OpenSSL fixes and backwards compat break.

[exim.git] / doc / doc-txt / NewStuff

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index b962b61a24a71481a3c3da7c19f2266827d1634a..0aee33cec83dfc0987eeea199a4e0dc3ee7b1a7f 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -33,6 +33,15 @@ Version 4.78
     into the DBM library.  Can be used with gsasl to access sasldb2 files as
     used by Cyrus SASL.
 
+ 6. OpenSSL now supports TLS1.1 and TLS1.2 with OpenSSL 1.0.1.
+
+    Avoid release 1.0.1a if you can.  Note that the default value of
+    "openssl_options" is no longer "+dont_insert_empty_fragments", as that
+    increased susceptibility to attack.  This may still have interoperability
+    implications for very old clients (see version 4.31 change 37) but
+    administrators can choose to make the trade-off themselves and restore
+    compatibility at the cost of session security.
+
 
 Version 4.77
 ------------