| 1 | # TLS client & server: (gnu)tls_require_xxx |
| 2 | gnutls |
| 3 | # Start up the server |
| 4 | exim -DSERVER=server -bd -oX PORT_D |
| 5 | **** |
| 6 | # This puts a message on the queue (queue_only is set). |
| 7 | exim userx@test.ex |
| 8 | Testing |
| 9 | **** |
| 10 | # This will fail to deliver encrypted because there are no acceptable |
| 11 | # ciphers, so it will deliver in clear. |
| 12 | exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5 |
| 13 | **** |
| 14 | # This delivers the message to the server, where it will remain |
| 15 | # on the queue because queue_only is set. |
| 16 | exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5:DES-CBC3-SHA:RSA_ARCFOUR_SHA |
| 17 | **** |
| 18 | # So we can deliver it again and again, with different parameters. |
| 19 | exim -qf -DCREQMAC=gnutls_require_mac=MD5 |
| 20 | **** |
| 21 | exim -qf -DCREQMAC=gnutls_require_mac=!SHA1 |
| 22 | **** |
| 23 | exim -qf -DCREQMAC=gnutls_require_mac=MD5:SHA |
| 24 | **** |
| 25 | exim -qf -DCREQMAC=gnutls_require_kx=!DHE |
| 26 | **** |
| 27 | exim -qf -DCREQMAC=gnutls_require_protocols=SSL3 |
| 28 | **** |
| 29 | # Restart the server with a cipher restriction |
| 30 | killdaemon |
| 31 | exim -DSERVER=server \ |
| 32 | -DSREQCIP=tls_require_ciphers=ARCFOUR \ |
| 33 | -DSREQMAC=gnutls_require_mac=MD5 \ |
| 34 | -bd -oX PORT_D |
| 35 | **** |
| 36 | exim -qf |
| 37 | **** |
| 38 | killdaemon |
| 39 | no_msglog_check |