Turn on $ssl_force_tls by default

Ticket #135 suggests that these days, it's better to force encryption
over all connections.  RFC8314 is recommending MUA's move in that
direction (actually even directing towards implicit TLS over
STARTTLS).

I'm enabling this at the beginning of the 1.13 development cycle to
give others time to chime in with any objections.  Personally, I've
had this option set myself for years.  The only place it could become
an issue is for a localhost IMAP server with no cert.  In that case,
it's easy enough to have an account hook unset if needed, and I think
a better idea that the user be forced to turn it off.

Co-authored-by: Richard Russon <rich@flatcap.org>

diff --git a/init.h b/init.h
index b6b88f262bf3a2ee89a2e97e099e6e7cacb6c98e..6b5e3b91b6b1074647aff8ba7a52c647e96a5928 100644 (file)
--- a/init.h
+++ b/init.h
@@ -4250,7 +4250,7 @@ struct ConfigDef MuttVars[] = {
   ** The file containing a client certificate and its associated private
   ** key.
   */
-  { "ssl_force_tls",            DT_BOOL, R_NONE, &C_SslForceTls, false },
+  { "ssl_force_tls",            DT_BOOL, R_NONE, &C_SslForceTls, true },
   /*
   ** .pp
   ** If this variable is \fIset\fP, NeoMutt will require that all connections