[pkg-fetchmail-maint] Bug#768843: fetchmail: Improved TLS support
Kurt Roeckx
kurt at roeckx.be
Tue Nov 11 08:56:36 UTC 2014
On Tue, Nov 11, 2014 at 12:49:56AM +0100, Kurt Roeckx wrote:
> > Please have a look at the current state of fetchmail's "master" (note:
> > it is non-default, so you'll need to "git checkout master" after
> > cloning) branch in Git, either here
> > <https://gitorious.org/fetchmail/fetchmail/source/master:> or here:
> > <http://sourceforge.net/p/fetchmail/git/ci/master/tree/>
>
> I'll try to take a look at this tomorrow.
At first look this all looks sane. I just have a few minor
comments:
- The manpage still talks about using --sslproto "TLS1" to enforce
STARTTLS in the "Secure Socket Layers (SSL) and Transport Layer
Security (TLS)" section.
- README.SSL isn't updated
- Please avoid using things like TLSv1_2_client_method() and just
disable all lower protocol verions in that case.
- I couldn't help but see:
const char *default_ciphers = "ALL:!EXPORT:!LOW:+RC4:@STRENGTH";
That enables a whole bunch of ciphers you don't want, including
anoymous ciphers.
Kurt
More information about the pkg-fetchmail-maint
mailing list