summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-02-03 22:12:48 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2019-02-11 00:16:46 +0000
commitf1be21cf0b8b97a64dfe17f2ca05bb4b9efe8d32 (patch)
tree23737dcc9b4edacc24de82882c9e562100f53e52 /doc
parent826cb8c29cb1947cfc8f0e1b4e96c97e10a0e18a (diff)
TLS: add variables for the IETF standard name for the connection ciphersuite
(cherry picked from commit ffc3d145e3819e1a3762caa1bbe8b07e723fbaf2)
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-docbook/spec.xfpt29
-rw-r--r--doc/doc-txt/ChangeLog2
-rw-r--r--doc/doc-txt/NewStuff3
3 files changed, 27 insertions, 7 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 22f06e3c1..bb486d678 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -13347,6 +13347,12 @@ The deprecated &$tls_cipher$& variable is the same as &$tls_in_cipher$& during m
but in the context of an outward SMTP delivery taking place via the &(smtp)& transport
becomes the same as &$tls_out_cipher$&.
+.new
+.vitem &$tls_in_cipher_std$&
+.vindex "&$tls_in_cipher_std$&"
+As above, but returning the RFC standard name for the cipher suite.
+.wen
+
.vitem &$tls_out_cipher$&
.vindex "&$tls_out_cipher$&"
This variable is
@@ -13355,6 +13361,12 @@ and then set to the outgoing cipher suite if one is negotiated. See chapter
&<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
details of the &(smtp)& transport.
+,new
+.vitem &$tls_out_cipher_std$&
+.vindex "&$tls_out_cipher_std$&"
+As above, but returning the RFC standard name for the cipher suite.
+.wen
+
.vitem &$tls_out_dane$&
.vindex &$tls_out_dane$&
DANE active status. See section &<<SECDANE>>&.
@@ -16585,23 +16597,26 @@ on at the end (preceded by a semicolon). The string is expanded each time it is
used. If the expansion yields an empty string, no &'Received:'& header line is
added to the message. Otherwise, the string should start with the text
&"Received:"& and conform to the RFC 2822 specification for &'Received:'&
-header lines. The default setting is:
+header lines.
+.new
+The default setting is:
.code
received_header_text = Received: \
${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
- {${if def:sender_ident \
- {from ${quote_local_part:$sender_ident} }}\
- ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
+ {${if def:sender_ident \
+ {from ${quote_local_part:$sender_ident} }}\
+ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
by $primary_hostname \
- ${if def:received_protocol {with $received_protocol}} \
- ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\
+ ${if def:received_protocol {with $received_protocol }}\
+ ${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}\
(Exim $version_number)\n\t\
${if def:sender_address \
{(envelope-from <$sender_address>)\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}
.endd
+.wen
The reference to the TLS cipher is omitted when Exim is built without TLS
support. The use of conditional expansions ensures that this works for both
@@ -27476,7 +27491,7 @@ but is a full SMTP SASL authenticator
rather than being implicit for TLS-connection carried
client certificates only.
-The examples and discussion in this chapter assume that
+The examples and discussion in this chapter assume that
client-certificate authentication is being done.
The client must present a certificate,
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c8f3c586d..bc739ae2c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -18,6 +18,8 @@ JH/02 OpenSSL: suppress the sending of (stateful) TLS1.3 session tickets.
JH/03 Debug output for ACL now gives the config file name and line number for
each verb.
+JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.
+
Exim version 4.92
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 3b5cda15c..ad238f4c7 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -13,6 +13,9 @@ Version 4.93
2. A JSON lookup type, and JSON variants of the forall/any expansion conditions.
+ 3. Variables $tls_in_cipher_std, $tls_out_cipher_std giving the RFC names
+ for ciphersuites.
+
Version 4.92
--------------