OpenSSL: Default the SINGLE_DH_USE option flag set

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 52d4aeb56f506777acb1c0b47db01f9775d100b8..09437e40ed847a932e7ee449f4e78f277fe37561 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -144,6 +144,10 @@ JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
       support, by using OpenSSL or GnuTLS library ones.  This means DKIM is
       only supported when built with TLS support.
 
+JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
+      openssl_options), for security.  OpenSSL forces this from version 1.1.0
+      server-side so match that on older versions.
+
 
 Exim version 4.86
 -----------------