Chain tls_level and ssl_version only if ssl is enabled

If the tls_level is set to a cipherset other than tls_compat, the ssl cipherset has to get specified extra, if ssl is used. But if the user explicitly disabled SSL, and set tls_level to anything else than tls_compat required the user to explicitly set ssl_version, which is contradicting. Signed-off-by: Benedikt Heine <bebe@bebehei.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-07-02 17:36:22 +02:00 · 2018-07-02 17:36:22 +02:00 · ce9a1981c1
parent d3ba837900
commit ce9a1981c1
2 changed files with 5 additions and 3 deletions
--- a/offlineimap.conf
+++ b/offlineimap.conf
@ -844,8 +844,8 @@ remotehost = examplehost
 #   - ssl3 (less desirable than tls1)
 #   - ssl23 (can fallback up to ssl3)
 #
-# When tls_level is not set to tls_compat, the ssl_version configuration option
-# must be explicitly set.
+# When tls_level is not set to tls_compat and ssl is still enabled,
+# the ssl_version configuration option must be explicitly set.
 #
 #tls_level = tls_compat

--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@ -100,7 +100,9 @@ class IMAPServer(object):
        self.sslversion = repos.getsslversion()
        self.starttls = repos.getstarttls()

-        if self.tlslevel is not "tls_compat" and self.sslversion is None:
+        if self.usessl \
+           and self.tlslevel is not "tls_compat" \
+           and self.sslversion is None:
            raise Exception("When 'tls_level' is not 'tls_compat' "
                "the 'ssl_version' must be set explicitly.")