From: Sam Pablo Kuper <sampablokuper@riseup.net>
Date: Sun, 2 Dec 2018 22:31:19 +0000 (+0000)
Subject: Deprecate TLS 1.0 and 1.1 by default
X-Git-Tag: mutt-1-12-rel~208
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8960e637deb71ccbe544858921e0878e3c5c11ee;p=mutt

Deprecate TLS 1.0 and 1.1 by default

Fixes #101.

Minor digit of version number has been bumped per [Semantic Versioning
2.0.0](https://semver.org/spec/v2.0.0.html) §7:

> Minor version Y (x.Y.z | x > 0) MUST be incremented if ... any public
> API functionality is marked as deprecated.
---

diff --git a/UPDATING b/UPDATING
index ca866888..b8d86340 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,10 @@ http://www.mutt.org/doc/manual/
 The keys used are:
   !: modified feature, -: deleted feature, +: new feature
 
+1.12.1
+
+  ! $ssl_use_tlsv1 and ssl_use_tlsv1_1 now default to unset.
+
 1.11.1 (2018-12-01):
 
   ! Bug fix release.
diff --git a/init.h b/init.h
index 12585078..c79fb6cb 100644
--- a/init.h
+++ b/init.h
@@ -3604,13 +3604,13 @@ struct option_t MuttVars[] = {
   ** SSL authentication process. Note that SSLv2 and SSLv3 are now
   ** considered fundamentally insecure and are no longer recommended.
   */
-  { "ssl_use_tlsv1", DT_BOOL, R_NONE, OPTTLSV1, 1 },
+  { "ssl_use_tlsv1", DT_BOOL, R_NONE, OPTTLSV1, 0 },
   /*
   ** .pp
   ** This variable specifies whether to attempt to use TLSv1.0 in the
   ** SSL authentication process.
   */
-  { "ssl_use_tlsv1_1", DT_BOOL, R_NONE, OPTTLSV1_1, 1 },
+  { "ssl_use_tlsv1_1", DT_BOOL, R_NONE, OPTTLSV1_1, 0 },
   /*
   ** .pp
   ** This variable specifies whether to attempt to use TLSv1.1 in the