Openssl: disable session-tickets by default and session-cache always

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 3e5d6f7fc4e544b5d96b38d11f577d4d84345d69..5dfc9b5bb00ceda7c9d74c56c38876100c8542cd 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -37,6 +37,15 @@ PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
 JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
       than 255 are no longer allowed.
 
+JH/06 Default openssl_options to include +no_ticket, to reduce load on peers.
+      Disable the session-cache too, which might reduce our load.  Since we
+      currrectly use a new context for every connection, both as server and
+      client, there is no benefit for these.
+      GnuTLS appears to not support tickets server-side by default (we don't
+      call gnutls_session_ticket_enable_server()) but client side is enabled
+      by default on recent versions (3.1.3 +) unless the PFS priority string
+      is used (3.2.4 +).
+
 
 Exim version 4.89
 -----------------