diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-27 09:14:39 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-27 09:14:39 -0400 |
commit | a799883d8ad340d935db4d729a31c02cb8a1d977 (patch) | |
tree | 3ceb2a5d711c3430aba48a47cfed59c73d6ddda9 /src/README.UPDATING | |
parent | cae6e576b589efbe9e22cd65e5f890b21ce84f02 (diff) | |
download | exim4-a799883d8ad340d935db4d729a31c02cb8a1d977.tar.gz |
For DH, use standard primes from RFCs
Diffstat (limited to 'src/README.UPDATING')
-rw-r--r-- | src/README.UPDATING | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/README.UPDATING b/src/README.UPDATING index a15bd418e..6a820bc7c 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -142,6 +142,21 @@ Exim version 4.80 fail completely. (The check is not done as root, to ensure that problems here are not made worse by the check). + * The "tls_dhparam" option has been updated, so that it can now specify a + path or an identifier for a standard DH prime from one of a few RFCs. + The default for OpenSSL is no longer to not use DH but instead to use + one of these standard primes. The default for GnuTLS is no longer to use + a file in the spool directory, but to use that same standard prime. + The option is now used by GnuTLS too. If it points to a path, then + GnuTLS will use that path, instead of a file in the spool directory; + GnuTLS will attempt to create it if it does not exist. + + To preserve the previous behaviour of generating files in the spool + directory, set "tls_dhparam = historic". Since prior releases of Exim + ignored tls_dhparam when using GnuTLS, this can safely be done before + the upgrade. + + Exim version 4.77 ----------------- |