Adding backwards-compat items: * OpenSSL loading of tls_dhparams constrained by new option tls_dh_max_bits
* Are validating tls_require_ciphers at start-up; note that not only does this affect invalid strings, but also broken binaries which previously segfaulted during delivery and might fall back to non-TLS if there was a non-TLS-advertising server in the MX pool, or might never have delivered to a TLS server. This latter one is more contentious. If we decide it's too contentious, we can back out by commenting out one invocation in readconf.c. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##