Add gnutls_require_{kx,mac,protocols}.

[exim.git] / test / scripts / 2000-GnuTLS / 2011

diff --git a/test/scripts/2000-GnuTLS/2011 b/test/scripts/2000-GnuTLS/2011
index 4e48ebce6f236cbce4f25c1025775a732f999c98..6f72fba80293ed9999ec28b22f2e6b8f3b2f6b49 100644 (file)
--- a/test/scripts/2000-GnuTLS/2011
+++ b/test/scripts/2000-GnuTLS/2011
@@ -1,10 +1,38 @@
-# TLS client: require_ciphers
+# TLS client & server: (gnu)tls_require_xxx
 gnutls
+# Start up the server
 exim -DSERVER=server -bd -oX PORT_D
 ****
+# This puts a message on the queue (queue_only is set).
 exim userx@test.ex
 Testing
 ****
+# This will fail to deliver encrypted because there are no acceptable 
+# ciphers, so it will deliver in clear.
+exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5
+****
+# This delivers the message to the server, where it will remain
+# on the queue because queue_only is set.
+exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5:DES-CBC3-SHA:RSA_ARCFOUR_SHA
+****
+# So we can deliver it again and again, with different parameters.
+exim -qf -DCREQMAC=gnutls_require_mac=MD5
+****
+exim -qf -DCREQMAC=gnutls_require_mac=!SHA1
+****
+exim -qf -DCREQMAC=gnutls_require_mac=MD5:SHA
+****
+exim -qf -DCREQMAC=gnutls_require_kx=!DHE
+****
+exim -qf -DCREQMAC=gnutls_require_protocols=SSL3
+****
+# Restart the server with a cipher restriction
+killdaemon
+exim -DSERVER=server \
+     -DSREQCIP=tls_require_ciphers=ARCFOUR \
+     -DSREQMAC=gnutls_require_mac=MD5 \
+     -bd -oX PORT_D
+****
 exim -qf
 ****
 killdaemon