1 $Cambridge: exim/doc/doc-txt/NewStuff,v 1.27 2005/03/08 11:38:21 ph10 Exp $
6 This file contains descriptions of new features that have been added to Exim,
7 but have not yet made it into the main manual (which is most conveniently
8 updated when there is a relatively large batch of changes). The doc/ChangeLog
9 file contains a listing of all changes, including bug fixes.
15 PH/01. The format in which GnuTLS parameters are written to the gnutls-param
16 file in the spool directory has been changed. This change has been made
17 to alleviate problems that some people had with the generation of the
18 parameters by Exim when /dev/random was exhausted. In this situation,
19 Exim would hang until /dev/random acquired some more entropy.
21 The new code exports and imports the DH and RSA parameters in PEM
22 format. This means that the parameters can be generated externally using
23 the certtool command that is part of GnuTLS.
25 To replace the parameters with new ones, instead of deleting the file
26 and letting Exim re-create it, you can generate new parameters using
27 certtool and, when this has been done, replace Exim's cache file by
28 renaming. The relevant commands are something like this:
32 # chown exim:exim new.params
33 # chmod 0400 new.params
34 # certtool --generate-privkey --bits 512 >new.params
35 # echo "" >>new.params
36 # certtool --generate-dh-params --bits 1024 >> new.params
37 # mv new.params params
39 If Exim never has to generate the parameters itself, the possibility of
46 The documentation is up-to-date for the 4.50 release.