diff options
author | Phil Pennock <pdp@exim.org> | 2012-06-01 05:52:31 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-06-01 05:52:31 -0400 |
commit | 54c90be16587ca315041c964e251f07fc2bcf0e9 (patch) | |
tree | 5ceb2487ddd6f8cf06f564e0da4deb0497430c1f /doc/doc-txt | |
parent | 12f6998964d44c0a40783162fc37eabe770f4382 (diff) |
tls_dh_min_bits smtp transport option
Could not find an API for use with OpenSSL, so GnuTLS only
Diffstat (limited to 'doc/doc-txt')
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 11 | ||||
-rw-r--r-- | doc/doc-txt/OptionLists.txt | 2 |
3 files changed, 16 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 533ce5035..635533fda 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -9,6 +9,9 @@ PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities. PP/02 Make -n do something, by making it not do something. When combined with -bP, the name of an option is not output. +PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured + by GnuTLS. + Exim version 4.80 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 5088a24c4..be8285b67 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -20,6 +20,17 @@ Version 4.81 For instance, "exim -n -bP pid_file_path" should just emit a pathname followed by a newline, and no other text. + 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now + has a "tls_dh_min_bits" option, to set the minimum acceptable number of + bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites) + acceptable for security. (Option accepted but ignored if using OpenSSL). + Defaults to 1024, the old value. May be lowered only to 512, or raised as + far as you like. Raising this may hinder TLS interoperability with other + sites and is not currently recommended. Lowering this will permit you to + establish a TLS session which is not as secure as you might like. + + Unless you really know what you are doing, leave it alone. + Version 4.80 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 45b7997d1..b8e8599ed 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -548,6 +548,7 @@ tls_advertise_hosts host list * main tls_certificate string* unset main 3.20 unset smtp 3.20 tls_dh_max_bits integer 2236 main 4.80 +tls_dh_min_bits integer 1024 smtp 4.81 tls_dhparam string* unset main 3.20 tls_on_connect_ports string unset main 4.43 tls_privatekey string* unset main 3.20 @@ -623,6 +624,7 @@ provide compatibility with Sendmail. -bh Test incoming SMTP call, omitting callouts -bhc Test incoming SMTP call, with callouts -bi * Run <command>bi_command</command> +-bI:help Show list of accepted -bI:<tag> options -bm Accept message on standard input -bmalware + Invoke configured malware scanning against supplied filename -bnq Don't qualify addresses in locally submitted messages |