in imapserver, do not advertise STARTTLS if TLS isn't configured

This commit is contained in:
Mechiel Lukkien 2023-02-27 14:10:43 +01:00
parent 0639c396b9
commit 44a3f9b1bc
No known key found for this signature in database

View file

@ -1291,7 +1291,8 @@ func (c *conn) cmdCapability(tag, cmd string, p *parser) {
func (c *conn) capabilities() string {
caps := serverCapabilities
// ../rfc/9051:1238
if !c.tls {
// We only allow starting without TLS when explicitly configured, in violation of RFC.
if !c.tls && c.tlsConfig != nil {
caps += " STARTTLS"
}
if c.tls || c.noRequireSTARTTLS {