From ce9a1981c1a16ce5b0d71fdd5be79a01c7cb5d0d Mon Sep 17 00:00:00 2001 From: Benedikt Heine Date: Mon, 2 Jul 2018 17:36:22 +0200 Subject: [PATCH] Chain tls_level and ssl_version only if ssl is enabled If the tls_level is set to a cipherset other than tls_compat, the ssl cipherset has to get specified extra, if ssl is used. But if the user explicitly disabled SSL, and set tls_level to anything else than tls_compat required the user to explicitly set ssl_version, which is contradicting. Signed-off-by: Benedikt Heine Signed-off-by: Nicolas Sebrecht --- offlineimap.conf | 4 ++-- offlineimap/imapserver.py | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/offlineimap.conf b/offlineimap.conf index 11b3a21..e866f09 100644 --- a/offlineimap.conf +++ b/offlineimap.conf @@ -844,8 +844,8 @@ remotehost = examplehost # - ssl3 (less desirable than tls1) # - ssl23 (can fallback up to ssl3) # -# When tls_level is not set to tls_compat, the ssl_version configuration option -# must be explicitly set. +# When tls_level is not set to tls_compat and ssl is still enabled, +# the ssl_version configuration option must be explicitly set. # #tls_level = tls_compat diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py index 879e352..a412b7d 100644 --- a/offlineimap/imapserver.py +++ b/offlineimap/imapserver.py @@ -100,7 +100,9 @@ class IMAPServer(object): self.sslversion = repos.getsslversion() self.starttls = repos.getstarttls() - if self.tlslevel is not "tls_compat" and self.sslversion is None: + if self.usessl \ + and self.tlslevel is not "tls_compat" \ + and self.sslversion is None: raise Exception("When 'tls_level' is not 'tls_compat' " "the 'ssl_version' must be set explicitly.")