diff options
Diffstat (limited to 'doc/doc-txt')
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a491cf973..4ad79c28e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -73,6 +73,9 @@ PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options". Removed SSL_clear() after SSL_new() which led to protocol negotiation failures. We appear to now support TLS1.1+ with Exim. +PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate + lets Exim select keys and certificates based upon TLS SNI from client. + Exim version 4.77 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 0aee33cec..b788b45dc 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -42,6 +42,13 @@ Version 4.78 administrators can choose to make the trade-off themselves and restore compatibility at the cost of session security. + 7. Use of the new expansion variable $tls_sni in the main configuration option + tls_certificate will cause Exim to re-expand the option, if the client + sends the TLS Server Name Indication extension, to permit choosing a + different certificate; tls_privatekey will also be re-expanded. You must + still set these options to expand to valid files when $tls_sni is not set. + Currently OpenSSL only. + Version 4.77 ------------ |