summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2021-09-13 00:36:29 -0600
committerEduardo Chappa <chappa@washington.edu>2021-09-13 00:36:29 -0600
commitbdbf74de24041c8fb4defc1b63b414e4267114af (patch)
treef58527a6506034b87bbdb7b5381b3155d4fa3100
parentcabf16e5f9e138d77e2800d753c7ce7c46a18104 (diff)
downloadalpine-bdbf74de24041c8fb4defc1b63b414e4267114af.tar.xz
* Enabled encryption protocols in PC-Alpine are based on those enabled
in the system, unless one is specified directly.
-rw-r--r--imap/src/osdep/nt/ssl_win.c16
-rw-r--r--pith/pine.hlp5
2 files changed, 9 insertions, 12 deletions
diff --git a/imap/src/osdep/nt/ssl_win.c b/imap/src/osdep/nt/ssl_win.c
index a6af01e3..cd8aaf83 100644
--- a/imap/src/osdep/nt/ssl_win.c
+++ b/imap/src/osdep/nt/ssl_win.c
@@ -280,7 +280,7 @@ static SSLSTREAM *ssl_start (TCPSTREAM *tstream,char *host,unsigned long flags)
unsigned long size = 0;
int minv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL);
int maxv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL);
- int i, client_request, range;
+ int i, client_request;
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
sslfailure_t sf = (sslfailure_t) mail_parameters (NIL,GET_SSLFAILURE,NIL);
@@ -304,16 +304,10 @@ static SSLSTREAM *ssl_start (TCPSTREAM *tstream,char *host,unsigned long flags)
if(client_request < minv || client_request > maxv)
return NIL; /* out of range? bail out */
- if (flags & NET_TRYTLS1) range = SP_PROT_TLS1;
- else if (flags & NET_TRYTLS1_1) range = SP_PROT_TLS1_1;
- else if (flags & NET_TRYTLS1_2) range = SP_PROT_TLS1_2;
- else {
- for(i = 0, range; ssl_versions[i].name != NULL; i++)
- range |= (ssl_versions[i].version >= minv
- && ssl_versions[i].version <= maxv)
- ? ssl_versions[i].version : 0;
- }
- tlscred.grbitEnabledProtocols = range;
+ if (flags & NET_TRYTLS1) tlscred.grbitEnabledProtocols = SP_PROT_TLS1;
+ else if (flags & NET_TRYTLS1_1) tlscred.grbitEnabledProtocols = SP_PROT_TLS1_1;
+ else if (flags & NET_TRYTLS1_2) tlscred.grbitEnabledProtocols = SP_PROT_TLS1_2;
+ else tlscred.grbitEnabledProtocols = 0; /* use default TLS, see https://docs.microsoft.com/en-us/security/engineering/solving-tls1-problem */
/* acquire credentials */
if (sft->AcquireCredentialsHandle
diff --git a/pith/pine.hlp b/pith/pine.hlp
index a1b2df41..c798d471 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 590 2021-09-12 22:15:30
+Alpine Commit 591 2021-09-13 00:36:24
============= h_news =================
<HTML>
<HEAD>
@@ -246,6 +246,9 @@ New features include:
saved in the credential manager are converted to the new format and
they will not be recognized by old versions of Alpine, but only by
this and newer versions of Alpine.
+
+<LI> Enabled encryption protocols in PC-Alpine are based on those enabled
+ in the system, unless one is specified directly.
</UL>
<P>