For DH, use standard primes from RFCs

author: Phil Pennock <pdp@exim.org> 2012-05-27 09:14:39 -0400
committer: Phil Pennock <pdp@exim.org> 2012-05-27 09:14:39 -0400
commit: a799883d8ad340d935db4d729a31c02cb8a1d977 (patch)
tree: 3ceb2a5d711c3430aba48a47cfed59c73d6ddda9 /doc/doc-txt/NewStuff
parent: cae6e576b589efbe9e22cd65e5f890b21ce84f02 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 59994448f..0c3fccb74 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -100,6 +100,12 @@ Version 4.80
     hard-coded limit of DH ephemeral bits, to fix interop problems caused by
     GnuTLS 2.12 library recommending a bit count higher than NSS supports.
 
+16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier.
+    Option can now be a path or an identifier for a standard prime.
+    If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23".
+    Set to "historic" to get the old GnuTLS behaviour of auto-generated DH
+    primes.
+
 
 Version 4.77
 ------------
author	Phil Pennock <pdp@exim.org>	2012-05-27 09:14:39 -0400
committer	Phil Pennock <pdp@exim.org>	2012-05-27 09:14:39 -0400
commit	a799883d8ad340d935db4d729a31c02cb8a1d977 (patch)
tree	3ceb2a5d711c3430aba48a47cfed59c73d6ddda9 /doc/doc-txt/NewStuff
parent	cae6e576b589efbe9e22cd65e5f890b21ce84f02 (diff)