TLS is fixed at version 1.0 only

[bllfr0g]

With the TLS option, email supports only TLSv1.0, which is either obsolete, or rapidly becoming obsolete, depending on your point of view.

Looks like in dlib, around line 175 of dnet.c, is where TLSv1.0 is hardcoded in.

Would be awesome if instead you tried, in priority order, TLSv1.2, TLSv1.1, TLSv1.0.

[eabase]

Hmm, is this still the case?

[meiser79]

You should change dlib/src/dnet.c line 175 to

sd->ctx = SSL_CTX_new(SSLv23_client_method()); SSL_CTX_set_options(sd->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);

This allows all TLS ciphers, but excludes SSLv2 and SSLv3.