X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/59371ea735c941334861aa5b8e1e9a06facf044f..aa6dc51334206deff2ec80bfcbcf543714efe6d6:/test/scripts/2000-GnuTLS/2011 diff --git a/test/scripts/2000-GnuTLS/2011 b/test/scripts/2000-GnuTLS/2011 index 4e48ebce6..6f72fba80 100644 --- a/test/scripts/2000-GnuTLS/2011 +++ b/test/scripts/2000-GnuTLS/2011 @@ -1,10 +1,38 @@ -# TLS client: require_ciphers +# TLS client & server: (gnu)tls_require_xxx gnutls +# Start up the server exim -DSERVER=server -bd -oX PORT_D **** +# This puts a message on the queue (queue_only is set). exim userx@test.ex Testing **** +# This will fail to deliver encrypted because there are no acceptable +# ciphers, so it will deliver in clear. +exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5 +**** +# This delivers the message to the server, where it will remain +# on the queue because queue_only is set. +exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5:DES-CBC3-SHA:RSA_ARCFOUR_SHA +**** +# So we can deliver it again and again, with different parameters. +exim -qf -DCREQMAC=gnutls_require_mac=MD5 +**** +exim -qf -DCREQMAC=gnutls_require_mac=!SHA1 +**** +exim -qf -DCREQMAC=gnutls_require_mac=MD5:SHA +**** +exim -qf -DCREQMAC=gnutls_require_kx=!DHE +**** +exim -qf -DCREQMAC=gnutls_require_protocols=SSL3 +**** +# Restart the server with a cipher restriction +killdaemon +exim -DSERVER=server \ + -DSREQCIP=tls_require_ciphers=ARCFOUR \ + -DSREQMAC=gnutls_require_mac=MD5 \ + -bd -oX PORT_D +**** exim -qf **** killdaemon