diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-27 09:14:39 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-27 09:14:39 -0400 |
commit | a799883d8ad340d935db4d729a31c02cb8a1d977 (patch) | |
tree | 3ceb2a5d711c3430aba48a47cfed59c73d6ddda9 /doc/doc-txt/NewStuff | |
parent | cae6e576b589efbe9e22cd65e5f890b21ce84f02 (diff) |
For DH, use standard primes from RFCs
Diffstat (limited to 'doc/doc-txt/NewStuff')
-rw-r--r-- | doc/doc-txt/NewStuff | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 59994448f..0c3fccb74 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -100,6 +100,12 @@ Version 4.80 hard-coded limit of DH ephemeral bits, to fix interop problems caused by GnuTLS 2.12 library recommending a bit count higher than NSS supports. +16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier. + Option can now be a path or an identifier for a standard prime. + If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23". + Set to "historic" to get the old GnuTLS behaviour of auto-generated DH + primes. + Version 4.77 ------------ |