Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: dev

gnutls_compat_mode is only available as main configuration option

 

 

exim dev RSS feed   Index | Next | Previous | View Threaded


eximusers at downhill

Jun 1, 2012, 10:26 AM

Post #1 of 3 (294 views)
Permalink
gnutls_compat_mode is only available as main configuration option

Hello,

The docs for gnutls_compat_mode are not correct: It only exists as a
main configuration option, the corresponding option on the SMTP
transport does not exist. However (differently from other tls options)
the main configuration setting applies to both incoming and outgoing
corrections.

This is no new behavior in 4.80, 4.77 behaves the same way.

I do not think code changes are needed, people who want to use
compat_mode selectively for incoming or outgoing connections can use
"NORMAL:%COMPAT" in the respective tls_require_ciphers. (Afaict the
priority string setting is a superset of gnutls_compat_mode).

I can try to come up with a patch for the docmentation, unless you
think the sorce should be changed.

cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##


pdp at exim

Jun 2, 2012, 12:18 AM

Post #2 of 3 (276 views)
Permalink
Re: gnutls_compat_mode is only available as main configuration option [In reply to]

On 2012-06-01 at 19:26 +0200, Andreas Metzler wrote:
> The docs for gnutls_compat_mode are not correct: It only exists as a
> main configuration option, the corresponding option on the SMTP
> transport does not exist. However (differently from other tls options)
> the main configuration setting applies to both incoming and outgoing
> corrections.
>
> This is no new behavior in 4.80, 4.77 behaves the same way.
>
> I do not think code changes are needed, people who want to use
> compat_mode selectively for incoming or outgoing connections can use
> "NORMAL:%COMPAT" in the respective tls_require_ciphers. (Afaict the
> priority string setting is a superset of gnutls_compat_mode).
>
> I can try to come up with a patch for the docmentation, unless you
> think the sorce should be changed.

Doc fix please. The tls_require_ciphers, as you say, means that
gnutls_compat_mode is not needed and should probably be marked
deprecated. Feel free to call it that and advise people to use
tls_require_ciphers instead.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##


eximusers at downhill

Jun 3, 2012, 6:27 AM

Post #3 of 3 (285 views)
Permalink
Re: gnutls_compat_mode is only available as main configuration option [In reply to]

On 2012-06-02 Phil Pennock <pdp [at] exim> wrote:
> On 2012-06-01 at 19:26 +0200, Andreas Metzler wrote:
> > The docs for gnutls_compat_mode are not correct: It only exists as a
[..}
> > I can try to come up with a patch for the docmentation, unless you
> > think the sorce should be changed.

> Doc fix please. The tls_require_ciphers, as you say, means that
> gnutls_compat_mode is not needed and should probably be marked
> deprecated. Feel free to call it that and advise people to use
> tls_require_ciphers instead.

Patch attached, please doublecheck the wording.

thanks, cu andreas
Attachments: myexim.patch (1.50 KB)

exim dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.