GnuTLS: lose DH-param setup, for recent library versions where no longer needed

2 files changed, 13 insertions, 1 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 3afc62989..c0c7bdc80 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17736,7 +17736,14 @@ larger prime than requested.
 The value of this option is expanded and indicates the source of DH parameters
 to be used by Exim.
 
-&*Note: The Exim Maintainers strongly recommend using a filename with site-generated
+.new
+&*Note: This option is ignored for GnuTLS version 3.6.0 and later.
+The library manages parameter negitiation internally.
+.wen
+
+&*Note: The Exim Maintainers strongly recommend,
+for other TLS braries,
+using a filename with site-generated
 local DH parameters*&, which has been supported across all versions of Exim.  The
 other specific constants available are a fallback so that even when
 "unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index cad1f5abb..93f4a1eb2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -187,6 +187,11 @@ JH/39 Promote DMARC support to mainline.
 
 JH/40 Bug 2452: Add a References: header to DSNs.
 
+JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
+      parameters.  The relevant library call is documented as "Deprecated: This
+      function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
+      3.6.0, DH parameters are negotiated following RFC7919."
+
 
 Exim version 4.92
 -----------------