# Exim test configuration 5821
-# DANE/OpenSSL - ciphers option
+# DANE/GnuTLS - ciphers option
SERVER=
OPT=
tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
# Permit two specific ciphers
-tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL
+tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM
# ----- Routers -----
begin routers
client:
driver = dnslookup
condition = ${if eq {SERVER}{}}
+ ignore_target_hosts = <; 0::0/0
dnssec_request_domains = *
self = send
transport = send_to_server
driver = smtp
allow_localhost
port = PORT_D
+ hosts_try_fastopen = :
hosts_try_dane = *
tls_verify_certificates = CDIR2/ca_chain.pem
# Some commonly-available cipher, we hope
- tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL
+ tls_require_ciphers = NORMAL:-CIPHER-ALL:+AES-128-CBC
dane_require_tls_ciphers = OPT
# ----- Retry -----