Duncan posted on Thu, 06 Jul 2017 01:14:18 +0000 as excerpted: > FWIW I think the optimum, if it's not too difficult to achieve, would be > to let it be auto-negotiated, of course favoring the newer versions if > the server supports them as well. If getting the negotiation right is > too difficult, I'd suggest making it configurable, at /least/ via file, > but of course I'd personally prefer gui.
Thinking about it a bit more... Even better would be auto-negotiation, but with a configured minimum version, which would of course default to 1.0 for backward compatibility, but users could up that to 1.3 or whatever if they knew their provider supported it. Then if pan couldn't negotiate the configured minimum, instead of falling back to something less secure it'd hard-fail. Then the configuration could be servers.xml only without either regression if only the existing 1.0 was server-supported, or too big a security compromise if higher was, because the auto-negotiation would then get that, for gui-only users. I believe that'd be my ideal, with gui or no-gui config left up to a vote here or the person doing the patch, I guess. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/pan-users
