TLS1.2 and TLS1.1 support with GnuTLS

author: Phil Pennock <pdp@exim.org> 2011-09-24 01:30:34 -0400
committer: Phil Pennock <pdp@exim.org> 2011-09-24 01:30:34 -0400
commit: c566dd90401a8b20b873644e3cdab175f1e86ede (patch)
tree: cba1e14125e2c38a6f9db7e265869d70355ee7ca /doc/doc-docbook
parent: eb02738d2e3fe3fc140781d90f776a4e7bf04c08 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d18b09dfe..51c9b8bab 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -24595,8 +24595,14 @@ DHE_DSS). The default list contains RSA, DHE_DSS, DHE_RSA.
 For &%gnutls_require_mac%&, the recognized names are SHA (synonym SHA1), and
 MD5. The default list contains SHA, MD5.
 
-For &%gnutls_require_protocols%&, the recognized names are TLS1 and SSL3.
-The default list contains TLS1, SSL3.
+.new
+For &%gnutls_require_protocols%&, the recognized names are TLS1.2, TLS1.1,
+TLS1.0, (TLS1) and SSL3.
+The default list contains TLS1.2, TLS1.1, TLS1.0, SSL3.
+TLS1 is an alias for TLS1.0, for backwards compatibility.
+For sufficiently old versions of the GnuTLS library, TLS1.2 or TLS1.1 might
+not be supported and will not be recognised by Exim.
+.wen
 
 In a server, the order of items in these lists is unimportant. The server
 advertises the availability of all the relevant cipher suites. However, in a
author	Phil Pennock <pdp@exim.org>	2011-09-24 01:30:34 -0400
committer	Phil Pennock <pdp@exim.org>	2011-09-24 01:30:34 -0400
commit	c566dd90401a8b20b873644e3cdab175f1e86ede (patch)
tree	cba1e14125e2c38a6f9db7e265869d70355ee7ca /doc/doc-docbook
parent	eb02738d2e3fe3fc140781d90f776a4e7bf04c08 (diff)