test/confs/5821

   1 # Exim test configuration 5821
   2 # DANE/GnuTLS - ciphers option
   3
   4 SERVER=
   5 OPT=
   6
   7 .include DIR/aux-var/tls_conf_prefix
   8
   9 primary_hostname = myhost.test.ex
  10
  11 # ----- Main settings -----
  12
  13 acl_smtp_rcpt = accept logwrite = "rcpt ACL: tls_in_bits $tls_in_bits"
  14
  15 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
  16
  17 tls_advertise_hosts = *
  18
  19 # Set certificate only if server
  20 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
  21
  22 tls_certificate = CDIR2/fullchain.pem
  23 tls_privatekey =  CDIR2/server1.example.com.unlocked.key
  24
  25 # Permit two specific ciphers
  26 tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+AES-256-GCM
  27
  28 # ----- Routers -----
  29 begin routers
  30
  31 client:
  32   driver =              dnslookup
  33   condition =           ${if eq {SERVER}{}}
  34   ignore_target_hosts = <; 0::0/0
  35   dnssec_request_domains = *
  36   self =                send
  37   transport =           send_to_server
  38   errors_to =           ""
  39
  40 server:
  41   driver =              redirect
  42   data =                :blackhole:
  43
  44 # ----- Transports -----
  45 begin transports
  46
  47 send_to_server:
  48   driver =                      smtp
  49   allow_localhost
  50   port =                        PORT_D
  51   hosts_try_fastopen =          :
  52   hosts_try_dane =              *
  53   tls_verify_certificates =     CDIR2/ca_chain.pem
  54
  55   # Some commonly-available cipher, we hope
  56   tls_require_ciphers =         NORMAL:-CIPHER-ALL:+AES-128-CBC
  57   dane_require_tls_ciphers =    OPT
  58
  59 # ----- Retry -----
  60 begin retry
  61 * * F,5d,10s
  62
  63 # End