Testcases for dane_require_tls_ciphers
[exim.git] / test / confs / 5841
CommitLineData
cf260049
JH
1# Exim test configuration 5841
2# DANE/OpenSSL - ciphers option
3
4SERVER=
5OPT=
6
7.include DIR/aux-var/tls_conf_prefix
8
9primary_hostname = myhost.test.ex
10
11# ----- Main settings -----
12
13acl_smtp_rcpt = accept logwrite = "rcpt ACL"
14
15log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
16
17tls_advertise_hosts = *
18
19# Set certificate only if server
20CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
21
22tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
23tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
24
25# Permit two specific ciphers
26tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
27
28# ----- Routers -----
29begin routers
30
31client:
32 driver = dnslookup
33 condition = ${if eq {SERVER}{}}
34 dnssec_request_domains = *
35 self = send
36 transport = send_to_server
37 errors_to = ""
38
39server:
40 driver = redirect
41 data = :blackhole:
42
43# ----- Transports -----
44begin transports
45
46send_to_server:
47 driver = smtp
48 allow_localhost
49 port = PORT_D
50 hosts_try_dane = *
51 tls_verify_certificates = CDIR2/ca_chain.pem
52
53 # Some commonly-available cipher, we hope
54 tls_require_ciphers = ECDHE-RSA-AES256-GCM-SHA384
55 dane_require_tls_ciphers = OPT
56
57# ----- Retry -----
58begin retry
59* * F,5d,10s
60
61# End