On Mo, 2011-08-01 at 21:12 +0200, [email protected] wrote: > So SSLVerifyHost = 0 is not the same as SSLVerifyPeer = 0 ? And what is with > SSLVerifyServer = 0 option ?
No, they are different. SSLVerifyHost disables less than SSLVerifyServer: $ syncevolution SSLVerifyServer=? SSLVerifyHost=? 'SSLVerifyServer=?' The client refuses to establish the connection unless the server presents a valid certificate. Disabling this option considerably reduces the security of SSL (man-in-the-middle attacks become possible) and is not recommended. 'SSLVerifyHost=?' The client refuses to establish the connection unless the server's certificate matches its host name. In cases where the certificate still seems to be valid it might make sense to disable this option and allow such connections. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ SyncEvolution mailing list [email protected] http://lists.syncevolution.org/listinfo/syncevolution
