From 7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1 Mon Sep 17 00:00:00 2001
From: Manuel Mausz <manuel@mausz.at>
Date: Wed, 27 Jun 2018 01:06:16 +0200
Subject: OpenSSL 1.1 compatibility

This adds compatibility for OpenSSL 1.1

Since renegotiation is removed from TLS 1.3 we also removed support for
authentication via client certificates (control/tlsclients). In general
this is still supported by TLS 1.3 however I'm just lazy and we don't
need this feature anyway.

This also adds optional support for OpenSSL configuration commands for
qmail-smtpd and qmail-remote. Commands are loaded from control/opensslconf.
For a list of supported commands see
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS
---
 README.starttls | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'README.starttls')

diff --git a/README.starttls b/README.starttls
index 07ee275..6168c6d 100644
--- a/README.starttls
+++ b/README.starttls
@@ -42,16 +42,6 @@ Optional: - when DEBUG is defined, some extra TLS info will be logged
             an exhaustive list of hosts TLS is tried on.
             If /var/qmail/control/notlshosts/host.dom.ain is present,
             no TLS is tried on this host.
-          - client authentication:
-            when relay rules would reject an incoming mail, 
-            qmail-smtpd can allow the mail based on a presented cert.
-            Certs are verified against a CA list in 
-            /var/qmail/control/clientca.pem (eg. http://www.modssl.org/
-            source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/ca-bundle.crt)
-            and the cert email-address has to match a line in
-            /var/qmail/control/tlsclients. This email-address is logged
-            in the headers. CRLs can be provided through 
-            /var/qmail/control/clientcrl.pem.
           - cipher selection:
             qmail-remote: 
               openssl cipher string (`man ciphers`) read from 
-- 
cgit v1.2.3