X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/da3ad30dcfbb4770835c2b7e165bb719f76cfc16..3f7eeb86e15557a030b86e90d62708e96d68c023:/doc/doc-txt/NewStuff

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 0aee33cec..96839cde6 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -42,6 +42,34 @@ Version 4.78
     administrators can choose to make the trade-off themselves and restore
     compatibility at the cost of session security.
 
+ 7. Use of the new expansion variable $tls_sni in the main configuration option
+    tls_certificate will cause Exim to re-expand the option, if the client
+    sends the TLS Server Name Indication extension, to permit choosing a
+    different certificate; tls_privatekey will also be re-expanded.  You must
+    still set these options to expand to valid files when $tls_sni is not set.
+
+    The SMTP Transport has gained the option tls_sni, which will set a hostname
+    for outbound TLS sessions, and set $tls_sni too.
+
+    A new log_selector, +tls_sni, has been added, to log received SNI values
+    for Exim as a server.
+
+    Currently OpenSSL only.
+
+ 8. The existing "accept_8bitmime" option now defaults to true.  This means
+    that Exim is deliberately not strictly RFC compliant.  We're following
+    Dan Bernstein's advice in http://cr.yp.to/smtp/8bitmime.html by default.
+    Those who disagree, or know that they are talking to mail servers that,
+    even today, are not 8-bit clean, need to turn off this option.
+
+ 9. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file
+    is now available.  If the contents of the file are valid, then Exim will
+    send that back in response to a TLS status request; this is OCSP Stapling.
+    Exim will not maintain the contents of the file in any way: administrators
+    are responsible for ensuring that it is up-to-date.
+
+    See "experimental-spec.txt" for more details.
+
 
 Version 4.77
 ------------