SECURITY: DKIM DNS buffer overflow protection

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index c71dfb1820e1a385ea502554ab9124c72632758f..ae1f7df03b339ddd88f4c27d0ea80d90645400bb 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -14385,7 +14385,7 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)&
 transport driver.
 
 
-.option openssl_options main "string list" unset
+.option openssl_options main "string list" "+no_sslv2"
 .cindex "OpenSSL "compatibility options"
 This option allows an administrator to adjust the SSL options applied
 by OpenSSL to connections.  It is given as a space-separated list of items,
@@ -15715,7 +15715,7 @@ parameters should be loaded.  If the file exists, it should hold a PEM-encoded
 PKCS#3 representation of the DH prime.  If the file does not exist, for
 OpenSSL it is an error.  For GnuTLS, Exim will attempt to create the file and
 fill it with a generated DH prime.  For OpenSSL, if the DH bit-count from
-loading the file is greater than &%tls_dh_max_bits$& then it will be ignored,
+loading the file is greater than &%tls_dh_max_bits%& then it will be ignored,
 and treated as though the &%tls_dhparam%& were set to "none".
 
 If this option expands to the string "none", then no DH parameters will be