Re: [exim-dev] gnutls_compat_mode is only available as main …

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: Re: [exim-dev] gnutls_compat_mode is only available as main configuration option
On 2012-06-02 Phil Pennock <pdp@???> wrote:
> On 2012-06-01 at 19:26 +0200, Andreas Metzler wrote:
> > The docs for gnutls_compat_mode are not correct: It only exists as a

[...}
> > I can try to come up with a patch for the docmentation, unless you
> > think the sorce should be changed.


> Doc fix please. The tls_require_ciphers, as you say, means that
> gnutls_compat_mode is not needed and should probably be marked
> deprecated. Feel free to call it that and advise people to use
> tls_require_ciphers instead.


Patch attached, please doublecheck the wording.

thanks, cu andreas
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 3c5f5bd..8053bdf 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -13745,7 +13745,12 @@ See &%gecos_name%& above.
.option gnutls_compat_mode main boolean unset
This option controls whether GnuTLS is used in compatibility mode in an Exim
server. This reduces security slightly, but improves interworking with older
-implementations of TLS.
+implementations of TLS. This deprecated setting applies to both incoming and
+outgoing connections. Using the special keyword %COMPAT in the GnuTLS
+priority string (exim option &%tls_require_ciphers%&, see section
+&<<SECTreqciphgnu>>&) has the same effect and allows to selectively enable
+compat mode for incoming (main option) or outgoing (smtp transport option)
+connections.

.option headers_charset main string "see below"
This option sets a default character set for translating from encoded MIME
@@ -22177,11 +22182,6 @@ being used, names are looked up using &[gethostbyname()]&
instead of using the DNS. Of course, that function may in fact use the DNS, but
it may also consult other sources of information such as &_/etc/hosts_&.

-.option gnutls_compat_mode smtp boolean unset
-This option controls whether GnuTLS is used in compatibility mode in an Exim
-server. This reduces security slightly, but improves interworking with older
-implementations of TLS.
-
.option helo_data smtp string&!! "see below"
.cindex "HELO" "argument, setting"
.cindex "EHLO" "argument, setting"