the message. No tool has been provided as we believe this is a rare
occurence.
+ * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2. If built
+ against 1.0.1a then you will get a warning message and the
+ "openssl_options" value will not parse "no_tlsv1_1": the value changes
+ incompatibly between 1.0.1a and 1.0.1b, because the value chosen for 1.0.1a
+ is infelicitous. We advise avoiding 1.0.1a.
+
+ "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression".
+
+ COMPATIBILITY WARNING: The default value of "openssl_options" is no longer
+ "+dont_insert_empty_fragments". We default to unset. That old default was
+ grandfathered in from before openssl_options became a configuration option.
+ Empty fragments are inserted by default through TLS1.0, to partially defend
+ against certain attacks; TLS1.1+ change the protocol so that this is not
+ needed. The DIEF SSL option was required for some old releases of mail
+ clients which did not gracefully handle the empty fragments, and was
+ initially set in Exim release 4.31 (see ChangeLog, item 37).
+
+ If you still have affected mail-clients, and you see SSL protocol failures
+ with this release of Exim, set:
+ openssl_options = +dont_insert_empty_fragments
+ in the main section of your Exim configuration file. You're trading off
+ security for compatibility. Exim is now defaulting to higher security and
+ rewarding more modern clients.
+
+ * Ldap lookups returning multi-valued attributes now separate the attributes
+ with only a comma, not a comma-space sequence. Also, an actual comma within
+ a returned attribute is doubled. This makes it possible to parse the
+ attribute as a comma-separated list. Note the distinction from multiple
+ attributes being returned, where each one is a name=value pair.
+
Exim version 4.77
-----------------