aboutsummaryrefslogtreecommitdiffstats
path: root/interimap.1
diff options
context:
space:
mode:
Diffstat (limited to 'interimap.1')
-rw-r--r--interimap.163
1 files changed, 36 insertions, 27 deletions
diff --git a/interimap.1 b/interimap.1
index 988fa16..7ac8204 100644
--- a/interimap.1
+++ b/interimap.1
@@ -282,33 +282,6 @@ pre\-authenticated connections, depending on the chosen authentication
mechanism.
.TP
-.I SSL_cipher_list
-Cipher list to use for the connection.
-See \fIciphers\fR(1ssl) for the format of such list.
-
-.TP
-.I SSL_fingerprint
-Fingerprint of the server certificate in the form
-\fIALGO\fR$\fIDIGEST_HEX\fR, where \fIALGO\fR is the used algorithm
-(default \(lqsha256\(rq).
-Attempting to connect to a server with a non-matching certificate
-fingerprint causes \fBInterIMAP\fR to abort the connection immediately
-after the SSL/TLS handshake.
-
-.TP
-.I SSL_verify_trusted_peer
-Whether to verify that the peer certificate has been signed by a trusted
-Certificate Authority. Note that using \fISSL_fingerprint\fR to specify
-the fingerprint of the server certificate is orthogonal and does not
-rely on Certificate Authorities.
-(Default: \(lqYES\(rq.)
-
-.TP
-.I SSL_ca_path
-Directory containing the certificate(s) of the trusted Certificate
-Authorities, used for server certificate verification.
-
-.TP
.I compress
Whether to use the IMAP COMPRESS extension [RFC4978] for servers
advertizing it.
@@ -333,6 +306,42 @@ This option is only available in the default section, and is ignored if
either server does not advertize \(lqBINARY\(rq in its capability list.
(Default: \(lqYES\(rq.)
+.TP
+.I SSL_cipher_list
+The cipher list to send to the server. Although the server determines
+which cipher suite is used, it should take the first supported cipher in
+the list sent by the client. See \fBciphers\fR(1ssl) for more
+information.
+
+.TP
+.I SSL_fingerprint
+Fingerprint of the server certificate (or its public key) in the form
+\fIALGO\fR$\fIDIGEST_HEX\fR, where \fIALGO\fR is the used algorithm
+(default \(lqsha256\(rq).
+Attempting to connect to a server with a non-matching certificate
+fingerprint causes \fBInterIMAP\fR to abort the connection immediately
+after the SSL/TLS handshake.
+
+.TP
+.I SSL_verify
+Whether to verify the server certificate chain.
+Note that using \fISSL_fingerprint\fR to specify the fingerprint of the
+server certificate is an orthogonal authentication measure as it ignores
+the CA chain.
+(Default: \(lqYES\(rq.)
+
+.TP
+.I SSL_CApath
+Directory to use for server certificate verification if
+\(lq\fISSL_verify\fR=YES\(rq.
+This directory must be in \(lqhash format\(rq, see \fBverify\fR(1ssl)
+for more information.
+
+.TP
+.I SSL_CAfile
+File containing trusted certificates to use during server certificate
+authentication if \(lq\fISSL_verify\fR=YES\(rq.
+
.SH SUPPORTED EXTENSIONS
Performance is better for servers supporting the following extensions to