X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/cae6e576b589efbe9e22cd65e5f890b21ce84f02..a799883d8ad340d935db4d729a31c02cb8a1d977:/src/README.UPDATING diff --git a/src/README.UPDATING b/src/README.UPDATING index a15bd418e..6a820bc7c 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -142,6 +142,21 @@ Exim version 4.80 fail completely. (The check is not done as root, to ensure that problems here are not made worse by the check). + * The "tls_dhparam" option has been updated, so that it can now specify a + path or an identifier for a standard DH prime from one of a few RFCs. + The default for OpenSSL is no longer to not use DH but instead to use + one of these standard primes. The default for GnuTLS is no longer to use + a file in the spool directory, but to use that same standard prime. + The option is now used by GnuTLS too. If it points to a path, then + GnuTLS will use that path, instead of a file in the spool directory; + GnuTLS will attempt to create it if it does not exist. + + To preserve the previous behaviour of generating files in the spool + directory, set "tls_dhparam = historic". Since prior releases of Exim + ignored tls_dhparam when using GnuTLS, this can safely be done before + the upgrade. + + Exim version 4.77 -----------------