Detlef Graef posted on Thu, 06 Jul 2017 19:40:58 +0200 as excerpted: > For a quick test I have replaced line number 813 in the file > socket-impl-openssl.cc with the following line: > > "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+COMP-ALL:+KX-ALL:SIGN-ALL:+CURVE-ALL: > +CTYPE-ALL:+MAC-ALL", NULL); > > This enables all TLS versions (1.0, 1.1, 1.2) and all other options. > > See: https://gnutls.org/manual/html_node/Priority-Strings.html > > After building Pan with gnu-tls option enabled everything seems to work > in my setup.
Is there a debug method to tell you what was actually used? Did you verify that it was TLS v 1.2 (assuming your server supports it)? > I think a good solution would be to add a additional option in the file > servers.xml for each server so that a specific TLS version can be set by > the user if a problem occurs with a certain server. > > Something like: > > <tlsver>TLS-VER-ALL</tlsver> with TLS-VER-ALL as the default value. > > possible other values: > > <tlsver>VERS-TLS1.0</tlsver> force TLS ver. 1.0 > <tlsver>VERS-TLS1.1</tlsver> force tLS ver. 1.1 > <tlsver>VERS-TLS1.2</tlsver> force TLS ver. 1.2 > <tlsver>VERS-TLS1.3</tlsver> (in the future) LGTM. =:^) [FWIW, pan says I didn't write enough for what I quoted. I don't tend to get that warning very often. =:^) But I don't have anything else to add... or delete in the quote... but this note of side interest. It's pan behavior in the pan newsgroup/list, so it's on topic. =:^) If this goes thru it was enough, if not I'll mention that instead of this sentence and send anyway.] -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/pan-users
