summaryrefslogtreecommitdiff
path: root/pith
diff options
context:
space:
mode:
Diffstat (limited to 'pith')
-rw-r--r--pith/conf.c35
-rw-r--r--pith/pine.hlp65
2 files changed, 94 insertions, 6 deletions
diff --git a/pith/conf.c b/pith/conf.c
index 0085e955..607c9f82 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -52,6 +52,7 @@ static char rcsid[] = "$Id: conf.c 1266 2009-07-14 18:39:12Z hubert@u.washington
#include "../pico/osdep/mswin.h"
#endif
+#include <openssl/ssl.h>
#define TO_BAIL_THRESHOLD 60
@@ -8147,8 +8148,8 @@ get_supported_options(void)
DRIVER *d;
AUTHENTICATOR *a;
char *title = _("Supported features in this Alpine");
- char sbuf[MAX_SCREEN_COLS+1];
- int cnt, alcnt, len, cols, disabled, any_disabled = 0;;
+ char sbuf[MAX_SCREEN_COLS+1], tmp[128];
+ int cnt, alcnt, len, cols, disabled, any_disabled = 0, i;
/*
* Line count:
@@ -8190,10 +8191,32 @@ get_supported_options(void)
config[cnt] = cpystr(_(" TLS and SSL"));
else
config[cnt] = cpystr(_(" None (no TLS or SSL)"));
-#ifdef SSL_SUPPORTS_TLSV1_2
- if(++cnt < alcnt)
- config[cnt] = cpystr(" TLSv1.1, TLSv1.2, and DTLSv1");
-#endif
+
+ tmp[0] = tmp[1] = ' ';
+ tmp[2] = '\0';
+#ifndef OPENSSL_NO_TLS1_METHOD
+ strcat(tmp, "TLSv1, ");
+#endif /* OPENSSL_NO_TLS1_METHOD */
+#ifdef TLS1_1_VERSION
+ strcat(tmp, "TLSv1.1, ");
+#endif /* TLS1_1_VERSION */
+#ifdef TLS1_2_VERSION
+ strcat(tmp, "TLSv1.2. ");
+#endif /* TLS1_2_VERSION */
+#ifdef TLS1_3_VERSION
+ strcat(tmp, "TLSv1.3, ");
+#endif /* TLS1_3_VERSION */
+#ifdef DTLS1_VERSION
+ strcat(tmp, "DTLSv1, ");
+#endif /* DTLS1_VERSION */
+#ifdef DTLS1_2_VERSION
+ strcat(tmp, "DTLSv1.2, ");
+#endif /* DTLS1_2_VERSION */
+ if(tmp[2] != '\0'){
+ tmp[strlen(tmp)-2] = '\0';
+ if(++cnt < alcnt)
+ config[cnt] = cpystr(tmp);
+ }
#ifdef SMIME
if(++cnt < alcnt)
config[cnt] = cpystr(" S/MIME");
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 074558fe..4f6ce153 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -185,6 +185,9 @@ Additions include:
<LI> NTLM authentication support with the ntlm library, in Unix systems.
Based on code provided by Maciej W. Rozycki.
+<LI> Add /tls1_3 flag for servers that support it. Read more information
+in the secure protocols <A HREF="h_network_encryption_security">help</A>.
+
<LI> Add -dict option to PC-Pico, which allows users to choose a dictionary
when spelling. Sample usage: -dict "en_US, de_DE, fr_FR".
@@ -1373,6 +1376,42 @@ a new key.
&lt;End of help&gt;
</BODY>
</HTML>
+====== h_network_encryption_security ======
+<HTML>
+<HEAD>
+<TITLE>Network Encryption Security Explained</TITLE>
+</HEAD>
+<BODY>
+<H1>Network Encryption Security Explained</H1>
+
+You can specify which encryption protocol you would like to try when
+creating a secure connection to a server. Alpine will attempt to use
+that encryption protocol, but in practice the protocol being used will
+default to the most secure protocol that both Alpine and the server
+support.
+
+<P> If you use the latest version of OpenSSL, the /ssl modifier to the
+server definition will use the most secure version of the TLS encryption
+protocol. The same will be true if you try /tls1_1 or /tls1_2, but in an
+old version of OpenSSL (pre 1.1.0 series) /tls1_1 might mean to use
+version 1.1 of the TLS protocol.
+
+<P> You will never go wrong by using the /ssl modifier. At the time of
+this writing OpenSSL had released version 1.1.1, with support for
+TLS version 1.3. If your version of OpenSSL does not support this version
+of the TLS protocol, then the /tls1_3 modifier will only mean to use
+the most secure version of the TLS protocol that OpenSSL and the
+server can negotiate. In future versions of OpenSSL, /tls1_3 might mean
+to try to negotiate a higher version of the TLS protocol.
+
+<P> In order to avoid confusion, the /ssl flag is the best way to guarantee
+the highest encryption protocol available, and it is the recommended
+modifier to the server definition to create a secure encrypted connection.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
====== h_tls_failure_details ======
<HTML>
<HEAD>
@@ -20671,6 +20710,19 @@ Alpine must be linked with an SSL library for this option to be operational.
</DD>
+<DT>DTLS1_2</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the DTLSv1.2 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/dtls1_2</SAMP></CENTER>
+<P>
+
+</DD>
+
<DT>TLS1_1</DT>
<DD>
This parameter indicates that the connection to the server will be made
@@ -20697,6 +20749,19 @@ Alpine must be linked with an SSL library for this option to be operational.
</DD>
+<DT>TLS1_3</DT>
+<DD>
+This parameter indicates that the connection to the server will be made
+over the SSL port, but using the TLSv1.3 protocol, instead of the usual
+SSLv3 or SSLv2 protocols.
+Alpine must be linked with an SSL library for this option to be operational.
+
+<P>
+<CENTER><SAMP>/tls1_2</SAMP></CENTER>
+<P>
+
+</DD>
+
<DT>NoValidate-Cert</DT>
<DD>Do not validate certificates (for TLS or SSL connections) from the server.