X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/12f6998964d44c0a40783162fc37eabe770f4382..2a1b36b3082412c6723ec29c1fc1ef02589bd3b3:/doc/doc-txt/NewStuff

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 5088a24c4..e33d2858c 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -20,6 +20,31 @@ Version 4.81
     For instance, "exim -n -bP pid_file_path" should just emit a pathname
     followed by a newline, and no other text.
 
+ 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now
+    has a "tls_dh_min_bits" option, to set the minimum acceptable number of
+    bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites)
+    acceptable for security.  (Option accepted but ignored if using OpenSSL).
+    Defaults to 1024, the old value.  May be lowered only to 512, or raised as
+    far as you like.  Raising this may hinder TLS interoperability with other
+    sites and is not currently recommended.  Lowering this will permit you to
+    establish a TLS session which is not as secure as you might like.
+
+    Unless you really know what you are doing, leave it alone.
+
+ 4. If not built with DISABLE_DNSSEC, Exim now has the main option
+    dns_use_dnssec; if set to 1 then Exim will initialise the resolver library
+    to send the DO flag to your recursive resolver.  If you have a recursive
+    resolver, which can set the Authenticated Data (AD) flag in results, Exim
+    can now detect this.
+
+    Current status: work-in-progress; $sender_host_dnssec variable added.
+
+ 5. DSCP support for outbound connections: on a transport using the smtp driver,
+    set "dscp = ef", for instance, to cause the connections to have the relevant
+    DSCP (IPv4 TOS or IPv6 TCLASS) value in the header.  Supported values depend
+    upon system libraries.  "exim -bI:dscp" to list the ones Exim knows of.
+    You can also set a raw number 0..0x3F.
+
 
 Version 4.80
 ------------