X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/8985012787adcd5c6c57f2cc19bc66da78ed8610..f1356ac2d868910947ccc2b3b4b546a0839c5e45:/templates/static/doc/security/CVE-2019-15846.txt

diff --git a/templates/static/doc/security/CVE-2019-15846.txt b/templates/static/doc/security/CVE-2019-15846.txt
index aabdf1d..f82b8e3 100644
--- a/templates/static/doc/security/CVE-2019-15846.txt
+++ b/templates/static/doc/security/CVE-2019-15846.txt
@@ -27,10 +27,12 @@ Mitigation
 
 Do not offer TLS. (This mitigation is not recommended.)
 
-For a attacking SNI the following ACL snippet should work:
+For a attacking TLS client the following ACL snippet should work:
 
-    # to be prepended to your mail acl (acl_smtp_mail)
+    # to be prepended to your mail acl (the ACL referenced
+    # by the acl_smtp_mail main config option)
     deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
+    deny    condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
 
 Fix
 ===