X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/3375e053c40dacf62a7eac02d52438a43398c053..b265a59bf8ed5ebcf83ca359ce7f45533045b925:/src/README.UPDATING?ds=sidebyside

diff --git a/src/README.UPDATING b/src/README.UPDATING
index e685b8ec3..6a820bc7c 100644
--- a/src/README.UPDATING
+++ b/src/README.UPDATING
@@ -31,6 +31,7 @@ Exim version 4.80
 
  * BEWARE backwards-incompatible changes in SSL libraries, thus the version
    bump.  See points below for details.
+   Also an LDAP data returned format change.
 
  * The value of $tls_peerdn is now print-escaped when written to the spool file
    in a -tls_peerdn line, and unescaped when read back in.  We received reports
@@ -77,6 +78,12 @@ Exim version 4.80
    attribute as a comma-separated list.  Note the distinction from multiple
    attributes being returned, where each one is a name=value pair.
 
+   If you are currently splitting the results from LDAP upon a comma, then you
+   should check carefully to see if adjustments are needed.
+
+   This change lets cautious folks distinguish "comma used as separator for
+   joining values" from "comma inside the data".
+
  * accept_8bitmime now defaults on, which is not RFC compliant but is better
    suited to today's Internet.  See http://cr.yp.to/smtp/8bitmime.html for a
    sane rationale.  Those who wish to be strictly RFC compliant, or know that
@@ -135,6 +142,21 @@ Exim version 4.80
    fail completely.  (The check is not done as root, to ensure that problems
    here are not made worse by the check).
 
+ * The "tls_dhparam" option has been updated, so that it can now specify a
+   path or an identifier for a standard DH prime from one of a few RFCs.
+   The default for OpenSSL is no longer to not use DH but instead to use
+   one of these standard primes.  The default for GnuTLS is no longer to use
+   a file in the spool directory, but to use that same standard prime.
+   The option is now used by GnuTLS too.  If it points to a path, then
+   GnuTLS will use that path, instead of a file in the spool directory;
+   GnuTLS will attempt to create it if it does not exist.
+
+   To preserve the previous behaviour of generating files in the spool
+   directory, set "tls_dhparam = historic".  Since prior releases of Exim
+   ignored tls_dhparam when using GnuTLS, this can safely be done before
+   the upgrade.
+
+
 
 Exim version 4.77
 -----------------