diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-05-26 16:36:08 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-06-14 20:57:55 +0100 |
commit | 10ca4f1ca3116f346dcc19645b59c443e57d26a8 (patch) | |
tree | f0df6defb69d8cb068f1d21dc1677e526a29f32f /doc | |
parent | 0ba0ee973ddbf1766845642873e668b1a1fdc8a3 (diff) |
Add tls_eccurve main config option. Bug 1397
Patch from Suse, massaged by JH
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 18 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 2 |
2 files changed, 20 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d44349c20..50dfaf1fd 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -13436,6 +13436,7 @@ listed in more than one group. .row &%tls_crl%& "certificate revocation list" .row &%tls_dh_max_bits%& "clamp D-H bit count suggestion" .row &%tls_dhparam%& "DH parameters for server" +.row &%tls_eccurve%& "EC curve selection for server" .row &%tls_ocsp_file%& "location of server certificate status proof" .row &%tls_on_connect_ports%& "specify SSMTP (SMTPS) ports" .row &%tls_privatekey%& "location of server private key" @@ -16627,7 +16628,22 @@ prior to the 4.80 release, as Debian used to patch Exim to raise the minimum acceptable bound from 1024 to 2048. +.option tls_eccurve main string&!! prime256v1 +.cindex TLS "EC cryptography" +If built with a recent-enough version of OpenSSL, +this option selects a EC curve for use by Exim. + +Curve names of the form &'prime256v1'& are accepted. +For even more-recent library versions, names of the form &'P-512'& +are also accepted, plus the special value &'auto'& +which tell the library to choose. + +If the option is set to an empty string, no EC curves will be enabled. + + .option tls_ocsp_file main string&!! unset +.cindex TLS "certificate status" +.cindex TLS "OCSP proof file" This option must if set expand to the absolute path to a file which contains a current status proof for the server's certificate, as obtained from the @@ -16635,6 +16651,8 @@ Certificate Authority. .option tls_on_connect_ports main "string list" unset +.cindex SSMTP +.cindex SMTPS This option specifies a list of incoming SSMTP (aka SMTPS) ports that should operate the obsolete SSMTP (SMTPS) protocol, where a TLS session is immediately set up without waiting for the client to issue a STARTTLS command. For diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index e10a32b3f..010c90d15 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -37,6 +37,8 @@ Version 4.86 12. A non-SMTP authenticator using information from TLS client certificates. +13. Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. + Version 4.85 ------------ |