X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/d51dbacf4da044f797cb4c07e026adc608f1bc98..ba97ac87b13f2f7380621ca998174b25cc7b2532:/test/confs/5841 diff --git a/test/confs/5841 b/test/confs/5841 index 867c1607f..98de91d76 100644 --- a/test/confs/5841 +++ b/test/confs/5841 @@ -2,7 +2,7 @@ # DANE/OpenSSL - ciphers option SERVER= -OPT= +LIST= .include DIR/aux-var/tls_conf_prefix @@ -25,12 +25,19 @@ tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.k # Permit two specific ciphers tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384 +# Force TLS1.2 so that the ciphers choice works + +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif + # ----- Routers ----- begin routers client: driver = dnslookup condition = ${if eq {SERVER}{}} + ignore_target_hosts = <; 0::0/0 dnssec_request_domains = * self = send transport = send_to_server @@ -52,7 +59,7 @@ send_to_server: # Some commonly-available cipher, we hope tls_require_ciphers = ECDHE-RSA-AES256-GCM-SHA384 - dane_require_tls_ciphers = OPT + dane_require_tls_ciphers = LIST # ----- Retry ----- begin retry