X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/d73757b42fbf0a1dea47211dd025215ba9a36568..9815773952dd56fe4d33291ace6d0ee7afd77852:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 56ce0693b..ad4df88ea 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -13986,7 +13986,7 @@ This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with the p11-kit configuration files in &_/etc/pkcs11/modules/_&. See -&url(http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs) +&url(http://www.gnutls.org/manual/gnutls.html#Smart-cards-and-HSMs) for documentation. .wen @@ -14742,6 +14742,8 @@ Possible options may include: .next &`no_tlsv1_2`& .next +&`safari_ecdhe_ecdsa_bug`& +.next &`single_dh_use`& .next &`single_ecdh_use`& @@ -14757,6 +14759,15 @@ Possible options may include: &`tls_rollback_bug`& .endlist +.new +As an aside, the &`safari_ecdhe_ecdsa_bug`& item is a misnomer and affects +all clients connecting using the MacOS SecureTransport TLS facility prior +to MacOS 10.8.4, including email clients. If you see old MacOS clients failing +to negotiate TLS then this option value might help, provided that your OpenSSL +release is new enough to contain this work-around. This may be a situation +where you have to upgrade OpenSSL to get buggy clients working. +.wen + .option oracle_servers main "string list" unset .cindex "Oracle" "server list" @@ -25586,10 +25597,10 @@ aware of future feature enhancements of GnuTLS. Documentation of the strings accepted may be found in the GnuTLS manual, under "Priority strings". This is online as -&url(http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html), +&url(http://www.gnutls.org/manual/html_node/Priority-Strings.html), but beware that this relates to GnuTLS 3, which may be newer than the version installed on your system. If you are using GnuTLS 3, -&url(http://www.gnu.org/software/gnutls/manual/html_node/Listing-the-ciphersuites-in-a-priority-string.html, then the example code) +&url(http://www.gnutls.org/manual/gnutls.html#Listing-the-ciphersuites-in-a-priority-string, then the example code) on that site can be used to test a given string. Prior to Exim 4.80, an older API of GnuTLS was used, and Exim supported three @@ -34424,14 +34435,14 @@ options are available: .vlist .vitem &*-f*&&~<&'regex'&> -Match the sender address. The field that is tested is enclosed in angle -brackets, so you can test for bounce messages with +Match the sender address using a case-insensitive search. The field that is +tested is enclosed in angle brackets, so you can test for bounce messages with .code exiqgrep -f '^<>$' .endd .vitem &*-r*&&~<&'regex'&> -Match a recipient address. The field that is tested is not enclosed in angle -brackets. +Match a recipient address using a case-insensitve search. The field that is +tested is not enclosed in angle brackets. .vitem &*-s*&&~<&'regex'&> Match against the size field.