From b7ddd2f0d315e3dad83496776b93348cba9ff75e Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 26 May 2019 14:34:42 -0700
Subject: [PATCH] Turn on $ssl_force_tls by default

Ticket #135 suggests that these days, it's better to force encryption
over all connections.  RFC8314 is recommending MUA's move in that
direction (actually even directing towards implicit TLS over
STARTTLS).

I'm enabling this at the beginning of the 1.13 development cycle to
give others time to chime in with any objections.  Personally, I've
had this option set myself for years.  The only place it could become
an issue is for a localhost IMAP server with no cert.  In that case,
it's easy enough to have an account hook unset if needed, and I think
a better idea that the user be forced to turn it off.

Co-authored-by: Richard Russon <rich@flatcap.org>
---
 init.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.h b/init.h
index b6b88f262..6b5e3b91b 100644
--- a/init.h
+++ b/init.h
@@ -4250,7 +4250,7 @@ struct ConfigDef MuttVars[] = {
   ** The file containing a client certificate and its associated private
   ** key.
   */
-  { "ssl_force_tls",            DT_BOOL, R_NONE, &C_SslForceTls, false },
+  { "ssl_force_tls",            DT_BOOL, R_NONE, &C_SslForceTls, true },
   /*
   ** .pp
   ** If this variable is \fIset\fP, NeoMutt will require that all connections
-- 
2.40.0