diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 11 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 2 |
2 files changed, 12 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index b20d82311..00f0dac02 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -18481,8 +18481,17 @@ of the later IKE values, which led into RFC7919 providing new fixed constants (the "ffdhe" identifiers). At this point, all of the "ike" values should be considered obsolete; -they're still in Exim to avoid breaking unusual configurations, but are +they are still in Exim to avoid breaking unusual configurations, but are candidates for removal the next time we have backwards-incompatible changes. +.new +Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247 +as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as +SHOULD NOT. +Because of this, Exim regards them as deprecated; if either of the first pair +are used, warnings will be logged in the paniclog, and if any are used then +warnings will be logged in the mainlog. +All four will be removed in a future Exim release. +.wen The TLS protocol does not negotiate an acceptable size for this; clients tend to hard-drop connections if what is offered by the server is unacceptable, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index b155e6b9d..e7c7085f8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -63,6 +63,8 @@ JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value in 4.95 trapped when normalisation was applied to an option not needing expansion action. +JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. + Exim version 4.95 ----------------- |