TLS: fix resumption for TLS-on-connect
authorJeremy Harris <jgh146exb@wizmail.org>
Mon, 13 Nov 2023 18:12:31 +0000 (18:12 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Mon, 13 Nov 2023 18:12:31 +0000 (18:12 +0000)
16 files changed:
doc/doc-docbook/spec.xfpt
doc/doc-txt/ChangeLog
src/src/macros.h
src/src/tls-gnu.c
src/src/transports/smtp.c
src/src/transports/smtp.h
test/confs/5890
test/confs/5892
test/confs/5894
test/log/5890
test/log/5892
test/log/5894
test/scripts/5890-Resume-GnuTLS/5890
test/scripts/5892-Resume-OpenSSL/5892
test/scripts/5894-Resume-OpenSSL-TLS1.3/5894
test/stdout/5892

index 5a757c4ed6d36c0e08b03142e159e63019620c76..add3a532ec38d407316ca984a821f38160d1332f 100644 (file)
@@ -25549,15 +25549,24 @@ load-balancer, matching the session stored in the client's cache.
 
 Exim can pull out a server name, if there is one, from the response to the
 client's SMTP EHLO command.
 
 Exim can pull out a server name, if there is one, from the response to the
 client's SMTP EHLO command.
-The default value of this option:
+For normal STARTTLS use, the default value of this option:
 .code
     ${if and { {match {$host} {.outlook.com\$}} \
                {match {$item} {\N^250-([\w.]+)\s\N}} \
             } {$1}}
 .endd
 suffices for one known case.
 .code
     ${if and { {match {$host} {.outlook.com\$}} \
                {match {$item} {\N^250-([\w.]+)\s\N}} \
             } {$1}}
 .endd
 suffices for one known case.
+
 During the expansion of this option the &$item$& variable will have the
 server's EHLO response.
 During the expansion of this option the &$item$& variable will have the
 server's EHLO response.
+
+.new
+For TLS-on-connect connections we do not have an EHLO
+response to use. Because of this the default value of this option is
+set to a static string for those cases, meaning that resumption will
+always be attempted if permitted by the &%tls_resumption_hosts%& option.
+.wen
+
 The result of the option expansion is included in the key used to store and
 retrieve the TLS session, for session resumption.
 
 The result of the option expansion is included in the key used to store and
 retrieve the TLS session, for session resumption.
 
index c74c0c0c6bbb6be11d0a7c44d68cfc2f439b01ae..9d23e8db2f365135bbe6e89038ec3019b9c0a8bd 100644 (file)
@@ -24,6 +24,13 @@ JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
       a connection_reject log_selector, under tls_on_connect.  Previously
       with this combination, when the connect ACL rejected, a spurious
       paniclog entry was made.
       a connection_reject log_selector, under tls_on_connect.  Previously
       with this combination, when the connect ACL rejected, a spurious
       paniclog entry was made.
+JH/04 Fix TLS resumption for TLS-on-connect.  This was broken by the advent
+      of loadbalancer-detection for resumption, in 4.96 - which tries to
+      use the EHLO response. SMTPS does not have one at the time it is starting
+      TLS.  Change the default for the smtp transport host_name_extract option
+      to be a static string, for TLS-on-connect cases; meaning that resumption
+      will always be attempted (unless deliberately overriden).
+
 
 
 Exim version 4.97
 
 
 Exim version 4.97
index 9693935614c26b59be6b791dc94b4f00690f8bd7..e2c1d0f948b1fa5e325bbb1a534e078f2a952edd 100644 (file)
@@ -1103,14 +1103,22 @@ should not be one active. */
 #define RESUME_USED            BIT(4)
 
 #define RESUME_DECODE_STRING \
 #define RESUME_USED            BIT(4)
 
 #define RESUME_DECODE_STRING \
-         US"not requested or offered : 0x02 :client requested, no server ticket" \
-    ": 0x04 : 0x05 : 0x06 :client offered session, no server action" \
-    ": 0x08 :no client request: 0x0A :client requested new ticket, server provided" \
-    ": 0x0C :client offered session, not used: 0x0E :client offered session, server only provided new ticket" \
-    ": 0x10 :session resumed unasked: 0x12 :session resumed unasked" \
-    ": 0x14 : 0x15 : 0x16 :session resumed" \
-    ": 0x18 :session resumed unasked: 0x1A :session resumed unasked" \
-    ": 0x1C :session resumed: 0x1E :session resumed, also new ticket"
+  US"not requested or offered" \
+    ": 0x02 :client requested, no server ticket" \
+    ": 0x04 : 0x05 " \
+    ": 0x06 :client offered session, no server action" \
+    ": 0x08 :no client request" \
+    ": 0x0A :client requested new ticket, server provided" \
+    ": 0x0C :client offered session, not used" \
+    ": 0x0E :client offered session, server only provided new ticket" \
+    ": 0x10 :session resumed unasked" \
+    ": 0x12 :session resumed unasked" \
+    ": 0x14 : 0x15" \
+    ": 0x16 :session resumed" \
+    ": 0x18 :session resumed unasked" \
+    ": 0x1A :session resumed unasked" \
+    ": 0x1C :session resumed" \
+    ": 0x1E :session resumed, also new ticket"
 
 /* Flags for string_vformat */
 #define SVFMT_EXTEND           BIT(0)
 
 /* Flags for string_vformat */
 #define SVFMT_EXTEND           BIT(0)
index a17597e8bf3a68ab8eed83754bd364f0104f7fc9..56ea93935ee7d204bdc3442f97dce58c51ade0b0 100644 (file)
@@ -2851,7 +2851,7 @@ static int
 tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
   unsigned incoming, const gnutls_datum_t * msg)
 {
 tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
   unsigned incoming, const gnutls_datum_t * msg)
 {
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb (on server)\n");
 tls_in.resumption |= RESUME_CLIENT_REQUESTED;
 return 0;
 }
 tls_in.resumption |= RESUME_CLIENT_REQUESTED;
 return 0;
 }
@@ -2888,9 +2888,12 @@ tls_server_resume_posthandshake(exim_gnutls_state_st * state)
 {
 if (gnutls_session_resumption_requested(state->session))
   {
 {
 if (gnutls_session_resumption_requested(state->session))
   {
-  /* This tells us the client sent a full ticket.  We use a
+  /* This tells us the client sent a full (?) ticket.  We use a
   callback on session-ticket request, elsewhere, to tell
   callback on session-ticket request, elsewhere, to tell
-  if a client asked for a ticket. */
+  if a client asked for a ticket.
+  XXX As of GnuTLS 3.0.1 it seems to be returning true even for
+  a pure ticket-req (a zero-length Session Ticket extension
+  in the Client Hello, for 1.2) which mucks up our logic. */
 
   tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
   DEBUG(D_tls) debug_printf("client requested resumption\n");
 
   tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
   DEBUG(D_tls) debug_printf("client requested resumption\n");
@@ -3319,7 +3322,8 @@ tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
 tlsp->resumption = RESUME_SUPPORTED;
 
 if (!conn_args->have_lbserver)
 tlsp->resumption = RESUME_SUPPORTED;
 
 if (!conn_args->have_lbserver)
-  { DEBUG(D_tls) debug_printf("resumption not supported on continued-connection\n"); }
+  { DEBUG(D_tls) debug_printf(
+      "resumption not supported: no LB detection done (continued-conn?)\n"); }
 else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
   {
   dbdata_tls_session * dt;
 else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
   {
   dbdata_tls_session * dt;
@@ -3347,6 +3351,7 @@ else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host
     dbfn_close(dbm_file);
     }
   }
     dbfn_close(dbm_file);
     }
   }
+else DEBUG(D_tls) debug_printf("no resumption for this host\n");
 }
 
 
 }
 
 
@@ -3374,7 +3379,7 @@ if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
       int dlen = sizeof(dbdata_tls_session) + tkt.size;
       dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
 
       int dlen = sizeof(dbdata_tls_session) + tkt.size;
       dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
 
-      DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
+      DEBUG(D_tls) debug_printf(" session data size %u\n", (unsigned)tkt.size);
       memcpy(dt->session, tkt.data, tkt.size);
       gnutls_free(tkt.data);
 
       memcpy(dt->session, tkt.data, tkt.size);
       gnutls_free(tkt.data);
 
@@ -3385,11 +3390,15 @@ if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
        dbfn_close(dbm_file);
 
        DEBUG(D_tls)
        dbfn_close(dbm_file);
 
        DEBUG(D_tls)
-         debug_printf("wrote session db (len %u)\n", (unsigned)dlen);
+         debug_printf(" wrote session db (len %u)\n", (unsigned)dlen);
        }
       }
        }
       }
-    else DEBUG(D_tls)
-      debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
+    else
+      { DEBUG(D_tls)
+      debug_printf(" extract session data: %s\n", US gnutls_strerror(rc));
+      }
+  else DEBUG(D_tls)
+      debug_printf(" host not resmable; not saving ticket\n");
   }
 }
 
   }
 }
 
@@ -3406,7 +3415,7 @@ tls_client_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
 exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
 tls_support * tlsp = state->tlsp;
 
 exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
 tls_support * tlsp = state->tlsp;
 
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb (on client)\n");
 
 if (!tlsp->ticket_received)
   tls_save_session(tlsp, sess, state->host);
 
 if (!tlsp->ticket_received)
   tls_save_session(tlsp, sess, state->host);
index af2e1f2dd4679716a1b0ddd150fb56d8f219ff01..8c00a1ef2de2629c07fe9008e60b9cc5b59a8556 100644 (file)
@@ -203,9 +203,6 @@ smtp_transport_options_block smtp_transport_option_defaults = {
   .tls_tempfail_tryclear =     TRUE,
   .tls_try_verify_hosts =      US"*",
   .tls_verify_cert_hostnames = US"*",
   .tls_tempfail_tryclear =     TRUE,
   .tls_try_verify_hosts =      US"*",
   .tls_verify_cert_hostnames = US"*",
-# ifndef DISABLE_TLS_RESUME
-  .host_name_extract =         US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}",
-# endif
 #endif
 #ifdef SUPPORT_I18N
   .utf8_downconvert =          US"-1",
 #endif
 #ifdef SUPPORT_I18N
   .utf8_downconvert =          US"-1",
@@ -352,7 +349,7 @@ Returns:    nothing
 void
 smtp_transport_init(transport_instance *tblock)
 {
 void
 smtp_transport_init(transport_instance *tblock)
 {
-smtp_transport_options_block *ob = SOB tblock->options_block;
+smtp_transport_options_block * ob = SOB tblock->options_block;
 int old_pool = store_pool;
 
 /* Retry_use_local_part defaults FALSE if unset */
 int old_pool = store_pool;
 
 /* Retry_use_local_part defaults FALSE if unset */
@@ -769,7 +766,7 @@ return TRUE;
 resumption when such servers do not share a session-cache */
 
 static void
 resumption when such servers do not share a session-cache */
 
 static void
-ehlo_response_lbserver(smtp_context * sx, smtp_transport_options_block * ob)
+ehlo_response_lbserver(smtp_context * sx, const uschar * name_extract)
 {
 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
 const uschar * s;
 {
 #if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
 const uschar * s;
@@ -778,7 +775,7 @@ uschar * save_item = iterate_item;
 if (sx->conn_args.have_lbserver)
   return;
 iterate_item = sx->buffer;
 if (sx->conn_args.have_lbserver)
   return;
 iterate_item = sx->buffer;
-s = expand_cstring(ob->host_name_extract);
+s = expand_cstring(name_extract);
 iterate_item = save_item;
 sx->conn_args.host_lbserver = s && !*s ? NULL : s;
 sx->conn_args.have_lbserver = TRUE;
 iterate_item = save_item;
 sx->conn_args.host_lbserver = s && !*s ? NULL : s;
 sx->conn_args.have_lbserver = TRUE;
@@ -1067,6 +1064,8 @@ sx->pending_EHLO = FALSE;
 
 if (pending_BANNER)
   {
 
 if (pending_BANNER)
   {
+  const uschar * s;
+
   DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
   (*countp)--;
   if (!smtp_reap_banner(sx))
   DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
   (*countp)--;
   if (!smtp_reap_banner(sx))
@@ -1076,7 +1075,10 @@ if (pending_BANNER)
     goto fail;
     }
   /*XXX EXPERIMENTAL_ESMTP_LIMITS ? */
     goto fail;
     }
   /*XXX EXPERIMENTAL_ESMTP_LIMITS ? */
-  ehlo_response_lbserver(sx, sx->conn_args.ob);
+
+  s = ((smtp_transport_options_block *)sx->conn_args.ob)->host_name_extract;
+  if (!s) s = HNE_DEFAULT;
+  ehlo_response_lbserver(sx, s);
   }
 
 if (pending_EHLO)
   }
 
 if (pending_EHLO)
@@ -2474,10 +2476,20 @@ goto SEND_QUIT;
 #ifndef DISABLE_TLS
   if (sx->smtps)
     {
 #ifndef DISABLE_TLS
   if (sx->smtps)
     {
+    const uschar * s;
+
     smtp_peer_options |= OPTION_TLS;
     suppress_tls = FALSE;
     ob->tls_tempfail_tryclear = FALSE;
     smtp_command = US"SSL-on-connect";
     smtp_peer_options |= OPTION_TLS;
     suppress_tls = FALSE;
     ob->tls_tempfail_tryclear = FALSE;
     smtp_command = US"SSL-on-connect";
+
+    /* Having no EHLO response yet, cannot peek there for a servername to detect
+    an LB.  Call this anyway, so that a dummy host_name_extract option value can
+    force resumption attempts. */
+
+    if (!(s = ob->host_name_extract)) s = US"never-LB";
+    ehlo_response_lbserver(sx, s);
+
     goto TLS_NEGOTIATE;
     }
 #endif
     goto TLS_NEGOTIATE;
     }
 #endif
@@ -2565,6 +2577,8 @@ goto SEND_QUIT;
     if (!sx->early_pipe_active)
 #endif
       {
     if (!sx->early_pipe_active)
 #endif
       {
+      const uschar * s;
+
       sx->peer_offered = ehlo_response(sx->buffer,
        OPTION_TLS      /* others checked later */
 #ifndef DISABLE_PIPE_CONNECT
       sx->peer_offered = ehlo_response(sx->buffer,
        OPTION_TLS      /* others checked later */
 #ifndef DISABLE_PIPE_CONNECT
@@ -2600,7 +2614,8 @@ goto SEND_QUIT;
          }
        }
 #endif
          }
        }
 #endif
-      ehlo_response_lbserver(sx, ob);
+      if (!(s = ob->host_name_extract)) s = HNE_DEFAULT;
+      ehlo_response_lbserver(sx, s);
       }
 
   /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
       }
 
   /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
index cb1d726250e89f5a5779259ccdd2aca2f8f849cb..0d15b962635ddb93a8ec9dc2f9008cc7cce79d07 100644 (file)
@@ -109,6 +109,7 @@ typedef struct {
   uschar       *tls_privatekey;
   uschar       *tls_require_ciphers;
 # ifndef DISABLE_TLS_RESUME
   uschar       *tls_privatekey;
   uschar       *tls_require_ciphers;
 # ifndef DISABLE_TLS_RESUME
+#  define HNE_DEFAULT US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}"
   uschar       *host_name_extract;
   uschar       *tls_resumption_hosts;
 # endif
   uschar       *host_name_extract;
   uschar       *tls_resumption_hosts;
 # endif
index 88743cfd0b8b1b2d2bbd8976d38a34dfda345ceb..ff5adb90f32c41652adb67d6e9c876de406deb02 100644 (file)
@@ -13,9 +13,10 @@ domainlist local_domains = test.ex : *.test.ex
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption +tls_peerdn
+log_selector = +received_recipients +tls_resumption +tls_peerdn +outgoing_port
 
 tls_advertise_hosts = *
 
 tls_advertise_hosts = *
+tls_on_connect_ports = PORT_D2
 
 # Set certificate only if server
 
 
 # Set certificate only if server
 
@@ -33,30 +34,32 @@ tls_resumption_hosts = 127.0.0.1
 begin acl
 
 check_helo:
 begin acl
 
 check_helo:
-  accept  condition =  ${if def:tls_in_cipher}
-         logwrite =    tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
-         logwrite =    our cert subject\t${certextract {subject}{$tls_in_ourcert}}
-         logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
-         logwrite =    peer cert verified\t${tls_in_certificate_verified}
-         logwrite =    peer dn\t${tls_in_peerdn}
-         logwrite =    cipher\t${tls_in_cipher}
-         logwrite =    bits\t${tls_in_bits}
+  accept condition =   ${if def:tls_in_cipher}
+        logwrite =     tls_in_ver\t$tls_in_ver
+        logwrite =     tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+        logwrite =     our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+        logwrite =     peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+        logwrite =     peer cert verified\t${tls_in_certificate_verified}
+        logwrite =     peer dn\t${tls_in_peerdn}
+        logwrite =     cipher\t${tls_in_cipher}
+        logwrite =     bits\t${tls_in_bits}
   accept
 
 check_recipient:
   accept
 
 check_recipient:
-  accept  domains =    +local_domains
-  deny    message =    relay not permitted
+  accept domains =     +local_domains
+  deny   message =     relay not permitted
 
 log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
 
 log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
+        logwrite =     tls_out_ver\t$tls_out_ver
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
-         logwrite =    our cert subject\t${certextract {subject}{$tls_out_ourcert}}
-         logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
-         logwrite =    peer cert verified\t${tls_out_certificate_verified}
-         logwrite =    peer dn\t${tls_out_peerdn}
-         logwrite =    cipher\t${tls_out_cipher}
-         logwrite =    bits\t${tls_out_bits}
+        logwrite =     our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+        logwrite =     peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+        logwrite =     peer cert verified\t${tls_out_certificate_verified}
+        logwrite =     peer dn\t${tls_out_peerdn}
+        logwrite =     cipher\t${tls_out_cipher}
+        logwrite =     bits\t${tls_out_bits}
 
 
 # ----- Routers -----
 
 
 # ----- Routers -----
@@ -66,7 +69,7 @@ begin routers
 client:
   driver =     accept
   condition =  ${if eq {SERVER}{server}{no}{yes}}
 client:
   driver =     accept
   condition =  ${if eq {SERVER}{server}{no}{yes}}
-  transport =  send_to_server${if eq{$local_part}{abcd}{2}{1}}
+  transport =  send_to_server${if eq{$local_part}{hostnotresume}{2}{1}}
 
 server:
   driver = redirect
 
 server:
   driver = redirect
@@ -80,7 +83,14 @@ send_to_server1:
   driver =                     smtp
   allow_localhost
   hosts =                      127.0.0.1
   driver =                     smtp
   allow_localhost
   hosts =                      127.0.0.1
+.ifdef SELECTOR
+  port =                       PORT_D2
+  protocol =                   smtps
+  # Use HELO purely to get a P= different on the server <= line
+  hosts_avoid_esmtp =          *
+.else
   port =                       PORT_D
   port =                       PORT_D
+.endif
   helo_data =                  helo.data.changed
 .ifdef HELO_MSG
   host_name_extract =          HELO_MSG
   helo_data =                  helo.data.changed
 .ifdef HELO_MSG
   host_name_extract =          HELO_MSG
@@ -96,11 +106,11 @@ send_to_server1:
   event_action =               ${acl {log_resumption}}
 
 send_to_server2:
   event_action =               ${acl {log_resumption}}
 
 send_to_server2:
-  driver = smtp
+  driver =                     smtp
   allow_localhost
   allow_localhost
-  hosts = HOSTIPV4
-  port = PORT_D
-  hosts_try_fastopen = :
+  hosts =                      HOSTIPV4
+  port =                       PORT_D
+  hosts_try_fastopen =         :
   tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  :
   event_action =               ${acl {log_resumption}}
   tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  :
   event_action =               ${acl {log_resumption}}
index 15b09fcff9072d1eae744ad7cd7f5c7c72080c08..571cb8e7e1b36e41ce84802328e26fdc3b551139 100644 (file)
@@ -13,7 +13,7 @@ domainlist local_domains = test.ex : *.test.ex
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption +tls_peerdn
+log_selector = +received_recipients +tls_resumption +tls_peerdn +outgoing_port
 
 .ifdef _OPT_OPENSSL_NO_TLSV1_3_X
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
 
 .ifdef _OPT_OPENSSL_NO_TLSV1_3_X
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
@@ -21,6 +21,7 @@ openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use
 .endif
 tls_advertise_hosts = *
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use
 .endif
 tls_advertise_hosts = *
+tls_on_connect_ports = PORT_D2
 
 # Set certificate only if server
 
 
 # Set certificate only if server
 
@@ -38,30 +39,32 @@ remote_max_parallel = 1
 begin acl
 
 check_helo:
 begin acl
 
 check_helo:
-  accept  condition =  ${if def:tls_in_cipher}
-         logwrite =    tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
-         logwrite =    our cert subject\t${certextract {subject}{$tls_in_ourcert}}
-         logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
-         logwrite =    peer cert verified\t${tls_in_certificate_verified}
-         logwrite =    peer dn\t${tls_in_peerdn}
-         logwrite =    cipher\t${tls_in_cipher}
-         logwrite =    bits\t${tls_in_bits}
+  accept condition =   ${if def:tls_in_cipher}
+        logwrite =     tls_in_ver\t$tls_in_ver
+        logwrite =     tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+        logwrite =     our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+        logwrite =     peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+        logwrite =     peer cert verified\t${tls_in_certificate_verified}
+        logwrite =     peer dn\t${tls_in_peerdn}
+        logwrite =     cipher\t${tls_in_cipher}
+        logwrite =     bits\t${tls_in_bits}
   accept
 
 check_recipient:
   accept
 
 check_recipient:
-  accept  domains =    +local_domains
-  deny    message =    relay not permitted
+  accept domains =     +local_domains
+  deny   message =     relay not permitted
 
 log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
 
 log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
+        logwrite =     tls_out_ver\t$tls_out_ver
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
-         logwrite =    our cert subject\t${certextract {subject}{$tls_out_ourcert}}
-         logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
-         logwrite =    peer cert verified\t${tls_out_certificate_verified}
-         logwrite =    peer dn\t${tls_out_peerdn}
-         logwrite =    cipher\t${tls_out_cipher}
-         logwrite =    bits\t${tls_out_bits}
+        logwrite =     our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+        logwrite =     peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+        logwrite =     peer cert verified\t${tls_out_certificate_verified}
+        logwrite =     peer dn\t${tls_out_peerdn}
+        logwrite =     cipher\t${tls_out_cipher}
+        logwrite =     bits\t${tls_out_bits}
 
 
 # ----- Routers -----
 
 
 # ----- Routers -----
@@ -85,7 +88,14 @@ send_to_server1:
   driver =                     smtp
   allow_localhost
   hosts =                      127.0.0.1
   driver =                     smtp
   allow_localhost
   hosts =                      127.0.0.1
+.ifdef SELECTOR
+  port =                       PORT_D2
+  protocol =                   smtps
+  # Use HELO purely to get a P= different on the server <= line
+  hosts_avoid_esmtp =          *
+.else
   port =                       PORT_D
   port =                       PORT_D
+.endif
   helo_data =                  helo.data.changed
 .ifdef HELO_MSG
   host_name_extract =          HELO_MSG
   helo_data =                  helo.data.changed
 .ifdef HELO_MSG
   host_name_extract =          HELO_MSG
@@ -101,11 +111,11 @@ send_to_server1:
   event_action =               ${acl {log_resumption}}
 
 send_to_server2:
   event_action =               ${acl {log_resumption}}
 
 send_to_server2:
-  driver = smtp
+  driver =                     smtp
   allow_localhost
   allow_localhost
-  hosts = HOSTIPV4
-  port = PORT_D
-  hosts_try_fastopen = :
+  hosts =                      HOSTIPV4
+  port =                       PORT_D
+  hosts_try_fastopen =         :
   tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  :
   event_action =               ${acl {log_resumption}}
   tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  :
   event_action =               ${acl {log_resumption}}
index da347178e905eebe888b4881c868548abb5707db..4b34c75aeb44eea2622f784982f8424624f82240 100644 (file)
@@ -12,10 +12,11 @@ domainlist local_domains = test.ex : *.test.ex
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption +tls_peerdn
+log_selector = +received_recipients +tls_resumption +tls_peerdn +outgoing_port
 
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use
 tls_advertise_hosts = *
 
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use
 tls_advertise_hosts = *
+tls_on_connect_ports = PORT_D2
 
 # Set certificate only if server
 
 
 # Set certificate only if server
 
@@ -32,30 +33,32 @@ tls_resumption_hosts = 127.0.0.1
 begin acl
 
 check_helo:
 begin acl
 
 check_helo:
-  accept  condition =  ${if def:tls_in_cipher}
-         logwrite =    tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
-         logwrite =    our cert subject\t${certextract {subject}{$tls_in_ourcert}}
-         logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
-         logwrite =    peer cert verified\t${tls_in_certificate_verified}
-         logwrite =    peer dn\t${tls_in_peerdn}
-         logwrite =    cipher\t${tls_in_cipher}
-         logwrite =    bits\t${tls_in_bits}
+  accept condition =   ${if def:tls_in_cipher}
+        logwrite =     tls_in_ver\t$tls_in_ver
+        logwrite =     tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+        logwrite =     our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+        logwrite =     peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+        logwrite =     peer cert verified\t${tls_in_certificate_verified}
+        logwrite =     peer dn\t${tls_in_peerdn}
+        logwrite =     cipher\t${tls_in_cipher}
+        logwrite =     bits\t${tls_in_bits}
   accept
 
 check_recipient:
   accept
 
 check_recipient:
-  accept  domains =    +local_domains
-  deny    message =    relay not permitted
+  accept domains =     +local_domains
+  deny   message =     relay not permitted
 
 log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
 
 log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
+        logwrite =     tls_out_ver\t$tls_out_ver
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
-         logwrite =    our cert subject\t${certextract {subject}{$tls_out_ourcert}}
-         logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
-         logwrite =    peer cert verified\t${tls_out_certificate_verified}
-         logwrite =    peer dn\t${tls_out_peerdn}
-         logwrite =    cipher\t${tls_out_cipher}
-         logwrite =    bits\t${tls_out_bits}
+        logwrite =     our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+        logwrite =     peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+        logwrite =     peer cert verified\t${tls_out_certificate_verified}
+        logwrite =     peer dn\t${tls_out_peerdn}
+        logwrite =     cipher\t${tls_out_cipher}
+        logwrite =     bits\t${tls_out_bits}
 
 
 # ----- Routers -----
 
 
 # ----- Routers -----
@@ -65,7 +68,7 @@ begin routers
 client:
   driver =     accept
   condition =  ${if eq {SERVER}{server}{no}{yes}}
 client:
   driver =     accept
   condition =  ${if eq {SERVER}{server}{no}{yes}}
-  transport =  send_to_server${if eq{$local_part}{abcd}{2}{1}}
+  transport =  send_to_server${if eq{$local_part}{hostnotresume}{2}{1}}
 
 server:
   driver = redirect
 
 server:
   driver = redirect
@@ -79,7 +82,14 @@ send_to_server1:
   driver =                     smtp
   allow_localhost
   hosts =                      127.0.0.1
   driver =                     smtp
   allow_localhost
   hosts =                      127.0.0.1
+.ifdef SELECTOR
+  port =                       PORT_D2
+  protocol =                   smtps
+  # Use HELO purely to get a P= different on the server <= line
+  hosts_avoid_esmtp =          *
+.else
   port =                       PORT_D
   port =                       PORT_D
+.endif
   helo_data =                  helo.data.changed
 .ifdef VALUE
   tls_resumption_hosts =       *
   helo_data =                  helo.data.changed
 .ifdef VALUE
   tls_resumption_hosts =       *
@@ -92,11 +102,11 @@ send_to_server1:
   event_action =               ${acl {log_resumption}}
 
 send_to_server2:
   event_action =               ${acl {log_resumption}}
 
 send_to_server2:
-  driver = smtp
+  driver =                     smtp
   allow_localhost
   allow_localhost
-  hosts = HOSTIPV4
-  port = PORT_D
-  hosts_try_fastopen = :
+  hosts =                      HOSTIPV4
+  port =                       PORT_D
+  hosts_try_fastopen =         :
   tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  :
   event_action =               ${acl {log_resumption}}
   tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  :
   event_action =               ${acl {log_resumption}}
index 065e31b7f26a01c212d151715da79002e61faa5d..d77b85f92bd6b5ec84a54140c7b088584c6cb3ef 100644 (file)
@@ -1,4 +1,5 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject  CN=server1.example.com
@@ -6,9 +7,10 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex hostnotresume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
@@ -16,6 +18,7 @@
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption no client request
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption no client request
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_getticket@test.ex
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_resume@test.ex
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_resume@test.ex
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_ver        TLS1.2
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject   
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject  CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_ver        TLS1.2
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbS-000000005vi-0000"
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 our cert subject   
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 peer cert subject  CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbU-000000005vi-0000"
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 our cert subject   
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 peer cert subject  CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbW-000000005vi-0000"
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 our cert subject   
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 peer cert subject  CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-000000005vi-0000"
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 tls_out_resumption no client request
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_ver        TLS1.2
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbT-000000005vi-0000"
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbV-000000005vi-0000"
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex hostnotresume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbX-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbX-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 => hostnotresume@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-000000005vi-0000"
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-000000005vi-0000"
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbZ-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcC-000000005vi-0000"
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcC-000000005vi-0000"
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmcB-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcD-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noresume@test.ex
-1999-03-02 09:44:33 10HmcD-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmcD-000000005vi-0000 => noresume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcE-000000005vi-0000"
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcE-000000005vi-0000"
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmcD-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 tls_out_resumption no client request
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcG-000000005vi-0000"
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcG-000000005vi-0000"
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmcF-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcI-000000005vi-0000"
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcI-000000005vi-0000"
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmcH-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noresume@test.ex
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 => noresume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcK-000000005vi-0000"
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcM-000000005vi-0000"
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcO-000000005vi-0000"
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcQ-000000005vi-0000"
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 peer dn    CN=server1.example.com
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcS-000000005vi-0000"
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 Completed
 
 ******** SERVER ********
 
 ******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@myhost.test.ex for abcd@test.ex
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <abcd@test.ex> R=server
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@myhost.test.ex for hostnotresume@test.ex
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@test.ex> R=server
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client offered session, server only provided new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client offered session, server only provided new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-000000005vi-0000@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-000000005vi-0000@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@myhost.test.ex for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <noverify_getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@myhost.test.ex for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <noverify_getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@myhost.test.ex for noverify_resume@test.ex
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <noverify_resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@myhost.test.ex for noverify_resume@test.ex
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <noverify_resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption  session resumed
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbO-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption  client offered session, server only provided new ticket
+1999-03-02 09:44:33 our cert subject   CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption  session resumed
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbS-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmbT-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-000000005vi-0000@myhost.test.ex for getticket@test.ex
-1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
-1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbU-000000005vi-0000@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbV-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-000000005vi-0000@myhost.test.ex for resume@test.ex xyz@test.ex
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbW-000000005vi-0000@myhost.test.ex for resume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@myhost.test.ex for abcd@test.ex
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 => :blackhole: <abcd@test.ex> R=server
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbW-000000005vi-0000@myhost.test.ex for hostnotresume@test.ex
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 => :blackhole: <hostnotresume@test.ex> R=server
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-000000005vi-0000@myhost.test.ex for renewal@test.ex
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcA-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbZ-000000005vi-0000@myhost.test.ex for renewal@test.ex
+1999-03-02 09:44:33 10HmcA-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
+1999-03-02 09:44:33 10HmcA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbW-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbW-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
-1999-03-02 09:44:33 10HmbW-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcC-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcB-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
+1999-03-02 09:44:33 10HmcC-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
+1999-03-02 09:44:33 10HmcC-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbX-000000005vi-0000@myhost.test.ex for timeout@test.ex
-1999-03-02 09:44:33 10HmbY-000000005vi-0000 => :blackhole: <timeout@test.ex> R=server
-1999-03-02 09:44:33 10HmbY-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcE-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcD-000000005vi-0000@myhost.test.ex for timeout@test.ex
+1999-03-02 09:44:33 10HmcE-000000005vi-0000 => :blackhole: <timeout@test.ex> R=server
+1999-03-02 09:44:33 10HmcE-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmcA-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-000000005vi-0000@myhost.test.ex for notreq@test.ex
-1999-03-02 09:44:33 10HmcA-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
-1999-03-02 09:44:33 10HmcA-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcG-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcF-000000005vi-0000@myhost.test.ex for notreq@test.ex
+1999-03-02 09:44:33 10HmcG-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
+1999-03-02 09:44:33 10HmcG-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmcC-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcB-000000005vi-0000@myhost.test.ex for getticket@test.ex
-1999-03-02 09:44:33 10HmcC-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
-1999-03-02 09:44:33 10HmcC-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcI-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcH-000000005vi-0000@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmcI-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmcI-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmcE-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcD-000000005vi-0000@myhost.test.ex for noresume@test.ex
-1999-03-02 09:44:33 10HmcE-000000005vi-0000 => :blackhole: <noresume@test.ex> R=server
-1999-03-02 09:44:33 10HmcE-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcK-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcJ-000000005vi-0000@myhost.test.ex for noresume@test.ex
+1999-03-02 09:44:33 10HmcK-000000005vi-0000 => :blackhole: <noresume@test.ex> R=server
+1999-03-02 09:44:33 10HmcK-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmcG-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcF-000000005vi-0000@myhost.test.ex for resume@test.ex
-1999-03-02 09:44:33 10HmcG-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
-1999-03-02 09:44:33 10HmcG-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcM-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcL-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmcM-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmcM-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmcI-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcH-000000005vi-0000@myhost.test.ex for resume@test.ex
-1999-03-02 09:44:33 10HmcI-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
-1999-03-02 09:44:33 10HmcI-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcO-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcN-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmcO-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmcO-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmcQ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcP-000000005vi-0000@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmcQ-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmcQ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmcS-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcR-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmcS-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmcS-000000005vi-0000 Completed
index aeaae546a28b2b3585eb3423a84442d423547cfb..21b6cc5978c53ebcde0ea30aa8df042064111a9c 100644 (file)
@@ -1,4 +1,5 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject  CN=server1.example.com
@@ -6,9 +7,10 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex hostnotresume@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex hostnotresume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
@@ -16,8 +18,9 @@
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for aftertimeout@test.ex
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for aftertimeout@test.ex
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 => aftertimeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 => aftertimeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/CN=server1.example.com" H="127.0.0.1"
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/CN=server1.example.com" H="127.0.0.1"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_resume@test.ex
 1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_resume@test.ex
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
 1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noresume@test.ex
 1999-03-02 09:44:33 10HmbO-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noresume@test.ex
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => noresume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => noresume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
 1999-03-02 09:44:33 10HmbQ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbT-000000005vi-0000"
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbT-000000005vi-0000"
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
 1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_ver        TLS1.2
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbV-000000005vi-0000"
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbV-000000005vi-0000"
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_ver        TLS1.2
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbX-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 tls_out_ver        TLS1.2
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbZ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 Completed
 
 ******** SERVER ********
 
 ******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@myhost.test.ex for hostnotresume@test.ex
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@test.ex> R=server
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@myhost.test.ex for hostnotresume@test.ex
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@test.ex> R=server
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-000000005vi-0000@myhost.test.ex for aftertimeout@test.ex
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <aftertimeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-000000005vi-0000@myhost.test.ex for aftertimeout@test.ex
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <aftertimeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  no client request
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  no client request
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@myhost.test.ex for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <noverify_getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@myhost.test.ex for noverify_getticket@test.ex
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <noverify_getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@myhost.test.ex for noverify_resume@test.ex
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <noverify_resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@myhost.test.ex for noverify_resume@test.ex
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <noverify_resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@myhost.test.ex for noresume@test.ex
 1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <noresume@test.ex> R=server
 1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@myhost.test.ex for noresume@test.ex
 1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <noresume@test.ex> R=server
 1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbS-000000005vi-0000@myhost.test.ex for resume@test.ex
 1999-03-02 09:44:33 10HmbT-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbS-000000005vi-0000@myhost.test.ex for resume@test.ex
 1999-03-02 09:44:33 10HmbT-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbU-000000005vi-0000@myhost.test.ex for resume@test.ex
 1999-03-02 09:44:33 10HmbV-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbU-000000005vi-0000@myhost.test.ex for resume@test.ex
 1999-03-02 09:44:33 10HmbV-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbW-000000005vi-0000@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption  session resumed
+1999-03-02 09:44:33 our cert subject   CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbY-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 Completed
index ab0d537038156e54c653def0c98d3636ac4fad67..f3d447c2a9ea1acb03ba3c5ae8ec21870ac07b04 100644 (file)
@@ -1,4 +1,5 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_ver        TLS1.3
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject  CN=server1.example.com
@@ -6,9 +7,10 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex hostnotresume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver        TLS1.3
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
@@ -16,6 +18,7 @@
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver        TLS1.3
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert verified 1
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
 1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_ver        TLS1.3
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject   
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject  CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits       256
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn    /CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits       256
-1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_ver        TLS1.3
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject   
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject  CN=server1.example.com
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits       256
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
 
 ******** SERVER ********
 
 ******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  not requested or offered
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 peer dn    
 1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits       256
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@myhost.test.ex for abcd@test.ex
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <abcd@test.ex> R=server
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@myhost.test.ex for hostnotresume@test.ex
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@test.ex> R=server
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbG-000000005vi-0000@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbG-000000005vi-0000@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject   CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject  
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
index d129da2db27240ec66794661c27e6a21ba91333a..3395218fab72992c46017facbf283e6c30d9afda 100644 (file)
@@ -6,12 +6,12 @@ gnutls
 # SSLKEYLOGFILE=/home/jgh/git/exim/test/foo sudo exim -DSERVER=server -bd -oX PORT_D
 #
 ### TLS1.2
 # SSLKEYLOGFILE=/home/jgh/git/exim/test/foo sudo exim -DSERVER=server -bd -oX PORT_D
 #
 ### TLS1.2
-exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D:PORT_D2
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message. Contains FF: ÿ
 ****
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message. Contains FF: ÿ
 ****
-exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
+exim -DVALUE=resume -odf resume@test.ex hostnotresume@test.ex xyz@test.ex
 Test message to two different hosts, one does not support resume
 ****
 # allow time for ticket to hit renewal time
 Test message to two different hosts, one does not support resume
 ****
 # allow time for ticket to hit renewal time
@@ -36,18 +36,25 @@ Dest on this means the server cert will not verify (but try_verify will permit i
 exim -odf -DVALUE=resume noverify_resume@test.ex
 Dest on this means the server cert will not verify (but try_verify will permit it)
 ****
 exim -odf -DVALUE=resume noverify_resume@test.ex
 Dest on this means the server cert will not verify (but try_verify will permit it)
 ****
+# Test TLS-on-connect
+exim -DVALUE=resume -odf resume@test.ex
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@test.ex
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@test.ex
+****
 killdaemon
 sleep 1
 sudo rm -f DIR/spool/db/tls
 #
 #
 ### TLS1.3
 killdaemon
 sleep 1
 sudo rm -f DIR/spool/db/tls
 #
 #
 ### TLS1.3
-exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D:PORT_D2
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message. Contains FF: ÿ
 ****
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message. Contains FF: ÿ
 ****
-exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
+exim -DVALUE=resume -odf resume@test.ex hostnotresume@test.ex xyz@test.ex
 Test message to two different hosts, one does not support resume
 ****
 # allow time for ticket to hit renewal time
 Test message to two different hosts, one does not support resume
 ****
 # allow time for ticket to hit renewal time
@@ -78,6 +85,11 @@ exim -DVALUE=resume -DHELO_MSG=differenthost -odf resume@test.ex
 ****
 exim -DVALUE=resume -odf resume@test.ex
 ****
 ****
 exim -DVALUE=resume -odf resume@test.ex
 ****
+# Test TLS-on-connect
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@test.ex
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@test.ex
+****
 #
 killdaemon
 no_msglog_check
 #
 killdaemon
 no_msglog_check
index 77b93704bb3a45aabaadd469a63cd688b5602b77..92eed04d22e53b4977a62b0e06c4eb3ef2e12600 100644 (file)
@@ -1,7 +1,7 @@
 # TLSv1.2 session resumption
 #
 ### TLS1.2
 # TLSv1.2 session resumption
 #
 ### TLS1.2
-exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D:PORT_D2
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message.
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message.
@@ -46,6 +46,12 @@ exim -DVALUE=resume -DHELO_MSG=differenthost -odf resume@test.ex
 exim -DVALUE=resume -odf resume@test.ex
 ****
 #
 exim -DVALUE=resume -odf resume@test.ex
 ****
 #
+# Test TLS-on-connect
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@test.ex
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@test.ex
+****
+#
 # Check the -k (key only) option on dumpdb
 perl
 system 'DIR/eximdir/exim_dumpdb -k DIR/spool tls';
 # Check the -k (key only) option on dumpdb
 perl
 system 'DIR/eximdir/exim_dumpdb -k DIR/spool tls';
index 722bc9b08b3f3804e7360068145ae8bf25dbcbf1..b85351bd5e050ec75b30772471cde3b071d6055a 100644 (file)
@@ -1,12 +1,12 @@
 # TLSv1.3 session resumption
 #
 ### TLS1.3
 # TLSv1.3 session resumption
 #
 ### TLS1.3
-exim -DSERVER=server -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D:PORT_D2
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message. Contains FF: ÿ
 ****
 ****
 exim -DVALUE=resume -odf getticket@test.ex
 Test message. Contains FF: ÿ
 ****
-exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
+exim -DVALUE=resume -odf resume@test.ex hostnotresume@test.ex xyz@test.ex
 Test message to two different hosts, one does not support resume
 ****
 # allow time for ticket to hit renewal time
 Test message to two different hosts, one does not support resume
 ****
 # allow time for ticket to hit renewal time
@@ -24,5 +24,12 @@ Test message.
 exim -odf notreq@test.ex
 Test message, not requesting resumption.
 ****
 exim -odf notreq@test.ex
 Test message, not requesting resumption.
 ****
+#
+# Test TLS-on-connect
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@test.ex
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@test.ex
+****
+#
 killdaemon
 no_msglog_check
 killdaemon
 no_msglog_check
index 23a7bcf3edc11deb3f3bb1757f4002e087343279..077a3dd0ef92f83f078ebb04b14c7321562cf1b6 100644 (file)
@@ -1,5 +1,6 @@
 ### TLS1.2
   4686560d7a1d9becb8fd0c62406eaaf169b2ea1b889244342653024281bca106
 ### TLS1.2
   4686560d7a1d9becb8fd0c62406eaaf169b2ea1b889244342653024281bca106
+  8ff2965550bd60d7e4496ad508a8cff91ac5de6fbec4806e8c9c3d6959300e3e
   b90422e57483069e0b7dbcebbdf1be3504bae64df49ea1f699cc773acc8a76d5
 
 ******** SERVER ********
   b90422e57483069e0b7dbcebbdf1be3504bae64df49ea1f699cc773acc8a76d5
 
 ******** SERVER ********