diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2023-01-05 18:39:51 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2023-01-05 18:39:51 +0000 |
commit | 30520c8f87fcf660ed99a2344cae7f9787f7bc89 (patch) | |
tree | d54235f8859fd44eb139a3a4f5ee7e0cd079864d /doc/doc-txt | |
parent | e1aca33756f73c22b00a98d40ce2be8ed94464b1 (diff) | |
download | exim4-30520c8f87fcf660ed99a2344cae7f9787f7bc89.tar.gz |
DANE: do not check dns_again_means_nonexist for TLSA results of TRY_AGAIN
Diffstat (limited to 'doc/doc-txt')
-rw-r--r-- | doc/doc-txt/ChangeLog | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f51a23c9c..45834756b 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -98,6 +98,10 @@ JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously this always failed, probably leading to the usual downgrade to in-clear connections. +JH/20 Fix TLSA lookups. Previously dns_again_means_nonexist would affect + SERVFAIL results, which breaks the downgrade resistance of DANE. Change + to not checking that list for these looks. + Exim version 4.96 ----------------- |