On Thu, 27 Jun 2019, Erik Kangas, Ph.D. wrote:
I have noticed that the c-client library itself, however, seems stuck on
TLS 1.0 and non-DH ciphers (I noticed that as we forced some servers to
use ONLY the DH and TLS 1.2+ and found that things using the compiled
c-client libraries could no longer connect to them.... where as anything
else can (openssl with startls, etc.).
Dear Erik,
I develop for Alpine, not c-client, but whenever I upgrade my version of
openssl and recompile Alpine I need to modify c-client so it will work
again. My code makes Alpine connect even with TLS 1.3, but in order to do
that you will need to get the ful code of Alpine from
http://repo.or.cz/alpine.git
and build Alpine using the "configure" script. I do not support building
the c-client library as a stand-alone library, so the "make" command in
the imap/ directory will not work, which means that you will have to run
the configure script, and if you only want the c-client side, stop the
compilation after all the servers have been built. Support is intended for
OpenSSL and LibreSSL, ut not for BoringSSL.
One of the additions in c-client is the ability for applications to speciy
the range of encryption protocols that the user wants to allow/disallow.
The default is t use the ones the library allows, but you can restrict it
to say, TLS 1.1 and TLS 1.2 only, if you would like and disable, say,
SSLv3.
I hope this helps you.
--
Eduardo
_______________________________________________
Imap-uw mailing list
[email protected]
http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
