Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédente | Prochaine révisionLes deux révisions suivantes | ||
logiciel:systeme:msmtp:config:param:start [2022/06/25 17:51] – [Commandes d'authentification] admin | logiciel:systeme:msmtp:config:param:start [2022/06/25 17:52] – [Commandes TLS] admin | ||
---|---|---|---|
Ligne 42: | Ligne 42: | ||
===== Commandes TLS ===== | ===== Commandes TLS ===== | ||
+ | ; ‘tls [(on|off)]’ | ||
+ | : Enable or disable TLS (also known as SSL) for secured connections. | ||
+ | ; ‘tls_starttls [(on|off)]’ | ||
+ | : Choose the TLS variant: start TLS from within the session (‘on’, default), or tunnel the session through TLS (‘off’). | ||
+ | ; ‘tls_trust_file [file]’ | ||
+ | : Activate server certificate verification using a list of trusted Certification Authorities (CAs). The default is the special value ‘system’, | ||
+ | ; ‘tls_fingerprint [fingerprint]’ | ||
+ | : Set the fingerprint of a single certificate to accept for TLS. This certificate will be trusted regardless of its contents (this overrides ‘tls_trust_file’). The fingerprint should be of type SHA256, but can for backwards compatibility also be of type SHA1 or MD5 (please avoid this). The format should be 01: | ||
+ | ; ‘tls_key_file [file]’ | ||
+ | : Send a client certificate to the server (use this together with ‘tls_cert_file’). The file must contain the private key of a certificate in PEM format. An empty argument disables this feature. | ||
+ | ; ‘tls_cert_file [file]’ | ||
+ | : Send a client certificate to the server (use this together with ‘tls_key_file’). The file must contain a certificate in PEM format. An empty argument disables this feature. | ||
+ | ; ‘tls_certcheck [(on|off)]’ | ||
+ | : Enable or disable checks of the server certificate. They are enabled by default. Disabling them will override ‘tls_trust_file’ and ‘tls_fingerprint’. WARNING: When the checks are disabled, TLS sessions will not be secure! | ||
+ | ; ‘tls_priorities [priorities]’ | ||
+ | : Set priorities for TLS session parameters. The default is set by the TLS library and can be selected by using an empty argument to this command. The interpretation of the priorities string depends on the TLS library. Use ‘--version’ to find out which TLS library you use. For GnuTLS, see the section on Priority Strings in the manual. For libtls, the priorites string is a space-separated list of parameter strings prefixed with either PROTOCOLS=, CIPHERS=, or ECDHECURVES=. These parameter strings will be passed to the functions ‘tls_config_parse_protocols’, | ||
+ | ; ‘tls_host_override [host]’ | ||
+ | : By default, TLS host verification uses the host name given by the ‘host’ command. This command allows one to use a different host name for verification. This is only useful in special cases. | ||
===== Commandes propres au mode sendmail ===== | ===== Commandes propres au mode sendmail ===== | ||