diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 9 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 5 |
2 files changed, 13 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 3afc62989..c0c7bdc80 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17736,7 +17736,14 @@ larger prime than requested. The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -&*Note: The Exim Maintainers strongly recommend using a filename with site-generated +.new +&*Note: This option is ignored for GnuTLS version 3.6.0 and later. +The library manages parameter negitiation internally. +.wen + +&*Note: The Exim Maintainers strongly recommend, +for other TLS braries, +using a filename with site-generated local DH parameters*&, which has been supported across all versions of Exim. The other specific constants available are a fallback so that even when "unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index cad1f5abb..93f4a1eb2 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -187,6 +187,11 @@ JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. +JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman + parameters. The relevant library call is documented as "Deprecated: This + function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since + 3.6.0, DH parameters are negotiated following RFC7919." + Exim version 4.92 ----------------- |