X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/cf2600498039d312e564e9b58cb28691b3fd36e1..2dc4c388544fb06a476f6526a705e15984cf1aa5:/test/confs/5821 diff --git a/test/confs/5821 b/test/confs/5821 index db2dc19d2..97d0cb8fa 100644 --- a/test/confs/5821 +++ b/test/confs/5821 @@ -1,5 +1,5 @@ # Exim test configuration 5821 -# DANE/OpenSSL - ciphers option +# DANE/GnuTLS - ciphers option SERVER= OPT= @@ -23,7 +23,7 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} # Permit two specific ciphers -tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL +tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM # ----- Routers ----- begin routers @@ -31,6 +31,7 @@ begin routers client: driver = dnslookup condition = ${if eq {SERVER}{}} + ignore_target_hosts = <; 0::0/0 dnssec_request_domains = * self = send transport = send_to_server @@ -51,7 +52,7 @@ send_to_server: tls_verify_certificates = CDIR2/ca_chain.pem # Some commonly-available cipher, we hope - tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL + tls_require_ciphers = NORMAL:-CIPHER-ALL:+AES-128-CBC dane_require_tls_ciphers = OPT # ----- Retry -----