X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=doc%2Fdoc-docbook%2Fspec.xfpt;h=29214e3e19832434a123a4430a2159b1163f82e7;hp=56ce0693b2a9dd8ed52926214112958adc8a853c;hb=e2fbf4a211bdcff441c50f58f3c1f1fb17f56d61;hpb=d13cdd3049b0191bbb275f9a6cf11dc0917a1f0c

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 56ce0693b..29214e3e1 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -14742,6 +14742,8 @@ Possible options may include:
 .next
 &`no_tlsv1_2`&
 .next
+&`safari_ecdhe_ecdsa_bug`&
+.next
 &`single_dh_use`&
 .next
 &`single_ecdh_use`&
@@ -14757,6 +14759,15 @@ Possible options may include:
 &`tls_rollback_bug`&
 .endlist
 
+.new
+As an aside, the &`safari_ecdhe_ecdsa_bug`& item is a misnomer and affects
+all clients connecting using the MacOS SecureTransport TLS facility prior
+to MacOS 10.8.4, including email clients.  If you see old MacOS clients failing
+to negotiate TLS then this option value might help, provided that your OpenSSL
+release is new enough to contain this work-around.  This may be a situation
+where you have to upgrade OpenSSL to get buggy clients working.
+.wen
+
 
 .option oracle_servers main "string list" unset
 .cindex "Oracle" "server list"