Re: [Pan-users] [feature-request] Implement newer TLS Version in neawsreader pan?

[Duncan]

Detlef Graef posted on Thu, 06 Jul 2017 19:40:58 +0200 as excerpted:

> For a quick test I have replaced line number 813 in the file
> socket-impl-openssl.cc with the following line:
> 
>  "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+COMP-ALL:+KX-ALL:SIGN-ALL:+CURVE-ALL:
> +CTYPE-ALL:+MAC-ALL", NULL);
> 
> This enables all TLS versions (1.0, 1.1, 1.2) and all other options.
> 
> See: https://gnutls.org/manual/html_node/Priority-Strings.html
> 
> After building Pan with gnu-tls option enabled everything seems to work
> in my setup.

Is there a debug method to tell you what was actually used?  Did you 
verify that it was TLS v 1.2 (assuming your server supports it)?

> I think a good solution would be to add a additional option in the file
> servers.xml for each server so that a specific TLS version can be set by
> the user if a problem occurs with a certain server.
> 
> Something like:
> 
> <tlsver>TLS-VER-ALL</tlsver>  with TLS-VER-ALL as the default value.
> 
> possible other values:
> 
> <tlsver>VERS-TLS1.0</tlsver>  force TLS ver. 1.0
> <tlsver>VERS-TLS1.1</tlsver>  force tLS ver. 1.1
> <tlsver>VERS-TLS1.2</tlsver>  force TLS ver. 1.2
> <tlsver>VERS-TLS1.3</tlsver>   (in the future)

LGTM. =:^)

[FWIW, pan says I didn't write enough for what I quoted.  I don't tend to 
get that warning very often. =:^) But I don't have anything else to 
add... or delete in the quote... but this note of side interest.  It's 
pan behavior in the pan newsgroup/list, so it's on topic. =:^)  If this 
goes thru it was enough, if not I'll mention that instead of this 
sentence and send anyway.]

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman