diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2018-09-29 22:59:37 -0600 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2018-09-29 22:59:37 -0600 |
| commit | 924c47dd50a7b74136b8a60e9ea8d347ff65425b (patch) | |
| tree | bcbaaeb98807a7cb12bf16188c66a5ea938d0255 /pith/pine.hlp | |
| parent | 879f42fa445aa684ffbab7d404941a9d24a4863a (diff) | |
| download | alpine-924c47dd50a7b74136b8a60e9ea8d347ff65425b.tar.xz | |
* Add the /tls1_3 modifier to establish connections use the TLS protocol
version 1.3.
Diffstat (limited to 'pith/pine.hlp')
| -rw-r--r-- | pith/pine.hlp | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/pith/pine.hlp b/pith/pine.hlp index 074558fe..4f6ce153 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -185,6 +185,9 @@ Additions include: <LI> NTLM authentication support with the ntlm library, in Unix systems. Based on code provided by Maciej W. Rozycki. +<LI> Add /tls1_3 flag for servers that support it. Read more information +in the secure protocols <A HREF="h_network_encryption_security">help</A>. + <LI> Add -dict option to PC-Pico, which allows users to choose a dictionary when spelling. Sample usage: -dict "en_US, de_DE, fr_FR". @@ -1373,6 +1376,42 @@ a new key. <End of help> </BODY> </HTML> +====== h_network_encryption_security ====== +<HTML> +<HEAD> +<TITLE>Network Encryption Security Explained</TITLE> +</HEAD> +<BODY> +<H1>Network Encryption Security Explained</H1> + +You can specify which encryption protocol you would like to try when +creating a secure connection to a server. Alpine will attempt to use +that encryption protocol, but in practice the protocol being used will +default to the most secure protocol that both Alpine and the server +support. + +<P> If you use the latest version of OpenSSL, the /ssl modifier to the +server definition will use the most secure version of the TLS encryption +protocol. The same will be true if you try /tls1_1 or /tls1_2, but in an +old version of OpenSSL (pre 1.1.0 series) /tls1_1 might mean to use +version 1.1 of the TLS protocol. + +<P> You will never go wrong by using the /ssl modifier. At the time of +this writing OpenSSL had released version 1.1.1, with support for +TLS version 1.3. If your version of OpenSSL does not support this version +of the TLS protocol, then the /tls1_3 modifier will only mean to use +the most secure version of the TLS protocol that OpenSSL and the +server can negotiate. In future versions of OpenSSL, /tls1_3 might mean +to try to negotiate a higher version of the TLS protocol. + +<P> In order to avoid confusion, the /ssl flag is the best way to guarantee +the highest encryption protocol available, and it is the recommended +modifier to the server definition to create a secure encrypted connection. + +<P> +<End of help> +</BODY> +</HTML> ====== h_tls_failure_details ====== <HTML> <HEAD> @@ -20671,6 +20710,19 @@ Alpine must be linked with an SSL library for this option to be operational. </DD> +<DT>DTLS1_2</DT> +<DD> +This parameter indicates that the connection to the server will be made +over the SSL port, but using the DTLSv1.2 protocol, instead of the usual +SSLv3 or SSLv2 protocols. +Alpine must be linked with an SSL library for this option to be operational. + +<P> +<CENTER><SAMP>/dtls1_2</SAMP></CENTER> +<P> + +</DD> + <DT>TLS1_1</DT> <DD> This parameter indicates that the connection to the server will be made @@ -20697,6 +20749,19 @@ Alpine must be linked with an SSL library for this option to be operational. </DD> +<DT>TLS1_3</DT> +<DD> +This parameter indicates that the connection to the server will be made +over the SSL port, but using the TLSv1.3 protocol, instead of the usual +SSLv3 or SSLv2 protocols. +Alpine must be linked with an SSL library for this option to be operational. + +<P> +<CENTER><SAMP>/tls1_2</SAMP></CENTER> +<P> + +</DD> + <DT>NoValidate-Cert</DT> <DD>Do not validate certificates (for TLS or SSL connections) from the server. |