OpenSSL: when supported by the library version, disable renegotiation for pre-TLS1.3

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ac7f3357d9efc8383c54cbb77e6ffedccf4c0ca4..c5b2ca2d8b885546eb27c4f201ab648750fbe236 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -200,6 +200,10 @@ JH/43 Bug 2465: Fix taint-handling in dsearch lookup.  Previously a nontainted
       buffer was used for the filename, resulting in a trap when tainted
       arguments (eg. $domain) were used.
 
+JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below;
+      recommended to avoid a possible server-load attack.  The feature can be
+      re-enabled via the openssl_options main cofiguration option.
+
 
 Exim version 4.92
 -----------------