summaryrefslogtreecommitdiff
path: root/pith/pine.hlp
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2018-09-29 22:59:37 -0600
committerEduardo Chappa <chappa@washington.edu>2018-09-29 22:59:37 -0600
commit924c47dd50a7b74136b8a60e9ea8d347ff65425b (patch)
treebcbaaeb98807a7cb12bf16188c66a5ea938d0255 /pith/pine.hlp
parent879f42fa445aa684ffbab7d404941a9d24a4863a (diff)
downloadalpine-924c47dd50a7b74136b8a60e9ea8d347ff65425b.tar.xz
* Add the /tls1_3 modifier to establish connections use the TLS protocol
version 1.3.
Diffstat (limited to 'pith/pine.hlp')
-rw-r--r--pith/pine.hlp65
1 files changed, 65 insertions, 0 deletions
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 074558fe..4f6ce153 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -185,6 +185,9 @@ Additions include:
<LI> NTLM authentication support with the ntlm library, in Unix systems.
Based on code provided by Maciej W. Rozycki.
+<LI> Add /tls1_3 flag for servers that support it. Read more information
+in the secure protocols <A HREF="h_network_encryption_security">help</A>.
+
<LI> Add -dict option to PC-Pico, which allows users to choose a dictionary
when spelling. Sample usage: -dict "en_US, de_DE, fr_FR".
@@ -1373,6 +1376,42 @@ a new key.
&lt;End of help&gt;
</BODY>
</HTML>
+====== h_network_encryption_security ======
+<HTML>
+<HEAD>
+<TITLE>Network Encryption Security Explained</TITLE>
+</HEAD>
+<BODY>
+<H1>Network Encryption Security Explained</H1>
+
+You can specify which encryption protocol you would like to try when
+creating a secure connection to a server. Alpine will attempt to use
+that encryption protocol, but in practice the protocol being used will
+default to the most secure protocol that both Alpine and the server
+support.
+
+<P> If you use the latest version of OpenSSL, the /ssl modifier to the
+server definition will use the most secure version of the TLS encryption
+protocol. The same will be true if you try /tls1_1 or /tls1_2, but in an
+old version of OpenSSL (pre 1.1.0 series) /tls1_1 might mean to use
+version 1.1 of the TLS protocol.
+
+<P> You will never go wrong by using the /ssl modifier. At the time of
+this writing OpenSSL had released version 1.1.1, with support for
+TLS version 1.3. If your version of OpenSSL does not support this version
+of the TLS protocol, then the /tls1_3 modifier will only mean to use
+the most secure version of the TLS protocol that OpenSSL and the
+server can negotiate. In future versions of OpenSSL, /tls1_3 might mean
+to try to negotiate a higher version of the TLS protocol.
+
+<P> In order to avoid confusion, the /ssl flag is the best way to guarantee
+the highest encryption protocol available, and it is the recommended
+modifier to the server definition to create a secure encrypted connection.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
====== h_tls_failure_details ======
<HTML>
<HEAD>
@@ -20671,6 +20710,19 @@ Alpine must be linked with an SSL library for this option to be operational.
</DD>
+<DT>DTLS1_2</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the DTLSv1.2 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/dtls1_2</SAMP></CENTER>
+<P>
+
+</DD>
+
<DT>TLS1_1</DT>
<DD>
This parameter indicates that the connection to the server will be made
@@ -20697,6 +20749,19 @@ Alpine must be linked with an SSL library for this option to be operational.
</DD>
+<DT>TLS1_3</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1.3 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1_2</SAMP></CENTER>
+<P>
+
+</DD>
+
<DT>NoValidate-Cert</DT>
<DD>Do not validate certificates (for TLS or SSL connections) from the server.