# Exim test configuration 5821
-# DANE/OpenSSL - ciphers option
+# DANE/GnuTLS - ciphers option
SERVER=
OPT=
# ----- Main settings -----
-acl_smtp_rcpt = accept logwrite = "rcpt ACL"
+acl_smtp_rcpt = accept logwrite = "rcpt ACL: tls_in_bits $tls_in_bits"
log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
# Set certificate only if server
CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
-tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
-tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
+tls_certificate = CDIR2/fullchain.pem
+tls_privatekey = CDIR2/server1.example.com.unlocked.key
# Permit two specific ciphers
-tls_require_ciphers = NORMAL:-VERS-TLS1.3:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM
+tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+AES-256-GCM
# ----- Routers -----
begin routers
driver = smtp
allow_localhost
port = PORT_D
+ hosts_try_fastopen = :
hosts_try_dane = *
tls_verify_certificates = CDIR2/ca_chain.pem