Remove Cassandra ssl_verify=cert-dns

dovecot · Aug 23, 2024 · 69bf302 · 69bf302
1 parent b6718c8
commit 69bf302
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -454,6 +454,7 @@ metawrap
 millisecs
 mimencode
 missingok
+MITM
 mkhomedir
 mmencode
 MMIME

diff --git a/docs/core/config/sql/cassandra.md b/docs/core/config/sql/cassandra.md
@@ -225,7 +225,7 @@ to use for authenticating against the remote server.
 ### `ssl_verify`
 
 * Default: `none`
-* Values: `none`, `cert`, `cert-ip`, `cert-dns`
+* Values: `none`, `cert`, `cert-ip`
 
 Configure the peer certificate validation method.
 
@@ -236,7 +236,6 @@ Configure the peer certificate validation method.
 | `none` | Disables validation. |
 | `cert` | Validate that the certificate is valid. |
 | `cert-ip` | Validate that the certificate is valid and has Common Name or Subject Alternate Name for the IP address. |
-| `cert-dns` | Validate that the certificate is valid and has Common Name or Subject Alternate Name that matches PTR resource record for the server's IP address. |
 
 ### `user`
 

diff --git a/docs/installation/upgrade/include/2.3-to-2.4.inc b/docs/installation/upgrade/include/2.3-to-2.4.inc
@@ -56,6 +56,7 @@ passdb some_name {
 | `imap_id_log` setting | Replaced by the [[event,imap_id_received]] event. |
 | size.virtual | size.virtual field is no longer written to dovecot.index.cache file as it is duplicating vsize record in dovecot.index file. Reading of the field from old files is supported. |
 | SETQUOTA / `quota_set` | Quota limits can no longer be modified using the IMAP SETQUOTA command. |
+| Cassandra `ssl_verify=cert-dns` | Deprecated by Cassandra cpp-driver due to it being insecure against MITM attacks. |
 
 ### Changed Default Settings