Menu
▾
▴
Re: [fetchmail-users] fetchmail 6.3.6-rc4 release candidate
|
From: Matthias A. <mat...@gm...> - 2006-11-29 23:09:49
|
Jakob Hirsch <jh...@pl...> writes: > Quoting Matthias Andree: > >> 1. You did not ask for SSL, but you did probably not prohibit TLS >> either, so fetchmail will - that's its default - look if it has the >> opportunity to use TLS. Using 'sslproto ""' should defeat this CAPA >> probe. This goes along with <http://www.fetchmail.info/fetchmail-FAQ.html#K6> > > Ok, I get that. Setting sslproto to an empty string prevents CAPA, > indeed. But that wasn't necessary in rc3 (and AFAIR, many versions > before). Not that it bothers me much, I just wonder why this changed. That's actually a bug fix, but the necessary detail is missing from the NEWS file - I've just committed that information to SVN (rev. 4979). It wasn't necessary to suppress these with previous versions, because 6.3.6-rc3/6.3.5 and older were broken and didn't always probe when they should have. CAPA is a requisite for TLS, but these older versions only probe capabilities (which is a requisite for TLS) if you configure no specific authentication for a certain server (but let fetchmail guess), or configure GSSAPI, Kerberos V4, OTP or CRAM-MD5. (For some undocumented reason, Kerberos V5 hasn't been in this list, I presume that was an oversight.) -- Matthias Andree |
