GnuTLS: fix for clients offering no TLS extensions
[exim.git] / test / confs / 2025
index feaa815a1d3213628618df8c78e25623a1878850..5ddeb75738bc7605110ae2a41f4991f2145dcf50 100644 (file)
@@ -16,14 +16,8 @@ queue_only
 queue_run_in_order
 
 tls_advertise_hosts = *
-
-tls_require_ciphers = ${if eq{$sender_host_address}{HOSTIPV4}\
-                      {NONE}{SECURE256}}
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA256
+tls_certificate =     DIR/aux-fixed/cert1
 
 
 # ----- Routers -----
@@ -45,9 +39,11 @@ send_to_server:
   driver = smtp
   allow_localhost
   hosts = HOSTIPV4 : 127.0.0.1
-  hosts_require_tls = HOSTIPV4
   port = PORT_D
-
+  hosts_try_fastopen = :
+  hosts_require_tls = HOSTIPV4
+  tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA\
+        ${if eq{$host}{HOSTIPV4} {384} {256} }
 
 # ----- Retry -----