Testsuite: compat vs. older GnuTLS
[exim.git] / test / confs / 5821
CommitLineData
cf260049 1# Exim test configuration 5821
96c5bd40 2# DANE/GnuTLS - ciphers option
cf260049
JH
3
4SERVER=
5OPT=
6
7.include DIR/aux-var/tls_conf_prefix
8
9primary_hostname = myhost.test.ex
10
11# ----- Main settings -----
12
13acl_smtp_rcpt = accept logwrite = "rcpt ACL"
14
15log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
16
17tls_advertise_hosts = *
18
19# Set certificate only if server
20CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
21
22tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
23tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
24
25# Permit two specific ciphers
96c5bd40 26tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM
cf260049
JH
27
28# ----- Routers -----
29begin routers
30
31client:
32 driver = dnslookup
33 condition = ${if eq {SERVER}{}}
bffc2609 34 ignore_target_hosts = <; 0::0/0
cf260049
JH
35 dnssec_request_domains = *
36 self = send
37 transport = send_to_server
38 errors_to = ""
39
40server:
41 driver = redirect
42 data = :blackhole:
43
44# ----- Transports -----
45begin transports
46
47send_to_server:
48 driver = smtp
49 allow_localhost
50 port = PORT_D
51 hosts_try_dane = *
52 tls_verify_certificates = CDIR2/ca_chain.pem
53
54 # Some commonly-available cipher, we hope
8008accd 55 tls_require_ciphers = NORMAL:-CIPHER-ALL:+AES-128-CBC
cf260049
JH
56 dane_require_tls_ciphers = OPT
57
58# ----- Retry -----
59begin retry
60* * F,5d,10s
61
62# End