diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2015-09-14 03:23:17 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-09-14 03:23:17 +0200 |
commit | 602306a7eb8bdddbc157130e8abe49eeab6f1ebc (patch) | |
tree | 6f4cfcd27541a4193fddcd51c1676687057780a9 /interimap.1 | |
parent | 77753445ddc78013159a6d44301a1b342af4a2d1 (diff) | |
parent | c8fb54897f046a5a3fb4c1d45dc21fd8bcd882e3 (diff) |
Merge branch 'master' into debian
Diffstat (limited to 'interimap.1')
-rw-r--r-- | interimap.1 | 63 |
1 files changed, 36 insertions, 27 deletions
diff --git a/interimap.1 b/interimap.1 index 988fa16..7ac8204 100644 --- a/interimap.1 +++ b/interimap.1 @@ -282,33 +282,6 @@ pre\-authenticated connections, depending on the chosen authentication mechanism. .TP -.I SSL_cipher_list -Cipher list to use for the connection. -See \fIciphers\fR(1ssl) for the format of such list. - -.TP -.I SSL_fingerprint -Fingerprint of the server certificate in the form -\fIALGO\fR$\fIDIGEST_HEX\fR, where \fIALGO\fR is the used algorithm -(default \(lqsha256\(rq). -Attempting to connect to a server with a non-matching certificate -fingerprint causes \fBInterIMAP\fR to abort the connection immediately -after the SSL/TLS handshake. - -.TP -.I SSL_verify_trusted_peer -Whether to verify that the peer certificate has been signed by a trusted -Certificate Authority. Note that using \fISSL_fingerprint\fR to specify -the fingerprint of the server certificate is orthogonal and does not -rely on Certificate Authorities. -(Default: \(lqYES\(rq.) - -.TP -.I SSL_ca_path -Directory containing the certificate(s) of the trusted Certificate -Authorities, used for server certificate verification. - -.TP .I compress Whether to use the IMAP COMPRESS extension [RFC4978] for servers advertizing it. @@ -333,6 +306,42 @@ This option is only available in the default section, and is ignored if either server does not advertize \(lqBINARY\(rq in its capability list. (Default: \(lqYES\(rq.) +.TP +.I SSL_cipher_list +The cipher list to send to the server. Although the server determines +which cipher suite is used, it should take the first supported cipher in +the list sent by the client. See \fBciphers\fR(1ssl) for more +information. + +.TP +.I SSL_fingerprint +Fingerprint of the server certificate (or its public key) in the form +\fIALGO\fR$\fIDIGEST_HEX\fR, where \fIALGO\fR is the used algorithm +(default \(lqsha256\(rq). +Attempting to connect to a server with a non-matching certificate +fingerprint causes \fBInterIMAP\fR to abort the connection immediately +after the SSL/TLS handshake. + +.TP +.I SSL_verify +Whether to verify the server certificate chain. +Note that using \fISSL_fingerprint\fR to specify the fingerprint of the +server certificate is an orthogonal authentication measure as it ignores +the CA chain. +(Default: \(lqYES\(rq.) + +.TP +.I SSL_CApath +Directory to use for server certificate verification if +\(lq\fISSL_verify\fR=YES\(rq. +This directory must be in \(lqhash format\(rq, see \fBverify\fR(1ssl) +for more information. + +.TP +.I SSL_CAfile +File containing trusted certificates to use during server certificate +authentication if \(lq\fISSL_verify\fR=YES\(rq. + .SH SUPPORTED EXTENSIONS Performance is better for servers supporting the following extensions to |