OpenSSL: tls_eccurves list support. Bug 2955

2 files changed, 13 insertions, 6 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9243bd3f9..7c8dee36f 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -18454,20 +18454,25 @@ prior to the 4.80 release, as Debian used to patch Exim to raise the minimum
 acceptable bound from 1024 to 2048.
 
 
-.option tls_eccurve main string&!! &`auto`&
+.option tls_eccurve main string list&!! &`auto`&
 .cindex TLS "EC cryptography"
-This option selects a EC curve for use by Exim when used with OpenSSL.
+This option selects EC curves for use by Exim when used with OpenSSL.
 It has no effect when Exim is used with GnuTLS.
 
-After expansion it must contain a valid EC curve parameter, such as
-&`prime256v1`&, &`secp384r1`&, or &`P-512`&. Consult your OpenSSL manual
-for valid selections.
+After expansion it must contain
+.new
+one or (only for OpenSSL versiona 1.1.1 onwards) more
+.wen
+EC curve names, such as &`prime256v1`&, &`secp384r1`&, or &`P-521`&.
+Consult your OpenSSL manual for valid curve names.
 
 For OpenSSL versions before (and not including) 1.0.2, the string
 &`auto`& selects &`prime256v1`&. For more recent OpenSSL versions
 &`auto`& tells the library to choose.
 
-If the option expands to an empty string, no EC curves will be enabled.
+.new
+If the option expands to an empty string, the effect is undefined.
+.wen
 
 
 .option tls_ocsp_file main string&!! unset
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index b00399511..c1e139e35 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -19,6 +19,8 @@ Version 4.97
 
  5. The smtp transport option "max_rcpt" is now expanded before use.
 
+ 6. The tls_eccurve option for OpenSSL now takes a list of group names
+
 Version 4.96
 ------------