From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 26 May 2019 21:34:42 +0000 (-0700)
Subject: Turn on $ssl_force_tls by default.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c186d3794694162bf24593b78dff64ff4b3fc39a;p=mutt

Turn on $ssl_force_tls by default.

Ticket #135 suggests that these days, it's better to force encryption
over all connections.  RFC8314 is recommending MUA's move in that
direction (actually even directing towards implicit TLS over
STARTTLS).

I'm enabling this at the beginning of the 1.13 development cycle to
give others time to chime in with any objections.  Personally, I've
had this option set myself for years.  The only place it could become
an issue is for a localhost IMAP server with no cert.  In that case,
it's easy enough to have an account hook unset if needed, and I think
a better idea that the user be forced to turn it off.
---

diff --git a/init.h b/init.h
index dcb157f0..1590b4ad 100644
--- a/init.h
+++ b/init.h
@@ -3687,7 +3687,7 @@ struct option_t MuttVars[] = {
   ** The file containing a client certificate and its associated private
   ** key.
   */
-  { "ssl_force_tls",		DT_BOOL, R_NONE, OPTSSLFORCETLS, 0 },
+  { "ssl_force_tls",		DT_BOOL, R_NONE, OPTSSLFORCETLS, 1 },
   /*
   ** .pp
   ** If this variable is \fIset\fP, Mutt will require that all connections