Logging: mark continued-TLS connection deliveries with "X-*"

2 files changed, 6 insertions, 4 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index be93cf670..91dacb7bb 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -35769,9 +35769,10 @@ down a single SMTP connection, an asterisk follows the IP address in the log
 lines for the second and subsequent messages.
 .new
 When two or more messages are delivered down a single TLS connection, the
-TLS-related information logged for the first message delivered
-(which may not be the earliest line in the log)
+DNS and TLS-related information logged for the first message delivered
 will not be present in the log lines for the second and subsequent messages.
+A TLS-marker indication of &'X=*'& is added to the log line instead of
+cipher information.
 .wen
 
 .cindex "delivery" "cutthrough; logging"
@@ -35900,7 +35901,7 @@ the following table:
 &`T   `&        on &`<=`& lines: message subject (topic)
 &`    `&        on &`=>`& &`**`& and &`==`& lines: transport name
 &`U   `&        local user or RFC 1413 identity
-&`X   `&        TLS cipher suite
+&`X   `&        TLS cipher suite, or TLS usage mark
 .endd
 
 
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5b5dcbd7f..f43475ba3 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -24,7 +24,8 @@ JH/03 Rework the transport continued-connection mechanism: when TLS is active,
       the passed-on TCP connection.  Instead, proxy the child (and any
       subsequent ones) for TLS via a unix-domain socket channel.  Logging is
       affected: the continued delivery log lines do not have any DNSSEC, TLS
-      cipher, Certificate or OCSP information.
+      cipher, Certificate or OCSP information. A "continued-TLS" marker is
+      added instead of the cipher information: "X=*".
 
 JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
       identical IP addresses on different listening ports.  Will also affect