diff options
author | Phil Pennock <pdp@exim.org> | 2012-06-01 05:52:31 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-06-01 05:52:31 -0400 |
commit | 54c90be16587ca315041c964e251f07fc2bcf0e9 (patch) | |
tree | 5ceb2487ddd6f8cf06f564e0da4deb0497430c1f /doc/doc-txt/NewStuff | |
parent | 12f6998964d44c0a40783162fc37eabe770f4382 (diff) |
tls_dh_min_bits smtp transport option
Could not find an API for use with OpenSSL, so GnuTLS only
Diffstat (limited to 'doc/doc-txt/NewStuff')
-rw-r--r-- | doc/doc-txt/NewStuff | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 5088a24c4..be8285b67 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -20,6 +20,17 @@ Version 4.81 For instance, "exim -n -bP pid_file_path" should just emit a pathname followed by a newline, and no other text. + 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now + has a "tls_dh_min_bits" option, to set the minimum acceptable number of + bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites) + acceptable for security. (Option accepted but ignored if using OpenSSL). + Defaults to 1024, the old value. May be lowered only to 512, or raised as + far as you like. Raising this may hinder TLS interoperability with other + sites and is not currently recommended. Lowering this will permit you to + establish a TLS session which is not as secure as you might like. + + Unless you really know what you are doing, leave it alone. + Version 4.80 ------------ |