X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/47ea06b6f9b628fd72817d897526d5372624de99..2983e1a616058c03b57f1ab32a691f8b8ff9764e:/src/src/configure.default

diff --git a/src/src/configure.default b/src/src/configure.default
index 40cc333f6..57af99c14 100644
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -169,7 +169,14 @@ acl_smtp_data =         acl_check_data
 # tls_privatekey = /etc/ssl/exim.pem
 
 # For OpenSSL, prefer EC- over RSA-authenticated ciphers
-# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.ifdef _HAVE_OPENSSL
+tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+.endif
+
+# Don't offer resumption to (most) MUAs, who we don't want to reuse
+# tickets.  Once the TLS extension for vended ticket numbers comes
+# though, re-examine since resumption on a single-use ticket is still a benefit.
+tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
 
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -808,6 +815,9 @@ begin transports
 remote_smtp:
   driver = smtp
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+.ifdef _HAVE_TLS
+  tls_resumption_hosts = *
+#endif
 .ifdef _HAVE_PRDR
   hosts_try_prdr = *
 .endif
@@ -848,6 +858,7 @@ smarthost_smtp:
 .ifdef _HAVE_GNUTLS
   tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
 .endif
+  tls_resumption_hosts = *
 .endif
 .ifdef _HAVE_PRDR
   hosts_try_prdr = *
@@ -863,7 +874,7 @@ smarthost_smtp:
 
 local_delivery:
   driver = appendfile
-  file = /var/mail/$local_part_verified
+  file = /var/mail/$local_part_data
   delivery_date_add
   envelope_to_add
   return_path_add