diff options
author | Phil Pennock <pdp@exim.org> | 2016-05-29 02:31:18 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2016-10-08 19:23:37 -0400 |
commit | 317e40ac8b1b816f4a22620a5647c6258de61598 (patch) | |
tree | 46f3796e23ecca09e0992b1a25eadaf8d062a466 /doc/doc-txt/ChangeLog | |
parent | ae5afa61184b6c9b39f58804032b32b42e3ba44e (diff) |
DH parameters update, new values & defaultexim-4_88_RC2
* Add three new Exim-specific DH parameter constants; state provenance,
but no way for others to verify; this is a signed commit, which is
about as much as we can do for the truly paranoid: provide an audit
trail.
* Add the RFC 7919 DH primes
+ No TLS feature negotiation, per 7919, but the DH primes can be used
if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
+ Turns out, q doesn't affect the PEM and that's not a mistake in my
initialisation; I've checked with a cryptographer, we're losing some
server-side optimizations but not any security properties for our
scenario.
Fixes: 1895
Diffstat (limited to 'doc/doc-txt/ChangeLog')
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 80ea2105d..c68e45ce8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -114,6 +114,9 @@ JH/29 Fix the connection_reject log selector to apply to the connect ACL. JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext. +PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created + by me. Added RFC7919 DH primes as an alternative. + Exim version 4.87 ----------------- |