Docs: fix description for hosts_request_ocsp default under DANE
[exim.git] / test / confs / 4060
index dcc0ec2e726f44ebab8d157d2c452017f8459656..b6e071202bc619e8365b3d22fa20a73d7a417b38 100644 (file)
@@ -21,14 +21,24 @@ gecos_name = CALLER_NAME
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
+
+.ifdef _HAVE_TLS_CA_CACHE
+tls_verify_certificates = system,cache
+.endif
+
+.ifdef _HAVE_DMARC
+dmarc_tld_file =
+.endif
 
 # Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
 .ifdef _HAVE_GNUTLS
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
+.else
+tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
-pipelining_connect_advertise_hosts = *
+pipelining_connect_advertise_hosts = CONTROL
 log_selector = +received_recipients +millisec +pipelining
 queue_only