DKIM: support multiple hash methods

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 862c8f91d901ea0d1fc38665cedbbacd669b3e74..61a6f0e83274d4c2ed6bb0e99aa1e6ca8871ef69 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23799,6 +23799,7 @@ of the message. Its value must not be zero. See also &%final_timeout%&.
 .option dkim_canon smtp string&!! unset
 .option dkim_strict smtp string&!! unset
 .option dkim_sign_headers smtp string&!! unset
+.option dkim_hash smtp string&!! sha256
 DKIM signing options.  For details see section &<<SECDKIMSIGN>>&.
 
 
@@ -38569,6 +38570,12 @@ list of header names. Headers with these names will be included in the message
 signature.
 When unspecified, the header names recommended in RFC4871 will be used.
 
+.new
+.option dkim_hash smtp string&!! sha256
+Can be set alternatively to &"sha1"& to use an alternate hash
+method.  Note that sha1 is now condidered insecure, and deprecated.
+.wen
+
 
 .section "Verifying DKIM signatures in incoming mail" "SECID514"
 .cindex "DKIM" "verification"