GnuTLS: Fix client detection of server reject of client cert under TLS1.3
[exim.git] / test / confs / 4060
1 # test config 4060
2 # Pipelining the early part of the SMTP conversation, starttls
3
4 CONTROL=*
5 OPT=
6 CONNECTCOND=
7
8 keep_environment = PATH
9 exim_path = EXIM_PATH
10 host_lookup_order = bydns
11 spool_directory = DIR/spool
12
13 .ifdef SERVER
14 log_file_path = DIR/spool/log/SERVER%slog
15 .else
16 log_file_path = DIR/spool/log/%slog
17 .endif
18
19 gecos_pattern = ""
20 gecos_name = CALLER_NAME
21 dns_cname_loops = 9
22 chunking_advertise_hosts = OPT
23 tls_advertise_hosts = *
24 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
25
26 # Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
27 .ifdef _HAVE_GNUTLS
28 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
29 .else
30 tls_require_ciphers = DEFAULT:!kECDHE
31 .endif
32
33 pipelining_connect_advertise_hosts = *
34 log_selector = +received_recipients +millisec +pipelining
35 queue_only
36
37 acl_smtp_rcpt = accept
38
39 #
40 begin routers
41
42 server:
43   driver =      redirect
44   condition =   ${if eq {SERVER}{server}}
45   data =        :blackhole:
46
47 client:
48   driver =      manualroute
49   route_data =  127.0.0.1::PORT_D
50   self =        send
51   transport =   smtp
52
53 #
54 begin transports
55
56 smtp:
57   driver =              smtp
58   hosts_try_fastopen =  CONNECTCOND
59   hosts_pipe_connect =  CONTROL
60   tls_verify_hosts =
61   tls_try_verify_hosts =
62