diff options
Diffstat (limited to 'imap')
| -rw-r--r-- | imap/ChangeLog | 8 | ||||
| -rw-r--r-- | imap/imapd-ssl.dist.in | 41 | ||||
| -rw-r--r-- | imap/pop3d-ssl.dist.in | 39 |
3 files changed, 66 insertions, 22 deletions
diff --git a/imap/ChangeLog b/imap/ChangeLog index 910f62d..297b0cc 100644 --- a/imap/ChangeLog +++ b/imap/ChangeLog @@ -1,3 +1,11 @@ +2013-10-14 Sam Varshavchik <mrsam@courier-mta.com> + + * libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and + TLSv1_2 method(), based on patch by Rob Austein <sra@hactrn.net>. + + * pop3d-ssl.dist.in, imapd-ssl.dist.in: Fix up differences in the + documentation of TLS options in various config files. + 4.14.0 2013-07-04 Sam Varshavchik <mrsam@courier-mta.com> diff --git a/imap/imapd-ssl.dist.in b/imap/imapd-ssl.dist.in index 41df386..ac2f468 100644 --- a/imap/imapd-ssl.dist.in +++ b/imap/imapd-ssl.dist.in @@ -5,7 +5,7 @@ # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2008 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -106,6 +106,8 @@ COURIERTLS=@bindir@/couriertls ##NAME: TLS_PRIORITY:0 # +# GnuTLS setting only +# # Set TLS protocol priority settings (GnuTLS only) # # DEFAULT: NORMAL:-CTYPE-OPENPGP @@ -119,15 +121,42 @@ COURIERTLS=@bindir@/couriertls # OpenSSL: # # SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# SSL23 - all protocols (including TLS 1.x protocols) # TLS1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 +# +# Leave it unset to use any protocol except SSL 2. + +##NAME: TLS_CIPHER_LIST:0 +# +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined +# +# OpenSSL: +# +# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# +# GnuTLS: +# +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. +# Also, the following aliases: # -# DEFAULT VALUES: +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher # -# SSL23 +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_STARTTLS_PROTOCOL:0 # diff --git a/imap/pop3d-ssl.dist.in b/imap/pop3d-ssl.dist.in index e306226..81a395a 100644 --- a/imap/pop3d-ssl.dist.in +++ b/imap/pop3d-ssl.dist.in @@ -5,7 +5,7 @@ # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2008 Double Precision, Inc. See COPYING for +# Copyright 2000-2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -104,22 +104,12 @@ COURIERTLS=@bindir@/couriertls # OpenSSL: # # SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# SSL23 - all protocols (including TLS 1.x protocols) # TLS1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. -# -# SSL23 - -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS -# extension, as opposed to POP3 over SSL on port 995. -# -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL - -TLS_STARTTLS_PROTOCOL=TLS1 +# Leave it unset to use any protocol except SSL 2. ##NAME: TLS_CIPHER_LIST:0 # @@ -131,8 +121,25 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # +# GnuTLS: # - +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_MIN_DH_BITS:0 # |