From 49132a3bb5c65364b1d9cc5b405bd0ef046e7828 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 6 Oct 2019 15:36:25 +0100 Subject: GnuTLS: lose DH-param setup, for recent library versions where no longer needed --- doc/doc-docbook/spec.xfpt | 9 ++++++++- doc/doc-txt/ChangeLog | 5 +++++ 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 3afc62989..c0c7bdc80 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17736,7 +17736,14 @@ larger prime than requested. The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -&*Note: The Exim Maintainers strongly recommend using a filename with site-generated +.new +&*Note: This option is ignored for GnuTLS version 3.6.0 and later. +The library manages parameter negitiation internally. +.wen + +&*Note: The Exim Maintainers strongly recommend, +for other TLS braries, +using a filename with site-generated local DH parameters*&, which has been supported across all versions of Exim. The other specific constants available are a fallback so that even when "unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index cad1f5abb..93f4a1eb2 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -187,6 +187,11 @@ JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. +JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman + parameters. The relevant library call is documented as "Deprecated: This + function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since + 3.6.0, DH parameters are negotiated following RFC7919." + Exim version 4.92 ----------------- -- cgit v1.2.3