OpenSSL fixes and backwards compat break.

Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b. Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.
author: Phil Pennock <pdp@exim.org> 2012-05-03 19:11:49 -0700
committer: Phil Pennock <pdp@exim.org> 2012-05-03 19:11:49 -0700
commit: da3ad30dcfbb4770835c2b7e165bb719f76cfc16 (patch)
tree: 98071a567e2c77ad855dcbcee5871f5bf7207436 /doc/doc-txt/ChangeLog
parent: e74376d84aa63876c9a3b240513b8f38920733b7 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b41783d71..a491cf973 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -69,6 +69,10 @@ PP/15 LDAP: Check for errors of TLS initialisation, to give correct
       diagnostics.
       Report and patch from Dmitry Banschikov.
 
+PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
+      Removed SSL_clear() after SSL_new() which led to protocol negotiation
+      failures.  We appear to now support TLS1.1+ with Exim.
+
 
 Exim version 4.77
 -----------------
author	Phil Pennock <pdp@exim.org>	2012-05-03 19:11:49 -0700
committer	Phil Pennock <pdp@exim.org>	2012-05-03 19:11:49 -0700
commit	da3ad30dcfbb4770835c2b7e165bb719f76cfc16 (patch)
tree	98071a567e2c77ad855dcbcee5871f5bf7207436 /doc/doc-txt/ChangeLog
parent	e74376d84aa63876c9a3b240513b8f38920733b7 (diff)