From 6db92eab5917e515c83fd773dad6111177a0207f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 6 Nov 2021 20:56:05 +0000 Subject: Revert "GnuTLS: lose DH-param setup, for recent library versions where no longer needed". Bug 2822 It seems the documentation lies and the params really are needed. This reverts commits 041bf37266, 49132a3bb5c6 --- doc/doc-docbook/spec.xfpt | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'doc/doc-docbook') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index dcda2ff79..a8cd63b19 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -18429,12 +18429,7 @@ larger prime than requested. The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -This option is ignored for GnuTLS version 3.6.0 and later. -The library manages parameter negotiation internally. - -&*Note: The Exim Maintainers strongly recommend, -for other TLS library versions, -using a filename with site-generated +&*Note: The Exim Maintainers strongly recommend using a filename with site-generated local DH parameters*&, which has been supported across all versions of Exim. The other specific constants available are a fallback so that even when "unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS. -- cgit v1.2.3