fetchmail-users

[fetchmail-users] Fetchmail

[jader f. <jad...@gm...>]

Hello!
I am developing a solution that it use fetchmail, and I have a doubt.
How can I specify to fetchmail uses tls1.1 or tls1.2?

I did not find how i can do this.

Thanks.

Re: [fetchmail-users] Fetchmail

[Heinz D. <ht...@fa...>]

On 02.05.2014, jader fabiano wrote: 

> I am developing a solution that it use fetchmail, and I have a doubt.
> How can I specify to fetchmail uses tls1.1 or tls1.2?

Interesting question. In my case, specifying "--sslproto TLSv1"
results in tlsv1 being used, as expected, although the server offers
tlsv1.2. With "SSL3", however, wireshark shows med that I have a
tlsv1.2 connection..



  

Re: [fetchmail-users] Fetchmail

[Rob M. <rob...@gm...>]

On Fri, May 2, 2014 at 2:36 PM, jader fabiano <jad...@gm...> wrote:
> Hello!
> I am developing a solution that it use fetchmail, and I have a doubt.
> How can I specify to fetchmail uses tls1.1 or tls1.2?
>
> I did not find how i can do this.

Quoting the man page online on the SSL mode:

> Selects an SSL/TLS protocol version. Possible values are ’AUTO’, ’SSL3’,
> and ’TLS1’. AUTO lets fetchmail autonegotiate any supported version
> except SSLv2 (Fetchmail, since v7.0.0, prohibits negotiation of SSLv2 --
> it has been deprecated for 15 years and is insecure). ’SSL3’ and ’TLS1’
> explicitly select SSL v3 or TLS v1.0, respectively. Note that OpenSSL, as
> of version 1.0.X, only supports TLS v1.0, but not v1.1 or newer.

Also - be warned that this list will be going away any day now due to
changes at Berlios.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] Fetchmail

[jader f. <jad...@gm...>]

Openssl has support to Tlsv1.1 and Tlsv1.2 in the version 1.0.1g


2014-05-02 12:12 GMT-03:00 Rob MacGregor <rob...@gm...>:

> On Fri, May 2, 2014 at 2:36 PM, jader fabiano <jad...@gm...> wrote:
> > Hello!
> > I am developing a solution that it use fetchmail, and I have a doubt.
> > How can I specify to fetchmail uses tls1.1 or tls1.2?
> >
> > I did not find how i can do this.
>
> Quoting the man page online on the SSL mode:
>
> > Selects an SSL/TLS protocol version. Possible values are 'AUTO', 'SSL3',
> > and 'TLS1'. AUTO lets fetchmail autonegotiate any supported version
> > except SSLv2 (Fetchmail, since v7.0.0, prohibits negotiation of SSLv2 --
> > it has been deprecated for 15 years and is insecure). 'SSL3' and 'TLS1'
> > explicitly select SSL v3 or TLS v1.0, respectively. Note that OpenSSL, as
> > of version 1.0.X, only supports TLS v1.0, but not v1.1 or newer.
>
> Also - be warned that this list will be going away any day now due to
> changes at Berlios.
>
> --
>                  Please keep list traffic on the list.
>
> Rob MacGregor
>       Whoever fights monsters should see to it that in the process he
>         doesn't become a monster.                  Friedrich Nietzsche
>

Re: [fetchmail-users] Fetchmail

[Matthias A. <mat...@gm...>]

Am 02.05.2014 15:36, schrieb jader fabiano:
> Hello!
> I am developing a solution that it use fetchmail, and I have a doubt.
> How can I specify to fetchmail uses tls1.1 or tls1.2?
> 
> I did not find how i can do this.

That's because the code has not yet been written, and OpenSSL has gained
TLSv1.1 and 1.2 support only recently.

We should have such code in fetchmail 7.0 once it's ready (and it is not
on any schedule right now), but such code has not yet been written.