X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ba86e143c7aeb0d70ea4c9d73a617a98f06f6baa..ec8db648d3af8af2d9e6cbd4896159235c0f1e49:/test/scripts/2000-GnuTLS/2002 diff --git a/test/scripts/2000-GnuTLS/2002 b/test/scripts/2000-GnuTLS/2002 index 4ecbf229b..f15b24d00 100644 --- a/test/scripts/2000-GnuTLS/2002 +++ b/test/scripts/2000-GnuTLS/2002 @@ -2,7 +2,8 @@ gnutls exim -DSERVER=server -bd -oX PORT_D **** -client-gnutls 127.0.0.1 PORT_D +# Have the client prefer RSA (but support ECDSA as well). That should get us RSA on both older and newer GnuTLS. +client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D ??? 220 ehlo rhu.barb ??? 250- @@ -25,7 +26,7 @@ This is a test encrypted message. quit ??? 221 **** -client-gnutls 127.0.0.1 PORT_D +client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D ??? 220 ehlo rhu.barb ??? 250- @@ -48,7 +49,7 @@ This is a test encrypted message. quit ??? 221 **** -client-gnutls HOSTIPV4 PORT_D +client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D ??? 220 ehlo rhu.barb ??? 250- @@ -60,7 +61,7 @@ ehlo rhu.barb starttls ??? 220 **** -client-gnutls HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key +client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key ??? 220 ehlo rhu.barb ??? 250- @@ -116,7 +117,7 @@ quit **** # # -# Make ECDSA authentication preferred (normally RSA is, it seems). +# Make ECDSA authentication preferred (Older GnuTLS prefers RSA, it seems, Newer, ECDSA). client-gnutls -p NONE:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D ??? 220 ehlo rhu.barb