Commit | Line | Data |
---|---|---|
cf260049 | 1 | # Exim test configuration 5821 |
96c5bd40 | 2 | # DANE/GnuTLS - ciphers option |
cf260049 JH |
3 | |
4 | SERVER= | |
5 | OPT= | |
6 | ||
7 | .include DIR/aux-var/tls_conf_prefix | |
8 | ||
9 | primary_hostname = myhost.test.ex | |
10 | ||
11 | # ----- Main settings ----- | |
12 | ||
13 | acl_smtp_rcpt = accept logwrite = "rcpt ACL" | |
14 | ||
15 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
16 | ||
17 | tls_advertise_hosts = * | |
18 | ||
19 | # Set certificate only if server | |
20 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
21 | ||
22 | tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} | |
23 | tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} | |
24 | ||
25 | # Permit two specific ciphers | |
96c5bd40 | 26 | tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM |
cf260049 JH |
27 | |
28 | # ----- Routers ----- | |
29 | begin routers | |
30 | ||
31 | client: | |
32 | driver = dnslookup | |
33 | condition = ${if eq {SERVER}{}} | |
bffc2609 | 34 | ignore_target_hosts = <; 0::0/0 |
cf260049 JH |
35 | dnssec_request_domains = * |
36 | self = send | |
37 | transport = send_to_server | |
38 | errors_to = "" | |
39 | ||
40 | server: | |
41 | driver = redirect | |
42 | data = :blackhole: | |
43 | ||
44 | # ----- Transports ----- | |
45 | begin transports | |
46 | ||
47 | send_to_server: | |
48 | driver = smtp | |
49 | allow_localhost | |
50 | port = PORT_D | |
047d31cb | 51 | hosts_try_fastopen = : |
cf260049 JH |
52 | hosts_try_dane = * |
53 | tls_verify_certificates = CDIR2/ca_chain.pem | |
54 | ||
55 | # Some commonly-available cipher, we hope | |
8008accd | 56 | tls_require_ciphers = NORMAL:-CIPHER-ALL:+AES-128-CBC |
cf260049 JH |
57 | dane_require_tls_ciphers = OPT |
58 | ||
59 | # ----- Retry ----- | |
60 | begin retry | |
61 | * * F,5d,10s | |
62 | ||
63 | # End |