summaryrefslogtreecommitdiff
path: root/doc/doc-txt
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-06-01 05:52:31 -0400
committerPhil Pennock <pdp@exim.org>2012-06-01 05:52:31 -0400
commit54c90be16587ca315041c964e251f07fc2bcf0e9 (patch)
tree5ceb2487ddd6f8cf06f564e0da4deb0497430c1f /doc/doc-txt
parent12f6998964d44c0a40783162fc37eabe770f4382 (diff)
tls_dh_min_bits smtp transport option
Could not find an API for use with OpenSSL, so GnuTLS only
Diffstat (limited to 'doc/doc-txt')
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--doc/doc-txt/NewStuff11
-rw-r--r--doc/doc-txt/OptionLists.txt2
3 files changed, 16 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 533ce5035..635533fda 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -9,6 +9,9 @@ PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
PP/02 Make -n do something, by making it not do something.
When combined with -bP, the name of an option is not output.
+PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
+ by GnuTLS.
+
Exim version 4.80
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 5088a24c4..be8285b67 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -20,6 +20,17 @@ Version 4.81
For instance, "exim -n -bP pid_file_path" should just emit a pathname
followed by a newline, and no other text.
+ 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now
+ has a "tls_dh_min_bits" option, to set the minimum acceptable number of
+ bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites)
+ acceptable for security. (Option accepted but ignored if using OpenSSL).
+ Defaults to 1024, the old value. May be lowered only to 512, or raised as
+ far as you like. Raising this may hinder TLS interoperability with other
+ sites and is not currently recommended. Lowering this will permit you to
+ establish a TLS session which is not as secure as you might like.
+
+ Unless you really know what you are doing, leave it alone.
+
Version 4.80
------------
diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
index 45b7997d1..b8e8599ed 100644
--- a/doc/doc-txt/OptionLists.txt
+++ b/doc/doc-txt/OptionLists.txt
@@ -548,6 +548,7 @@ tls_advertise_hosts host list * main
tls_certificate string* unset main 3.20
unset smtp 3.20
tls_dh_max_bits integer 2236 main 4.80
+tls_dh_min_bits integer 1024 smtp 4.81
tls_dhparam string* unset main 3.20
tls_on_connect_ports string unset main 4.43
tls_privatekey string* unset main 3.20
@@ -623,6 +624,7 @@ provide compatibility with Sendmail.
-bh Test incoming SMTP call, omitting callouts
-bhc Test incoming SMTP call, with callouts
-bi * Run <command>bi_command</command>
+-bI:help Show list of accepted -bI:<tag> options
-bm Accept message on standard input
-bmalware + Invoke configured malware scanning against supplied filename
-bnq Don't qualify addresses in locally submitted messages