X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/86ba355d5fa60c3e9c444b440e91d233fdda0a27..d901e231acd1917d24b688cbd7823efc2bed45c4:/test/confs/5841?ds=sidebyside diff --git a/test/confs/5841 b/test/confs/5841 index 57d692826..e1d2c28be 100644 --- a/test/confs/5841 +++ b/test/confs/5841 @@ -2,7 +2,7 @@ # DANE/OpenSSL - ciphers option SERVER= -OPT= +LIST= .include DIR/aux-var/tls_conf_prefix @@ -23,7 +23,13 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} # Permit two specific ciphers -tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384 +tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384 + +# Force TLS1.2 so that the ciphers choice works + +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif # ----- Routers ----- begin routers @@ -48,12 +54,13 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = * tls_verify_certificates = CDIR2/ca_chain.pem # Some commonly-available cipher, we hope tls_require_ciphers = ECDHE-RSA-AES256-GCM-SHA384 - dane_require_tls_ciphers = OPT + dane_require_tls_ciphers = LIST # ----- Retry ----- begin retry