- {"ssl_force_tls", DT_BOOL, R_NONE, OPTSSLFORCETLS, "no" },
- /*
- ** .pp
- ** If this variable is \fIset\fP, Madmutt will require that all connections
- ** to remote servers be encrypted. Furthermore it will attempt to
- ** negotiate TLS even if the server does not advertise the capability,
- ** since it would otherwise have to abort the connection anyway. This
- ** option supersedes ``$$ssl_starttls''.
- */
- {"ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** If \fIset\fP (the default), Madmutt will attempt to use STARTTLS on servers
- ** advertising the capability. When \fIunset\fP, Madmutt will not attempt to
- ** use STARTTLS regardless of the server's capabilities.
- */
- {"certificate_file", DT_PATH, R_NONE, UL &SslCertFile, "~/.cache/madmutt/certificates"},
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variable specifies the file where the certificates you trust
- ** are saved. When an unknown certificate is encountered, you are asked
- ** if you accept it or not. If you accept it, the certificate can also
- ** be saved in this file and further connections are automatically
- ** accepted.
- ** .pp
- ** You can also manually add CA certificates in this file. Any server
- ** certificate that is signed with one of these CA certificates are
- ** also automatically accepted.
- ** .pp
- ** Example: \fTset certificate_file=~/.madmutt/certificates\fP
- */
- {"ssl_use_sslv3", DT_BOOL, R_NONE, OPTSSLV3, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variables specifies whether to attempt to use SSLv3 in the
- ** SSL authentication process.
- */
- {"ssl_use_tlsv1", DT_BOOL, R_NONE, OPTTLSV1, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variables specifies whether to attempt to use TLSv1 in the
- ** SSL authentication process.
- */
- {"ssl_min_dh_prime_bits", DT_NUM, R_NONE, UL &SslDHPrimeBits, "0" },
- /*
- ** .pp
- ** Availability: GNUTLS
- **
- ** .pp
- ** This variable specifies the minimum acceptable prime size (in bits)
- ** for use in any Diffie-Hellman key exchange. A value of 0 will use
- ** the default from the GNUTLS library.
- */
- {"ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, "" },
- /*
- ** .pp
- ** This variable specifies a file containing trusted CA certificates.
- ** Any server certificate that is signed with one of these CA
- ** certificates are also automatically accepted.
- ** .pp
- ** Example: \fTset ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt\fP
- */