From bdbf74de24041c8fb4defc1b63b414e4267114af Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Mon, 13 Sep 2021 00:36:29 -0600 Subject: * Enabled encryption protocols in PC-Alpine are based on those enabled in the system, unless one is specified directly. --- imap/src/osdep/nt/ssl_win.c | 16 +++++----------- pith/pine.hlp | 5 ++++- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/imap/src/osdep/nt/ssl_win.c b/imap/src/osdep/nt/ssl_win.c index a6af01e3..cd8aaf83 100644 --- a/imap/src/osdep/nt/ssl_win.c +++ b/imap/src/osdep/nt/ssl_win.c @@ -280,7 +280,7 @@ static SSLSTREAM *ssl_start (TCPSTREAM *tstream,char *host,unsigned long flags) unsigned long size = 0; int minv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MIN, NULL); int maxv = *(int *) mail_parameters(NULL, GET_ENCRYPTION_RANGE_MAX, NULL); - int i, client_request, range; + int i, client_request; sslcertificatequery_t scq = (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); sslfailure_t sf = (sslfailure_t) mail_parameters (NIL,GET_SSLFAILURE,NIL); @@ -304,16 +304,10 @@ static SSLSTREAM *ssl_start (TCPSTREAM *tstream,char *host,unsigned long flags) if(client_request < minv || client_request > maxv) return NIL; /* out of range? bail out */ - if (flags & NET_TRYTLS1) range = SP_PROT_TLS1; - else if (flags & NET_TRYTLS1_1) range = SP_PROT_TLS1_1; - else if (flags & NET_TRYTLS1_2) range = SP_PROT_TLS1_2; - else { - for(i = 0, range; ssl_versions[i].name != NULL; i++) - range |= (ssl_versions[i].version >= minv - && ssl_versions[i].version <= maxv) - ? ssl_versions[i].version : 0; - } - tlscred.grbitEnabledProtocols = range; + if (flags & NET_TRYTLS1) tlscred.grbitEnabledProtocols = SP_PROT_TLS1; + else if (flags & NET_TRYTLS1_1) tlscred.grbitEnabledProtocols = SP_PROT_TLS1_1; + else if (flags & NET_TRYTLS1_2) tlscred.grbitEnabledProtocols = SP_PROT_TLS1_2; + else tlscred.grbitEnabledProtocols = 0; /* use default TLS, see https://docs.microsoft.com/en-us/security/engineering/solving-tls1-problem */ /* acquire credentials */ if (sft->AcquireCredentialsHandle diff --git a/pith/pine.hlp b/pith/pine.hlp index a1b2df41..c798d471 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 590 2021-09-12 22:15:30 +Alpine Commit 591 2021-09-13 00:36:24 ============= h_news ================= @@ -246,6 +246,9 @@ New features include: saved in the credential manager are converted to the new format and they will not be recognized by old versions of Alpine, but only by this and newer versions of Alpine. + +
  • Enabled encryption protocols in PC-Alpine are based on those enabled + in the system, unless one is specified directly.

    -- cgit v1.2.3-54-g00ecf