(the "ffdhe" identifiers).
At this point, all of the "ike" values should be considered obsolete;
-they're still in Exim to avoid breaking unusual configurations, but are
+they are still in Exim to avoid breaking unusual configurations, but are
candidates for removal the next time we have backwards-incompatible changes.
+.new
+Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247
+as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as
+SHOULD NOT.
+Because of this, Exim regards them as deprecated; if either of the first pair
+are used, warnings will be logged in the paniclog, and if any are used then
+warnings will be logged in the mainlog.
+All four will be removed in a future Exim release.
+.wen
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
the message override the banner message that is otherwise specified by the
&%smtp_banner%& option.
+.new
+For tls-on-connect connections, the ACL is run after the TLS connection
+is accepted (however, &%host_reject_connection%& is tested before).
+.wen
+
.section "The EHLO/HELO ACL" "SECID192"
.cindex "EHLO" "ACL for"
The name is placed in the variable &$event_name$& and the event action
expansion must check this, as it will be called for every possible event type.
+.new
The current list of events is:
.display
&`dane:fail after transport `& per connection
&`tcp:connect before transport `& per connection
&`tcp:close after transport `& per connection
&`tls:cert before both `& per certificate in verification chain
+&`tls:fail:connect after main `& per connection
&`smtp:connect after transport `& per connection
&`smtp:ehlo after transport `& per connection
.endd
+.wen
New event types may be added in future.
The event name is a colon-separated list, defining the type of
&`msg:rcpt:host:defer `& error string
&`msg:rcpt:defer `& error string
&`tls:cert `& verification chain depth
+&`tls:fail:connect `& error string
&`smtp:connect `& smtp banner
&`smtp:ehlo `& smtp ehlo response
.endd