From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 26 May 2019 21:34:42 +0000 (-0700)
Subject: Turn on $ssl_force_tls by default
X-Git-Tag: 2019-10-25~168^2~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b7ddd2f0d315e3dad83496776b93348cba9ff75e;p=neomutt

Turn on $ssl_force_tls by default

Ticket #135 suggests that these days, it's better to force encryption
over all connections.  RFC8314 is recommending MUA's move in that
direction (actually even directing towards implicit TLS over
STARTTLS).

I'm enabling this at the beginning of the 1.13 development cycle to
give others time to chime in with any objections.  Personally, I've
had this option set myself for years.  The only place it could become
an issue is for a localhost IMAP server with no cert.  In that case,
it's easy enough to have an account hook unset if needed, and I think
a better idea that the user be forced to turn it off.

Co-authored-by: Richard Russon <rich@flatcap.org>
---

diff --git a/init.h b/init.h
index b6b88f262..6b5e3b91b 100644
--- a/init.h
+++ b/init.h
@@ -4250,7 +4250,7 @@ struct ConfigDef MuttVars[] = {
   ** The file containing a client certificate and its associated private
   ** key.
   */
-  { "ssl_force_tls",            DT_BOOL, R_NONE, &C_SslForceTls, false },
+  { "ssl_force_tls",            DT_BOOL, R_NONE, &C_SslForceTls, true },
   /*
   ** .pp
   ** If this variable is \fIset\fP, NeoMutt will require that all connections