On Thu, Aug 31, 2017 at 11:03:24PM +0100, ael wrote: > On Thu, Aug 31, 2017 at 09:49:52PM +0300, Ilias Tsitsimpis wrote: > > Hi ael, Nicolas, > > > > On Thu, Aug 31, 2017 at 06:01PM, Nicolas Sebrecht wrote: > > > If we need to update offlineimap, I'm in favour to support this. > > > However, it is all Debian specific so this might better be done in > > > Debian. I don't know, I need to see more. Also, I'm not sure imaplib2 > > > would need to be updated, too. > > > > I have replied in the bug report: > > https://bugs.debian.org/873824 > > > > In a nutshell, offlineimap already supports the `ssl_version` > > configuration parameter, and setting it to an appropriate value (i.e., > > tls1_1) should do the trick. I couldn't test this though, so I am > > waiting for ael to comment here.
The comment is not clear enough: "Instead of completly disabling TLS 1.0 and 1.1, just set the minimum version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version()" It's not explained how to call these functions. If this means that the client must call new API entries, we are stuck. I hope it's possible to re-enable the "deprecated" protocols only by requesting one explicitely as expected. > Will do ASAP - both here & in the bug report. > > I have to 1) get the particular machine configured properly, > 2) refresh my memory about the config options; and 3) recall the > opennssl magic testing tool to see which protocols are in use on > a couple of servers. > > Should be in a day or so. Thank you ael. > It sounds as if all should work, but it will > need documenting so that new users know what to do when they get > failures. I agree. I think the official website should be easy enough to contribute to. ,-) -- Nicolas Sebrecht _______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
