summaryrefslogtreecommitdiff
path: root/imap-dl.1.pod
diff options
context:
space:
mode:
authorRobbie Harwood <rharwood@redhat.com>2020-03-10 12:54:50 -0400
committerSean Whitton <spwhitton@spwhitton.name>2020-03-19 13:22:52 -0700
commit6e26cfb34ae96f2dbef3660afd1857b31bd6ea5c (patch)
tree78d37ac85718d490b83508b67bcba59a3ece4e76 /imap-dl.1.pod
parente4e5653d1c79ab0be13479fa8dff6b299624ea8b (diff)
downloadmailscripts-6e26cfb34ae96f2dbef3660afd1857b31bd6ea5c.tar.gz
imap-dl: Allow specifying ssl_ciphers
In my case, this allows supporting servers which have unacceptably (for systemwide OpenSSL) small DH sizes by requesting non-DH ciphers. Specifically, hardcoding AES256-GCM-SHA384 prevents this traceback: Traceback (most recent call last): File "/usr/bin/imap-dl", line 273, in <module> scan_msgs(confname, args.verbose) File "/usr/bin/imap-dl", line 133, in scan_msgs ssl_context=ctx) as imap: File "/usr/lib/python3.7/imaplib.py", line 1288, in __init__ IMAP4.__init__(self, host, port) File "/usr/lib/python3.7/imaplib.py", line 198, in __init__ self.open(host, port) File "/usr/lib/python3.7/imaplib.py", line 1301, in open IMAP4.open(self, host, port) File "/usr/lib/python3.7/imaplib.py", line 299, in open self.sock = self._create_socket() File "/usr/lib/python3.7/imaplib.py", line 1293, in _create_socket server_hostname=self.host) File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 870, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1076) Signed-off-by: Robbie Harwood <rharwood@redhat.com> Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'imap-dl.1.pod')
-rw-r--r--imap-dl.1.pod4
1 files changed, 4 insertions, 0 deletions
diff --git a/imap-dl.1.pod b/imap-dl.1.pod
index 901c7e8..7998d3a 100644
--- a/imap-dl.1.pod
+++ b/imap-dl.1.pod
@@ -48,6 +48,10 @@ B<retriever.username> is the username of the IMAP account.
B<retriever.password> is the password for the IMAP account when using
plaintext passwords.
+B<retriever.ssl_ciphers> is an OpenSSL cipher string to use instead of the
+defaults. (The defaults are good; this should be avoided except to work
+around bugs.)
+
B<destination.path> is the location of the target maildir.
B<options.delete> is a boolean, whether to delete the messages that