Commit | Line | Data |
---|---|---|
cf260049 JH |
1 | # Exim test configuration 5841 |
2 | # DANE/OpenSSL - ciphers option | |
3 | ||
4 | SERVER= | |
9e9ad3ee | 5 | LIST= |
cf260049 JH |
6 | |
7 | .include DIR/aux-var/tls_conf_prefix | |
8 | ||
9 | primary_hostname = myhost.test.ex | |
10 | ||
11 | # ----- Main settings ----- | |
12 | ||
13 | acl_smtp_rcpt = accept logwrite = "rcpt ACL" | |
14 | ||
15 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
16 | ||
17 | tls_advertise_hosts = * | |
18 | ||
19 | # Set certificate only if server | |
20 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
21 | ||
22 | tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail} | |
23 | tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail} | |
24 | ||
25 | # Permit two specific ciphers | |
f94aac30 | 26 | tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384 |
cf260049 | 27 | |
9e9ad3ee JH |
28 | # Force TLS1.2 so that the ciphers choice works |
29 | ||
30 | .ifdef _OPT_OPENSSL_NO_TLSV1_3_X | |
31 | openssl_options = +no_tlsv1_3 | |
32 | .endif | |
33 | ||
cf260049 JH |
34 | # ----- Routers ----- |
35 | begin routers | |
36 | ||
37 | client: | |
38 | driver = dnslookup | |
39 | condition = ${if eq {SERVER}{}} | |
bffc2609 | 40 | ignore_target_hosts = <; 0::0/0 |
cf260049 JH |
41 | dnssec_request_domains = * |
42 | self = send | |
43 | transport = send_to_server | |
44 | errors_to = "" | |
45 | ||
46 | server: | |
47 | driver = redirect | |
48 | data = :blackhole: | |
49 | ||
50 | # ----- Transports ----- | |
51 | begin transports | |
52 | ||
53 | send_to_server: | |
54 | driver = smtp | |
55 | allow_localhost | |
56 | port = PORT_D | |
57 | hosts_try_dane = * | |
58 | tls_verify_certificates = CDIR2/ca_chain.pem | |
59 | ||
60 | # Some commonly-available cipher, we hope | |
61 | tls_require_ciphers = ECDHE-RSA-AES256-GCM-SHA384 | |
9e9ad3ee | 62 | dane_require_tls_ciphers = LIST |
cf260049 JH |
63 | |
64 | # ----- Retry ----- | |
65 | begin retry | |
66 | * * F,5d,10s | |
67 | ||
68 | # End |