X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d51dbacf4da044f797cb4c07e026adc608f1bc98..ee549a2ed04164407f4f897be3bf545f32579c5c:/test/confs/5821 diff --git a/test/confs/5821 b/test/confs/5821 index db2dc19d2..28999d5c7 100644 --- a/test/confs/5821 +++ b/test/confs/5821 @@ -1,5 +1,5 @@ # Exim test configuration 5821 -# DANE/OpenSSL - ciphers option +# DANE/GnuTLS - ciphers option SERVER= OPT= @@ -10,7 +10,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_rcpt = accept logwrite = "rcpt ACL" +acl_smtp_rcpt = accept logwrite = "rcpt ACL: tls_in_bits $tls_in_bits" log_selector = +received_recipients +tls_peerdn +tls_certificate_verified @@ -19,11 +19,11 @@ tls_advertise_hosts = * # Set certificate only if server CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com -tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} -tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} +tls_certificate = CDIR2/fullchain.pem +tls_privatekey = CDIR2/server1.example.com.unlocked.key # Permit two specific ciphers -tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL +tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+AES-256-GCM # ----- Routers ----- begin routers @@ -31,6 +31,7 @@ begin routers client: driver = dnslookup condition = ${if eq {SERVER}{}} + ignore_target_hosts = <; 0::0/0 dnssec_request_domains = * self = send transport = send_to_server @@ -47,11 +48,12 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = * tls_verify_certificates = CDIR2/ca_chain.pem # Some commonly-available cipher, we hope - tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL + tls_require_ciphers = NORMAL:-CIPHER-ALL:+AES-128-CBC dane_require_tls_ciphers = OPT # ----- Retry -----