X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail.man;h=56026d0bea96acb40d896a9c351a9565036c215b;hb=bc92e40ab0f174062f4e11cfdf12aa7b68ba325c;hp=e953a5dd0b5d6d68644a1a347247f0452ee4ae9a;hpb=9f9c3cbd8d825f80e99ddfdefa530be3955bcd56;p=~andy%2Ffetchmail

diff --git a/fetchmail.man b/fetchmail.man
index e953a5dd..56026d0b 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -10,7 +10,7 @@
 .\" Load www macros to process .URL requests, this requires groff:
 .mso www.tmac
 .\"
-.TH fetchmail 1 "fetchmail 6.3.21" "fetchmail" "fetchmail reference manual"
+.TH fetchmail 1 "fetchmail 6.3.22" "fetchmail" "fetchmail reference manual"
 
 .SH NAME
 fetchmail \- fetch mail from a POP, IMAP, ETRN, or ODMR-capable server
@@ -2781,6 +2781,16 @@ then that name is used as the default local name.  Otherwise
 session ID (this elaborate logic is designed to handle the case of
 multiple names per userid gracefully).
 
+.IP \fBFETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE\fP
+(since v6.3.22):
+If this environment variable is set and not empty, fetchmail will disable
+a countermeasure against an SSL CBC IV attack (by setting 
+SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).  This is a security risk, but may be
+necessary for connecting to certain non-standards-conforming servers.
+See fetchmail's NEWS file and fetchmail-SA-2012-01.txt for details.
+Earlier fetchmail versions (v6.3.21 and older) used to disable this 
+countermeasure, but v6.3.22 no longer does that as a safety precaution.
+
 .IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP
 (since v6.3.17):
 If this environment variable is set and not empty, fetchmail will always load