X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=test%2Fconfs%2F5841;h=e1d2c28be54132979f05aa624b9d8eeab749850e;hp=57d692826af3dd3181075029e3c0adb69346b026;hb=759502e5af0acfb310b8571f056d2dbf59adb1d3;hpb=bffc2609553745d57e15942505f34cbdd3c26b7f

diff --git a/test/confs/5841 b/test/confs/5841
index 57d692826..e1d2c28be 100644
--- a/test/confs/5841
+++ b/test/confs/5841
@@ -2,7 +2,7 @@
 # DANE/OpenSSL - ciphers option
 
 SERVER=
-OPT=
+LIST=
 
 .include DIR/aux-var/tls_conf_prefix
 
@@ -23,7 +23,13 @@ tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
 tls_privatekey =  ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
 
 # Permit two specific ciphers
-tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+tls_require_ciphers = DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384
+
+# Force TLS1.2 so that the ciphers choice works
+
+.ifdef _OPT_OPENSSL_NO_TLSV1_3_X
+openssl_options = +no_tlsv1_3
+.endif
 
 # ----- Routers -----
 begin routers
@@ -48,12 +54,13 @@ send_to_server:
   driver =			smtp
   allow_localhost
   port =			PORT_D
+  hosts_try_fastopen =		:
   hosts_try_dane =		*
   tls_verify_certificates =	CDIR2/ca_chain.pem
 
   # Some commonly-available cipher, we hope
   tls_require_ciphers =		ECDHE-RSA-AES256-GCM-SHA384
-  dane_require_tls_ciphers =	OPT
+  dane_require_tls_ciphers =	LIST
 
 # ----- Retry -----
 begin retry