# TLS client & server: (gnu)tls_require_xxx
gnutls
# Start up the server
exim -DSERVER=server -bd -oX PORT_D
****
# This puts a message on the queue (queue_only is set).
exim userx@test.ex
Testing
****
# This will fail to deliver encrypted because there are no acceptable 
# ciphers, so it will deliver in clear.
exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5
****
# This delivers the message to the server, where it will remain
# on the queue because queue_only is set.
exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5:DES-CBC3-SHA:RSA_ARCFOUR_SHA
****
# So we can deliver it again and again, with different parameters.
exim -qf -DCREQMAC=gnutls_require_mac=MD5
****
exim -qf -DCREQMAC=gnutls_require_mac=!SHA1
****
exim -qf -DCREQMAC=gnutls_require_mac=MD5:SHA
****
exim -qf -DCREQMAC=gnutls_require_kx=!DHE
****
exim -qf -DCREQMAC=gnutls_require_protocols=SSL3
****
# Restart the server with a cipher restriction
killdaemon
exim -DSERVER=server \
     -DSREQCIP=tls_require_ciphers=ARCFOUR \
     -DSREQMAC=gnutls_require_mac=MD5 \
     -bd -oX PORT_D
****
exim -qf
****
killdaemon
no_msglog_check