower protocol verions in that case.
- I couldn't help but see:
  const char *default_ciphers = "ALL:!EXPORT:!LOW:+RC4:@STRENGTH";
  That enables a whole bunch of ciphers you don't want, including
  anoymous ciphers.


Kurt



More information about the pkg-fetchmail-maint mailing list