Commit | Line | Data |
---|---|---|
cf260049 JH |
1 | # Exim test configuration 5821 |
2 | # DANE/OpenSSL - ciphers option | |
3 | ||
4 | SERVER= | |
5 | OPT= | |
6 | ||
7 | .include DIR/aux-var/tls_conf_prefix | |
8 | ||
9 | primary_hostname = myhost.test.ex | |
10 | ||
11 | # ----- Main settings ----- | |
12 | ||
13 | acl_smtp_rcpt = accept logwrite = "rcpt ACL" | |
14 | ||
15 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
16 | ||
17 | tls_advertise_hosts = * | |
18 | ||
19 | # Set certificate only if server | |
20 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
21 | ||
22 | tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} | |
23 | tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} | |
24 | ||
25 | # Permit two specific ciphers | |
26 | tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL | |
27 | ||
28 | # ----- Routers ----- | |
29 | begin routers | |
30 | ||
31 | client: | |
32 | driver = dnslookup | |
33 | condition = ${if eq {SERVER}{}} | |
bffc2609 | 34 | ignore_target_hosts = <; 0::0/0 |
cf260049 JH |
35 | dnssec_request_domains = * |
36 | self = send | |
37 | transport = send_to_server | |
38 | errors_to = "" | |
39 | ||
40 | server: | |
41 | driver = redirect | |
42 | data = :blackhole: | |
43 | ||
44 | # ----- Transports ----- | |
45 | begin transports | |
46 | ||
47 | send_to_server: | |
48 | driver = smtp | |
49 | allow_localhost | |
50 | port = PORT_D | |
51 | hosts_try_dane = * | |
52 | tls_verify_certificates = CDIR2/ca_chain.pem | |
53 | ||
54 | # Some commonly-available cipher, we hope | |
55 | tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL | |
56 | dane_require_tls_ciphers = OPT | |
57 | ||
58 | # ----- Retry ----- | |
59 | begin retry | |
60 | * * F,5d,10s | |
61 | ||
62 | # End |