libinterimap: deprecate SSL_protocols and introduce SSL_protocol_{min,max}.

Using the libssl interface simplifies our protocol black/whitelist
greatly; this only allows simple min/max bounds, but holes are arguably
not very useful here.

Using the new settings bumps the required libssl version to 1.1.0.

1 files changed, 7 insertions, 1 deletions

diff --git a/Changelog b/Changelog
index 01e272c..c2f60dc 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,11 @@ interimap (0.5.5) upstream;
    Buster (OpenSSL 1.1.1) this does not make a difference, however using
    the system default provides better compatibility with future libssl
    versions.
+ * libinterimap: deprecate SSL_protocols, obsoleted by new settings
+   SSL_protocol_{min,max}.  Using the libssl interface simplifies our
+   protocol black/whilelist greatly; this only allows simple min/max
+   bounds, but holes are arguably not very useful here.  Using the new
+   settings bumps the required libssl version to 1.1.0.
  - libinterimap: make $OPENSSL_VERSION global.
  - libinterimap: use Net::SSLeay::get_version() to get the protocol
    version string.
@@ -24,7 +29,8 @@ interimap (0.5.4) upstream;
    Subject Alternative Name (SAN) or Subject CommonName (CN) matches the
    hostname or IP literal specified by the 'host' option.  Previously it
    was only checking the chain of trust.  This bumps the minimum
-   Net::SSLeay version to 1.83 and OpenSSL version to 1.0.2.
+   Net::SSLeay version to 1.83 and OpenSSL version to 1.0.2 (when
+   SSL_verify is used).
  * libinterimap: add support for the TLS SNI (Server Name Indication)
    extension, controlled by the new 'SSL_hostname' option.  The default
    value of that option is the value of the 'host' option when it is