projects / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 25d5d9f)
TLS: add variables for the IETF standard name for the connection ciphersuite
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 3 Feb 2019 22:12:48 +0000 (22:12 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Mon, 4 Feb 2019 13:19:36 +0000 (13:19 +0000)
20 files changed:
doc/doc-docbook/spec.xfpt patch | blob | blame | history
doc/doc-txt/ChangeLog patch | blob | blame | history
doc/doc-txt/NewStuff patch | blob | blame | history
src/OS/Makefile-Base patch | blob | blame | history
src/scripts/MakeLinks patch | blob | blame | history
src/src/expand.c patch | blob | blame | history
src/src/globals.c patch | blob | blame | history
src/src/globals.h patch | blob | blame | history
src/src/tls-cipher-stdname.c [new file with mode: 0644] patch | blob
src/src/tls-gnu.c patch | blob | blame | history
src/src/tls-openssl.c patch | blob | blame | history
test/log/2102.openssl_1_1_1 patch | blob | blame | history
test/runtest patch | blob | blame | history
test/stderr/0402 patch | blob | blame | history
test/stderr/0544 patch | blob | blame | history
test/stderr/5410 patch | blob | blame | history
test/stderr/5420 patch | blob | blame | history
test/stdout/2114.openssl_1_1_1 patch | blob | blame | history
test/stdout/2124.openssl_1_1_1 patch | blob | blame | history
test/stdout/2132.openssl_1_1_1 patch | blob | blame | history

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 331e56021cd43d52ff00f1ee8ca75b19aa5ab201..1f45a6f0451c61023586507cd24e51ca10c8ee3e 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -13220,6 +13220,12 @@ The deprecated &$tls_cipher$& variable is the same as &$tls_in_cipher$& during m
 but in the context of an outward SMTP delivery taking place via the &(smtp)& transport
 becomes the same as &$tls_out_cipher$&.
 
 but in the context of an outward SMTP delivery taking place via the &(smtp)& transport
 becomes the same as &$tls_out_cipher$&.
 
+.new
+.vitem &$tls_in_cipher_std$&
+.vindex "&$tls_in_cipher_std$&"
+As above, but returning the RFC standard name for the cipher suite.
+.wen
+
 .vitem &$tls_out_cipher$&
 .vindex "&$tls_out_cipher$&"
 This variable is
 .vitem &$tls_out_cipher$&
 .vindex "&$tls_out_cipher$&"
 This variable is
@@ -13228,6 +13234,12 @@ and then set to the outgoing cipher suite if one is negotiated. See chapter
 &<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
 details of the &(smtp)& transport.
 
 &<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
 details of the &(smtp)& transport.
 
+,new
+.vitem &$tls_out_cipher_std$&
+.vindex "&$tls_out_cipher_std$&"
+As above, but returning the RFC standard name for the cipher suite.
+.wen
+
 .vitem &$tls_out_dane$&
 .vindex &$tls_out_dane$&
 DANE active status.  See section &<<SECDANE>>&.
 .vitem &$tls_out_dane$&
 .vindex &$tls_out_dane$&
 DANE active status.  See section &<<SECDANE>>&.
@@ -16459,23 +16471,26 @@ on at the end (preceded by a semicolon). The string is expanded each time it is
 used. If the expansion yields an empty string, no &'Received:'& header line is
 added to the message. Otherwise, the string should start with the text
 &"Received:"& and conform to the RFC 2822 specification for &'Received:'&
 used. If the expansion yields an empty string, no &'Received:'& header line is
 added to the message. Otherwise, the string should start with the text
 &"Received:"& and conform to the RFC 2822 specification for &'Received:'&
-header lines. The default setting is:
+header lines.
+.new
+The default setting is:
 
 .code
 received_header_text = Received: \
   ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
 
 .code
 received_header_text = Received: \
   ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
-  {${if def:sender_ident \
-  {from ${quote_local_part:$sender_ident} }}\
-  ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
+    {${if def:sender_ident \
+      {from ${quote_local_part:$sender_ident} }}\
+        ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
   by $primary_hostname \
   by $primary_hostname \
-  ${if def:received_protocol {with $received_protocol}} \
-  ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\
+  ${if def:received_protocol {with $received_protocol }}\
+  ${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}\
   (Exim $version_number)\n\t\
   ${if def:sender_address \
   {(envelope-from <$sender_address>)\n\t}}\
   id $message_exim_id\
   ${if def:received_for {\n\tfor $received_for}}
 .endd
   (Exim $version_number)\n\t\
   ${if def:sender_address \
   {(envelope-from <$sender_address>)\n\t}}\
   id $message_exim_id\
   ${if def:received_for {\n\tfor $received_for}}
 .endd
+.wen
 
 The reference to the TLS cipher is omitted when Exim is built without TLS
 support. The use of conditional expansions ensures that this works for both
 
 The reference to the TLS cipher is omitted when Exim is built without TLS
 support. The use of conditional expansions ensures that this works for both
@@ -27350,7 +27365,7 @@ but is a full SMTP SASL authenticator
 rather than being implicit for TLS-connection carried
 client certificates only.
 
 rather than being implicit for TLS-connection carried
 client certificates only.
 
-The examples and discussion in this chapter assume that 
+The examples and discussion in this chapter assume that
 client-certificate authentication is being done.
 
 The client must present a certificate,
 client-certificate authentication is being done.
 
 The client must present a certificate,
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index eebc9d8a7285dec78f9689d1fe1ef2b4b5afea6f..800cfaf573ee9d268289bc79c00f5885ef08c137 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -18,6 +18,8 @@ JH/02 OpenSSL: suppress the sending of (stateful) TLS1.3 session tickets.
 JH/03 Debug output for ACL now gives the config file name and line number for
       each verb.
 
 JH/03 Debug output for ACL now gives the config file name and line number for
       each verb.
 
+JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.
+
 
 Exim version 4.92
 -----------------
 
 Exim version 4.92
 -----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index c44e21af0be9a5a6bc6b547bcd56483cbea2634d..ac0254ffa8486302174eaf6dd10a0b111f8933d9 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -13,6 +13,9 @@ Version 4.92
 
  2. A JSON lookup type, and JSON variants of the forall/any expansion conditions.
 
 
  2. A JSON lookup type, and JSON variants of the forall/any expansion conditions.
 
+ 3. Variables $tls_in_cipher_std, $tls_out_cipher_std giving the RFC names
+    for ciphersuites.
+
 Version 4.92
 --------------
 
 Version 4.92
 --------------
 
diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index 79bec063b6157e9009b0e39824bb48fbaee2bb4c..b99cb9ffcc8275affc1c4604fcd2575ac7bde207 100644 (file)
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -816,7 +816,8 @@ store.o:         $(HDRS) store.c
 string.o:        $(HDRS) string.c
 tls.o:           $(HDRS) tls.c \
                 tls-gnu.c tlscert-gnu.c \
 string.o:        $(HDRS) string.c
 tls.o:           $(HDRS) tls.c \
                 tls-gnu.c tlscert-gnu.c \
-                tls-openssl.c tlscert-openssl.c
+                tls-openssl.c tlscert-openssl.c \
+                tls-cipher-stdname.c
 tod.o:           $(HDRS) tod.c
 transport.o:     $(HDRS) transport.c
 tree.o:          $(HDRS) tree.c
 tod.o:           $(HDRS) tod.c
 transport.o:     $(HDRS) transport.c
 tree.o:          $(HDRS) tree.c
diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks
index b717367978f5eedf602852e00c6c54bc2e465cb6..8d8345c06f22790bf260514d9ac688187e82e6c8 100755 (executable)
--- a/src/scripts/MakeLinks
+++ b/src/scripts/MakeLinks
@@ -106,7 +106,8 @@ for f in blob.h dbfunctions.h dbstuff.h exim.h functions.h globals.h \
   rda.c readconf.c receive.c retry.c rewrite.c rfc2047.c route.c search.c \
   setenv.c environment.c \
   sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \
   rda.c readconf.c receive.c retry.c rewrite.c rfc2047.c route.c search.c \
   setenv.c environment.c \
   sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \
-  string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-gnu.c tls-openssl.c \
+  string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-cipher-stdname.c \
+  tls-gnu.c tls-openssl.c \
   tod.c transport.c tree.c verify.c version.c \
   dkim.c dkim.h dkim_transport.c dmarc.c dmarc.h \
   valgrind.h memcheck.h \
   tod.c transport.c tree.c verify.c version.c \
   dkim.c dkim.h dkim_transport.c dmarc.c dmarc.h \
   valgrind.h memcheck.h \
diff --git a/src/src/expand.c b/src/src/expand.c
index 2128ee72c768eb72ce0b0b1973188f9f3de48b07..ec5660adbdefb5752aa627ea831eb322a0f46250 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -749,6 +749,7 @@ static var_entry var_table[] = {
   { "tls_in_bits",         vtype_int,         &tls_in.bits },
   { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
   { "tls_in_cipher",       vtype_stringptr,   &tls_in.cipher },
   { "tls_in_bits",         vtype_int,         &tls_in.bits },
   { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
   { "tls_in_cipher",       vtype_stringptr,   &tls_in.cipher },
+  { "tls_in_cipher_std",   vtype_stringptr,   &tls_in.cipher_stdname },
   { "tls_in_ocsp",         vtype_int,         &tls_in.ocsp },
   { "tls_in_ourcert",      vtype_cert,        &tls_in.ourcert },
   { "tls_in_peercert",     vtype_cert,        &tls_in.peercert },
   { "tls_in_ocsp",         vtype_int,         &tls_in.ocsp },
   { "tls_in_ourcert",      vtype_cert,        &tls_in.ourcert },
   { "tls_in_peercert",     vtype_cert,        &tls_in.peercert },
@@ -759,6 +760,7 @@ static var_entry var_table[] = {
   { "tls_out_bits",        vtype_int,         &tls_out.bits },
   { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
   { "tls_out_cipher",      vtype_stringptr,   &tls_out.cipher },
   { "tls_out_bits",        vtype_int,         &tls_out.bits },
   { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
   { "tls_out_cipher",      vtype_stringptr,   &tls_out.cipher },
+  { "tls_out_cipher_std",  vtype_stringptr,   &tls_out.cipher_stdname },
 #ifdef SUPPORT_DANE
   { "tls_out_dane",        vtype_bool,        &tls_out.dane_verified },
 #endif
 #ifdef SUPPORT_DANE
   { "tls_out_dane",        vtype_bool,        &tls_out.dane_verified },
 #endif
diff --git a/src/src/globals.c b/src/src/globals.c
index b3362a34c063ea23b2d7046748d8f2d2d9be08bc..df71025a3465c28e0f825782b4dc041b80aff6a5 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1246,13 +1246,13 @@ date  will be automatically added on the end. */
 uschar *received_header_text   = US
      "Received: "
      "${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
 uschar *received_header_text   = US
      "Received: "
      "${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
-     "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
-     "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
+       "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
+         "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
      "by $primary_hostname "
      "by $primary_hostname "
-     "${if def:received_protocol {with $received_protocol}} "
-     #ifdef SUPPORT_TLS
-     "${if def:tls_cipher {($tls_cipher)\n\t}}"
-     #endif
+     "${if def:received_protocol {with $received_protocol }}"
+#ifdef SUPPORT_TLS
+     "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
+#endif
      "(Exim $version_number)\n\t"
      "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
      "id $message_exim_id"
      "(Exim $version_number)\n\t"
      "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
      "id $message_exim_id"
diff --git a/src/src/globals.h b/src/src/globals.h
index c90783e3c180fb9a25b982e5d88cde06ccb1097d..453d8325d90c2c8a91db213d7e688dfcb69983b9 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -88,6 +88,8 @@ typedef struct {
   int     tlsa_usage;         /* TLSA record(s) usage */
 #endif
   uschar *cipher;             /* Cipher used */
   int     tlsa_usage;         /* TLSA record(s) usage */
 #endif
   uschar *cipher;             /* Cipher used */
+  const uschar *cipher_stdname; /* Cipher used, RFC version */
+  
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
   void   *ourcert;            /* Certificate we presented, binary */
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
   void   *ourcert;            /* Certificate we presented, binary */
diff --git a/src/src/tls-cipher-stdname.c b/src/src/tls-cipher-stdname.c
new file mode 100644 (file)
index 0000000..ab973af
--- /dev/null
+++ b/src/src/tls-cipher-stdname.c
@@ -0,0 +1,393 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) Jeremy Harris 2019 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Translate an IETF TLS ciphersuite code to an IETF ciphersuite name,
+for use when the TLS library do not provide such names.
+This file is #included by the tls-<library>.c file.
+
+Values for these tables pulled on 2019/02/03 from
+https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */
+
+
+
+static const uschar * ctb_00[] = {
+[0x00] = US "TLS_NULL_WITH_NULL_NULL",
+[0x01] = US "TLS_RSA_WITH_NULL_MD5",
+[0x02] = US "TLS_RSA_WITH_NULL_SHA",
+[0x03] = US "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
+[0x04] = US "TLS_RSA_WITH_RC4_128_MD5",
+[0x05] = US "TLS_RSA_WITH_RC4_128_SHA",
+[0x06] = US "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+[0x07] = US "TLS_RSA_WITH_IDEA_CBC_SHA",
+[0x08] = US "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x09] = US "TLS_RSA_WITH_DES_CBC_SHA",
+[0x0A] = US "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x0B] = US "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+[0x0C] = US "TLS_DH_DSS_WITH_DES_CBC_SHA",
+[0x0D] = US "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x0E] = US "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x0F] = US "TLS_DH_RSA_WITH_DES_CBC_SHA",
+[0x10] = US "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x11] = US "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+[0x12] = US "TLS_DHE_DSS_WITH_DES_CBC_SHA",
+[0x13] = US "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x14] = US "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x15] = US "TLS_DHE_RSA_WITH_DES_CBC_SHA",
+[0x16] = US "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x17] = US "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
+[0x18] = US "TLS_DH_anon_WITH_RC4_128_MD5",
+[0x19] = US "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+[0x1A] = US "TLS_DH_anon_WITH_DES_CBC_SHA",
+[0x1B] = US "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+
+[0x1E] = US "TLS_KRB5_WITH_DES_CBC_SHA",
+[0x1F] = US "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+[0x20] = US "TLS_KRB5_WITH_RC4_128_SHA",
+[0x21] = US "TLS_KRB5_WITH_IDEA_CBC_SHA",
+[0x22] = US "TLS_KRB5_WITH_DES_CBC_MD5",
+[0x23] = US "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+[0x24] = US "TLS_KRB5_WITH_RC4_128_MD5",
+[0x25] = US "TLS_KRB5_WITH_IDEA_CBC_MD5",
+[0x26] = US "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+[0x27] = US "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
+[0x28] = US "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+[0x29] = US "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+[0x2A] = US "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+[0x2B] = US "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+[0x2C] = US "TLS_PSK_WITH_NULL_SHA",
+[0x2D] = US "TLS_DHE_PSK_WITH_NULL_SHA",
+[0x2E] = US "TLS_RSA_PSK_WITH_NULL_SHA",
+[0x2F] = US "TLS_RSA_WITH_AES_128_CBC_SHA",
+[0x30] = US "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+[0x31] = US "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+[0x32] = US "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+[0x33] = US "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+[0x34] = US "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+[0x35] = US "TLS_RSA_WITH_AES_256_CBC_SHA",
+[0x36] = US "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+[0x37] = US "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+[0x38] = US "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+[0x39] = US "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+[0x3A] = US "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+[0x3B] = US "TLS_RSA_WITH_NULL_SHA256",
+[0x3C] = US "TLS_RSA_WITH_AES_128_CBC_SHA256",
+[0x3D] = US "TLS_RSA_WITH_AES_256_CBC_SHA256",
+[0x3E] = US "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+[0x3F] = US "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+[0x40] = US "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+[0x41] = US "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x42] = US "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
+[0x43] = US "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x44] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+[0x45] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x46] = US "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
+
+[0x67] = US "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+[0x68] = US "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+[0x69] = US "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+[0x6A] = US "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+[0x6B] = US "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+[0x6C] = US "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+[0x6D] = US "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+
+[0x84] = US "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x85] = US "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
+[0x86] = US "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x87] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+[0x88] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x89] = US "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
+[0x8A] = US "TLS_PSK_WITH_RC4_128_SHA",
+[0x8B] = US "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x8C] = US "TLS_PSK_WITH_AES_128_CBC_SHA",
+[0x8D] = US "TLS_PSK_WITH_AES_256_CBC_SHA",
+[0x8E] = US "TLS_DHE_PSK_WITH_RC4_128_SHA",
+[0x8F] = US "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x90] = US "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
+[0x91] = US "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
+[0x92] = US "TLS_RSA_PSK_WITH_RC4_128_SHA",
+[0x93] = US "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x94] = US "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
+[0x95] = US "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
+[0x96] = US "TLS_RSA_WITH_SEED_CBC_SHA",
+[0x97] = US "TLS_DH_DSS_WITH_SEED_CBC_SHA",
+[0x98] = US "TLS_DH_RSA_WITH_SEED_CBC_SHA",
+[0x99] = US "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+[0x9A] = US "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+[0x9B] = US "TLS_DH_anon_WITH_SEED_CBC_SHA",
+[0x9C] = US "TLS_RSA_WITH_AES_128_GCM_SHA256",
+[0x9D] = US "TLS_RSA_WITH_AES_256_GCM_SHA384",
+[0x9E] = US "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+[0x9F] = US "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+[0xA0] = US "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+[0xA1] = US "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+[0xA2] = US "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+[0xA3] = US "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+[0xA4] = US "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+[0xA5] = US "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+[0xA6] = US "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+[0xA7] = US "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+[0xA8] = US "TLS_PSK_WITH_AES_128_GCM_SHA256",
+[0xA9] = US "TLS_PSK_WITH_AES_256_GCM_SHA384",
+[0xAA] = US "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
+[0xAB] = US "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
+[0xAC] = US "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
+[0xAD] = US "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
+[0xAE] = US "TLS_PSK_WITH_AES_128_CBC_SHA256",
+[0xAF] = US "TLS_PSK_WITH_AES_256_CBC_SHA384",
+[0xB0] = US "TLS_PSK_WITH_NULL_SHA256",
+[0xB1] = US "TLS_PSK_WITH_NULL_SHA384",
+[0xB2] = US "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
+[0xB3] = US "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
+[0xB4] = US "TLS_DHE_PSK_WITH_NULL_SHA256",
+[0xB5] = US "TLS_DHE_PSK_WITH_NULL_SHA384",
+[0xB6] = US "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
+[0xB7] = US "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
+[0xB8] = US "TLS_RSA_PSK_WITH_NULL_SHA256",
+[0xB9] = US "TLS_RSA_PSK_WITH_NULL_SHA384",
+[0xBA] = US "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBB] = US "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBC] = US "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBD] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBE] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBF] = US "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
+[0xC0] = US "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC1] = US "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC2] = US "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC3] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC4] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC5] = US "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
+};
+static const uschar * ctb_13[] = {
+[0x01] = US "TLS_AES_128_GCM_SHA256",
+[0x02] = US "TLS_AES_256_GCM_SHA384",
+[0x03] = US "TLS_CHACHA20_POLY1305_SHA256",
+[0x04] = US "TLS_AES_128_CCM_SHA256",
+[0x05] = US "TLS_AES_128_CCM_8_SHA256",
+};
+static const uschar * ctb_c0[] = {
+[0x01] = US "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+[0x02] = US "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+[0x03] = US "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+[0x04] = US "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+[0x05] = US "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+[0x06] = US "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+[0x07] = US "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+[0x08] = US "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+[0x09] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+[0x0A] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+[0x0B] = US "TLS_ECDH_RSA_WITH_NULL_SHA",
+[0x0C] = US "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+[0x0D] = US "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x0E] = US "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+[0x0F] = US "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+[0x10] = US "TLS_ECDHE_RSA_WITH_NULL_SHA",
+[0x11] = US "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+[0x12] = US "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x13] = US "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+[0x14] = US "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+[0x15] = US "TLS_ECDH_anon_WITH_NULL_SHA",
+[0x16] = US "TLS_ECDH_anon_WITH_RC4_128_SHA",
+[0x17] = US "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+[0x18] = US "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+[0x19] = US "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+[0x1A] = US "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
+[0x1B] = US "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x1C] = US "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x1D] = US "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
+[0x1E] = US "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+[0x1F] = US "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+[0x20] = US "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
+[0x21] = US "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+[0x22] = US "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+[0x23] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+[0x24] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+[0x25] = US "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+[0x26] = US "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+[0x27] = US "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+[0x28] = US "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+[0x29] = US "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+[0x2A] = US "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+[0x2B] = US "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+[0x2C] = US "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+[0x2D] = US "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+[0x2E] = US "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+[0x2F] = US "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+[0x30] = US "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+[0x31] = US "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+[0x32] = US "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+[0x33] = US "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
+[0x34] = US "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x35] = US "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
+[0x36] = US "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
+[0x37] = US "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+[0x38] = US "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
+[0x39] = US "TLS_ECDHE_PSK_WITH_NULL_SHA",
+[0x3A] = US "TLS_ECDHE_PSK_WITH_NULL_SHA256",
+[0x3B] = US "TLS_ECDHE_PSK_WITH_NULL_SHA384",
+[0x3C] = US "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x3D] = US "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x3E] = US "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
+[0x3F] = US "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
+[0x40] = US "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x41] = US "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x42] = US "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
+[0x43] = US "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
+[0x44] = US "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x45] = US "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x46] = US "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
+[0x47] = US "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
+[0x48] = US "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
+[0x49] = US "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
+[0x4A] = US "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
+[0x4B] = US "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
+[0x4C] = US "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x4D] = US "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x4E] = US "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x4F] = US "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x50] = US "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x51] = US "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x52] = US "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x53] = US "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x54] = US "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x55] = US "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x56] = US "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",
+[0x57] = US "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",
+[0x58] = US "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
+[0x59] = US "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
+[0x5A] = US "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
+[0x5B] = US "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
+[0x5C] = US "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
+[0x5D] = US "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
+[0x5E] = US "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
+[0x5F] = US "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
+[0x60] = US "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x61] = US "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x62] = US "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x63] = US "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x64] = US "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x65] = US "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x66] = US "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x67] = US "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x68] = US "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x69] = US "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x6A] = US "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6B] = US "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x6C] = US "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6D] = US "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x6E] = US "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6F] = US "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x70] = US "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x71] = US "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x72] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x73] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x74] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x75] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x76] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x77] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x78] = US "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x79] = US "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x7A] = US "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7B] = US "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x7C] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7D] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x7E] = US "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7F] = US "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x80] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
+[0x81] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
+[0x82] = US "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
+[0x83] = US "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
+[0x84] = US "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
+[0x85] = US "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
+[0x86] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x87] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x88] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x89] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8A] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8B] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8C] = US "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8D] = US "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8E] = US "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8F] = US "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x90] = US "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x91] = US "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x92] = US "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x93] = US "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x94] = US "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x95] = US "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x96] = US "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x97] = US "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x98] = US "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x99] = US "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x9A] = US "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x9B] = US "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x9C] = US "TLS_RSA_WITH_AES_128_CCM",
+[0x9D] = US "TLS_RSA_WITH_AES_256_CCM",
+[0x9E] = US "TLS_DHE_RSA_WITH_AES_128_CCM",
+[0x9F] = US "TLS_DHE_RSA_WITH_AES_256_CCM",
+[0xA0] = US "TLS_RSA_WITH_AES_128_CCM_8",
+[0xA1] = US "TLS_RSA_WITH_AES_256_CCM_8",
+[0xA2] = US "TLS_DHE_RSA_WITH_AES_128_CCM_8",
+[0xA3] = US "TLS_DHE_RSA_WITH_AES_256_CCM_8",
+[0xA4] = US "TLS_PSK_WITH_AES_128_CCM",
+[0xA5] = US "TLS_PSK_WITH_AES_256_CCM",
+[0xA6] = US "TLS_DHE_PSK_WITH_AES_128_CCM",
+[0xA7] = US "TLS_DHE_PSK_WITH_AES_256_CCM",
+[0xA8] = US "TLS_PSK_WITH_AES_128_CCM_8",
+[0xA9] = US "TLS_PSK_WITH_AES_256_CCM_8",
+[0xAA] = US "TLS_PSK_DHE_WITH_AES_128_CCM_8",
+[0xAB] = US "TLS_PSK_DHE_WITH_AES_256_CCM_8",
+[0xAC] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
+[0xAD] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
+[0xAE] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
+[0xAF] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
+[0xB0] = US "TLS_ECCPWD_WITH_AES_128_GCM_SHA256",
+[0xB1] = US "TLS_ECCPWD_WITH_AES_256_GCM_SHA384",
+[0xB2] = US "TLS_ECCPWD_WITH_AES_128_CCM_SHA256",
+[0xB3] = US "TLS_ECCPWD_WITH_AES_256_CCM_SHA384",
+[0xB4] = US "TLS_SHA256_SHA256",
+[0xB5] = US "TLS_SHA384_SHA384",
+};
+static const uschar * ctb_cc[] = {
+[0xA8] = US "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xA9] = US "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xAA] = US "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xAB] = US "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAC] = US "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAD] = US "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAE] = US "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
+};
+static const uschar * ctb_d0[] = {
+[0x01] = US "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",
+[0x02] = US "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384",
+[0x03] = US "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256",
+
+[0x05] = US "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256",
+};
+
+static const uschar *
+cipher_stdname_tb(uschar idx, const uschar ** tb, int lim)
+{
+return idx >= lim ? NULL : tb[idx];
+}
+
+static const uschar *
+cipher_stdname(uschar id0, uschar id1)
+{
+switch (id0)
+  {
+  case 0x00:   return cipher_stdname_tb(id1, ctb_00, nelem(ctb_00));
+  case 0x13:   return cipher_stdname_tb(id1, ctb_13, nelem(ctb_00));
+  case 0xc0:   return cipher_stdname_tb(id1, ctb_c0, nelem(ctb_c0));
+  case 0xcc:   return cipher_stdname_tb(id1, ctb_cc, nelem(ctb_cc));
+  case 0xd0:   return cipher_stdname_tb(id1, ctb_d0, nelem(ctb_d0));
+  default:     return NULL;
+  }
+}
+
+/* vi: aw ai sw=2
+*/
+/* End of tls-cipher-stdname.c */
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index beb439eba753acf0031079397bab484529ba40f4..7d52369e0604ea82fab16f2eeb3dd6bf3a937f54 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -96,6 +96,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 # include <gnutls/dane.h>
 #endif
 
 # include <gnutls/dane.h>
 #endif
 
+#include "tls-cipher-stdname.c"
+
+
 /* GnuTLS 2 vs 3
 
 GnuTLS 3 only:
 /* GnuTLS 2 vs 3
 
 GnuTLS 3 only:
@@ -1451,6 +1454,25 @@ return OK;
 *            Extract peer information            *
 *************************************************/
 
 *            Extract peer information            *
 *************************************************/
 
+static const uschar *
+cipher_stdname_kcm(gnutls_kx_algorithm_t kx, gnutls_cipher_algorithm_t cipher,
+  gnutls_mac_algorithm_t mac)
+{
+uschar cs_id[2];
+gnutls_kx_algorithm_t kx_i;
+gnutls_cipher_algorithm_t cipher_i;
+gnutls_mac_algorithm_t mac_i;
+
+for (size_t i = 0;
+     gnutls_cipher_suite_info(i, cs_id, &kx_i, &cipher_i, &mac_i, NULL);
+     i++)
+  if (kx_i == kx && cipher_i == cipher && mac_i == mac)
+    return cipher_stdname(cs_id[0], cs_id[1]);
+return NULL;
+}
+
+
+
 /* Called from both server and client code.
 Only this is allowed to set state->peerdn and state->have_set_peerdn
 and we use that to detect double-calls.
 /* Called from both server and client code.
 Only this is allowed to set state->peerdn and state->have_set_peerdn
 and we use that to detect double-calls.
@@ -1479,7 +1501,6 @@ Returns:          OK/DEFER/FAIL
 static int
 peer_status(exim_gnutls_state_st *state, uschar ** errstr)
 {
 static int
 peer_status(exim_gnutls_state_st *state, uschar ** errstr)
 {
-uschar cipherbuf[256];
 const gnutls_datum_t *cert_list;
 int old_pool, rc;
 unsigned int cert_list_size = 0;
 const gnutls_datum_t *cert_list;
 int old_pool, rc;
 unsigned int cert_list_size = 0;
@@ -1504,28 +1525,29 @@ protocol = gnutls_protocol_get_version(state->session);
 mac = gnutls_mac_get(state->session);
 kx = gnutls_kx_get(state->session);
 
 mac = gnutls_mac_get(state->session);
 kx = gnutls_kx_get(state->session);
 
-string_format(cipherbuf, sizeof(cipherbuf),
-    "%s:%s:%d",
-    gnutls_protocol_get_name(protocol),
-    gnutls_cipher_suite_get_name(kx, cipher, mac),
-    (int) gnutls_cipher_get_key_size(cipher) * 8);
-
-/* I don't see a way that spaces could occur, in the current GnuTLS
-code base, but it was a concern in the old code and perhaps older GnuTLS
-releases did return "TLS 1.0"; play it safe, just in case. */
-for (uschar * p = cipherbuf; *p != '\0'; ++p)
-  if (isspace(*p))
-    *p = '-';
 old_pool = store_pool;
 old_pool = store_pool;
-store_pool = POOL_PERM;
-state->ciphersuite = string_copy(cipherbuf);
+  {
+  store_pool = POOL_PERM;
+  state->ciphersuite = string_sprintf("%s:%s:%d",
+      gnutls_protocol_get_name(protocol),
+      gnutls_cipher_suite_get_name(kx, cipher, mac),
+      (int) gnutls_cipher_get_key_size(cipher) * 8);
+
+  /* I don't see a way that spaces could occur, in the current GnuTLS
+  code base, but it was a concern in the old code and perhaps older GnuTLS
+  releases did return "TLS 1.0"; play it safe, just in case. */
+
+  for (uschar * p = state->ciphersuite; *p; p++) if (isspace(*p)) *p = '-';
+  state->tlsp->cipher = state->ciphersuite;
+
+  state->tlsp->cipher_stdname = cipher_stdname_kcm(kx, cipher, mac);
+  }
 store_pool = old_pool;
 store_pool = old_pool;
-state->tlsp->cipher = state->ciphersuite;
 
 /* tls_peerdn */
 cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
 
 
 /* tls_peerdn */
 cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
 
-if (cert_list == NULL || cert_list_size == 0)
+if (!cert_list || cert_list_size == 0)
   {
   DEBUG(D_tls) debug_printf("TLS: no certificate from peer (%p & %d)\n",
       cert_list, cert_list_size);
   {
   DEBUG(D_tls) debug_printf("TLS: no certificate from peer (%p & %d)\n",
       cert_list, cert_list_size);
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index c8349e7c54459c27fb1513af6f4a0db66d0f5229..f94df0bea6fe4ea21526ae439f4f7df9c3b2b1e6 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -71,6 +71,7 @@ change this guard and punt the issue for a while longer. */
 #  define EXIM_HAVE_OPENSSL_DH_BITS
 #  define EXIM_HAVE_OPENSSL_TLS_METHOD
 #  define EXIM_HAVE_OPENSSL_KEYLOG
 #  define EXIM_HAVE_OPENSSL_DH_BITS
 #  define EXIM_HAVE_OPENSSL_TLS_METHOD
 #  define EXIM_HAVE_OPENSSL_KEYLOG
+#  define EXIM_HAVE_OPENSSL_CIPHER_GET_ID
 # else
 #  define EXIM_NEED_OPENSSL_INIT
 # endif
 # else
 #  define EXIM_NEED_OPENSSL_INIT
 # endif
@@ -96,6 +97,7 @@ change this guard and punt the issue for a while longer. */
 # if OPENSSL_VERSION_NUMBER >= 0x010101000L
 #  define OPENSSL_HAVE_KEYLOG_CB
 #  define OPENSSL_HAVE_NUM_TICKETS
 # if OPENSSL_VERSION_NUMBER >= 0x010101000L
 #  define OPENSSL_HAVE_KEYLOG_CB
 #  define OPENSSL_HAVE_NUM_TICKETS
+#  define EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
 # endif
 #endif
 
 # endif
 #endif
 
@@ -108,6 +110,13 @@ change this guard and punt the issue for a while longer. */
 # include <openssl/x509v3.h>
 #endif
 
 # include <openssl/x509v3.h>
 #endif
 
+#ifndef EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
+# ifndef EXIM_HAVE_OPENSSL_CIPHER_GET_ID
+#  define SSL_CIPHER_get_id(c) (c->id)
+# endif
+# include "tls-cipher-stdname.c"
+#endif
+
 /*************************************************
 *        OpenSSL option parse                    *
 *************************************************/
 /*************************************************
 *        OpenSSL option parse                    *
 *************************************************/
@@ -1911,28 +1920,46 @@ return OK;
 
 /*
 Argument:   pointer to an SSL structure for the connection
 
 /*
 Argument:   pointer to an SSL structure for the connection
-            buffer to use for answer
-            size of buffer
            pointer to number of bits for cipher
            pointer to number of bits for cipher
-Returns:    nothing
+Returns:    pointer to allocated string in perm-pool
 */
 
 */
 
-static void
-construct_cipher_name(SSL *ssl, uschar *cipherbuf, int bsize, int *bits)
+static uschar *
+construct_cipher_name(SSL * ssl, int * bits)
 {
 {
+int pool = store_pool;
 /* With OpenSSL 1.0.0a, 'c' needs to be const but the documentation doesn't
 yet reflect that.  It should be a safe change anyway, even 0.9.8 versions have
 the accessor functions use const in the prototype. */
 
 const uschar * ver = CUS SSL_get_version(ssl);
 const SSL_CIPHER * c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl);
 /* With OpenSSL 1.0.0a, 'c' needs to be const but the documentation doesn't
 yet reflect that.  It should be a safe change anyway, even 0.9.8 versions have
 the accessor functions use const in the prototype. */
 
 const uschar * ver = CUS SSL_get_version(ssl);
 const SSL_CIPHER * c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl);
+uschar * s;
 
 SSL_CIPHER_get_bits(c, bits);
 
 
 SSL_CIPHER_get_bits(c, bits);
 
-string_format(cipherbuf, bsize, "%s:%s:%u", ver,
-  SSL_CIPHER_get_name(c), *bits);
+store_pool = POOL_PERM;
+s = string_sprintf("%s:%s:%u", ver, SSL_CIPHER_get_name(c), *bits);
+store_pool = pool;
+DEBUG(D_tls) debug_printf("Cipher: %s\n", s);
+return s;
+}
+
 
 
-DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf);
+/* Get IETF-standard name for ciphersuite.
+Argument:   pointer to an SSL structure for the connection
+Returns:    pointer to string
+*/
+
+static const uschar *
+cipher_stdname_ssl(SSL * ssl)
+{
+#ifdef EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
+return CUS SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl));
+#else
+ushort id = 0xffff & SSL_CIPHER_get_id(SSL_get_current_cipher(ssl));
+return cipher_stdname(id >> 8, id & 0xff);
+#endif
 }
 
 
 }
 
 
@@ -2179,7 +2206,6 @@ int rc;
 uschar * expciphers;
 tls_ext_ctx_cb * cbinfo;
 static uschar peerdn[256];
 uschar * expciphers;
 tls_ext_ctx_cb * cbinfo;
 static uschar peerdn[256];
-static uschar cipherbuf[256];
 
 /* Check for previous activation */
 
 
 /* Check for previous activation */
 
@@ -2305,10 +2331,13 @@ and initialize things. */
 
 peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
 
 
 peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
 
+tls_in.cipher = construct_cipher_name(server_ssl, &tls_in.bits);
+tls_in.cipher_stdname = cipher_stdname_ssl(server_ssl);
+
 DEBUG(D_tls)
   {
   uschar buf[2048];
 DEBUG(D_tls)
   {
   uschar buf[2048];
-  if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL)
+  if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)))
     debug_printf("Shared ciphers: %s\n", buf);
 
 #ifdef EXIM_HAVE_OPENSSL_KEYLOG
     debug_printf("Shared ciphers: %s\n", buf);
 
 #ifdef EXIM_HAVE_OPENSSL_KEYLOG
@@ -2324,9 +2353,6 @@ DEBUG(D_tls)
 #endif
   }
 
 #endif
   }
 
-construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits);
-tls_in.cipher = cipherbuf;
-
 /* Record the certificate we presented */
   {
   X509 * crt = SSL_get_certificate(server_ssl);
 /* Record the certificate we presented */
   {
   X509 * crt = SSL_get_certificate(server_ssl);
@@ -2489,7 +2515,6 @@ exim_openssl_client_tls_ctx * exim_client_ctx;
 static uschar peerdn[256];
 uschar * expciphers;
 int rc;
 static uschar peerdn[256];
 uschar * expciphers;
 int rc;
-static uschar cipherbuf[256];
 
 #ifndef DISABLE_OCSP
 BOOL request_ocsp = FALSE;
 
 #ifndef DISABLE_OCSP
 BOOL request_ocsp = FALSE;
@@ -2711,8 +2736,8 @@ DEBUG(D_tls)
 
 peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
 
 
 peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
 
-construct_cipher_name(exim_client_ctx->ssl, cipherbuf, sizeof(cipherbuf), &tlsp->bits);
-tlsp->cipher = cipherbuf;
+tlsp->cipher = construct_cipher_name(exim_client_ctx->ssl, &tlsp->bits);
+tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl);
 
 /* Record the certificate we presented */
   {
 
 /* Record the certificate we presented */
   {
diff --git a/test/log/2102.openssl_1_1_1 b/test/log/2102.openssl_1_1_1
index d5efeef30064af7ef6b6c124740445615870cfb1..51f739b6375138d6aa038c6afa7fba7143c6fda7 100644 (file)
--- a/test/log/2102.openssl_1_1_1
+++ b/test/log/2102.openssl_1_1_1
@@ -13,10 +13,10 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
 1999-03-02 09:44:33 Peer did not present a cert
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
 1999-03-02 09:44:33 Peer did not present a cert
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
 1999-03-02 09:44:33 Peer did not present a cert
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
 1999-03-02 09:44:33 Peer did not present a cert
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss
 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
 1999-03-02 09:44:33 Peer cert:
 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
 1999-03-02 09:44:33 Peer cert:
@@ -39,8 +39,8 @@
 1999-03-02 09:44:33 sha1   fingerprint E75D537E478758010505D4F339B00DFD73728088
 1999-03-02 09:44:33 sha256 fingerprint E251FA7D0372CB784294CF92B243DCE53FDDABD9F58A1B89226586C07C82CAC6
 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY=
 1999-03-02 09:44:33 sha1   fingerprint E75D537E478758010505D4F339B00DFD73728088
 1999-03-02 09:44:33 sha256 fingerprint E251FA7D0372CB784294CF92B243DCE53FDDABD9F58A1B89226586C07C82CAC6
 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY=
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server2.example.com" S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server2.example.com" S=sss
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example_ec.com>
 1999-03-02 09:44:33 Peer did not present a cert
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 Our cert SN: <CN=server1.example_ec.com>
 1999-03-02 09:44:33 Peer did not present a cert
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-ECDSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:ke-ECDSA-AES256-SHAnnn:xxx CV=no S=sss
diff --git a/test/runtest b/test/runtest
index 8df2be00571411fa522edf66c2b3d932087630f6..ad049685ebd212671eb8baf8bacba3e05a70462d 100755 (executable)
--- a/test/runtest
+++ b/test/runtest
@@ -544,6 +544,15 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/(could not connect to .*: Connection) reset by peer$/$1 refused/;
 
   # ======== TLS certificate algorithms ========
   s/(could not connect to .*: Connection) reset by peer$/$1 refused/;
 
   # ======== TLS certificate algorithms ========
+  #
+  # In Received: headers, convert RFC 8314 style ciphersuite to
+  # the older (comment) style, keeping only the Auth element
+  # (discarding kex, cipher, mac).  For TLS 1.3 there is no kex
+  # element (and no _WITH); insert a spurious "RSA".
+
+  s/^\s+by .+ with .+ \K tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-\1-AES256-SHAnnn:xxx)/;
+  s/^\s+by .+ with .+ \K tls TLS_.+$/(TLS1.x:ke-RSA-AES256-SHAnnn:xxx)/;
+
   # Test machines might have various different TLS library versions supporting
   # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
   # treat the standard algorithms the same.
   # Test machines might have various different TLS library versions supporting
   # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
   # treat the standard algorithms the same.
@@ -1628,7 +1637,9 @@ $munges =
                      s! DN="[^,"]*\K,!/!;
                     ',
       'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /',
                      s! DN="[^,"]*\K,!/!;
                     ',
       'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /',
-      'mail'      => 's/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/',
+      'mail'      => 's/^\s+by .+ with .+ \K tls TLS_.+$/(TLS_proto_and_cipher)/;
+                     s/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/;
+                    ',
     },
 
     'debug_pid' =>
     },
 
     'debug_pid' =>
diff --git a/test/stderr/0402 b/test/stderr/0402
index 6c2e92211d92058579d9b68f6f9ba9c7790a54d4..9f7ad28414b690e057dc5cd36bfe7121aea8aa99 100644 (file)
--- a/test/stderr/0402
+++ b/test/stderr/0402
@@ -41,7 +41,8 @@ Data file written for message 10HmaX-0005vi-00
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -49,7 +50,8 @@ Data file written for message 10HmaX-0005vi-00
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -59,19 +61,22 @@ Data file written for message 10HmaX-0005vi-00
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -82,7 +87,8 @@ Data file written for message 10HmaX-0005vi-00
   ├──condition: def:sender_helo_name
   ├─────result: false
    ┌───scanning: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: false
    ┌───scanning: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -96,12 +102,25 @@ Data file written for message 10HmaX-0005vi-00
   └─────result: from CALLER 
  ├──condition: def:received_protocol
  ├─────result: true
   └─────result: from CALLER 
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local
+  ├──expanding: with $received_protocol 
+  └─────result: with local 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -122,7 +141,8 @@ Data file written for message 10HmaX-0005vi-00
   └───skipping: result is not used
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   └───skipping: result is not used
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
diff --git a/test/stderr/0544 b/test/stderr/0544
index e45faa1e9cabb4bdedb933f2c4f6371f6ba7a1fa..a8a961e9cc428960bde8fd5e7c1d9f2c010afd3f 100644 (file)
--- a/test/stderr/0544
+++ b/test/stderr/0544
@@ -6,7 +6,8 @@ admin user
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -14,7 +15,8 @@ admin user
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -24,19 +26,22 @@ admin user
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -47,7 +52,8 @@ admin user
   ├──condition: def:sender_helo_name
   ├─────result: false
    ┌───scanning: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: false
    ┌───scanning: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -61,12 +67,25 @@ admin user
   └─────result: from CALLER 
  ├──condition: def:received_protocol
  ├─────result: true
   └─────result: from CALLER 
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local
+  ├──expanding: with $received_protocol 
+  └─────result: with local 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -87,7 +106,8 @@ admin user
   └───skipping: result is not used
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   └───skipping: result is not used
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
diff --git a/test/stderr/5410 b/test/stderr/5410
index e4ef02cfd6124897e0bef9c927aafa2a678b042c..8e6e7bbc91d05a8daf8ba5560eedfc697a712546 100644 (file)
--- a/test/stderr/5410
+++ b/test/stderr/5410
@@ -136,7 +136,8 @@ end of inline ACL: ACCEPT
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -144,7 +145,8 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -154,19 +156,22 @@ end of inline ACL: ACCEPT
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -177,7 +182,8 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -191,12 +197,25 @@ end of inline ACL: ACCEPT
        
  ├──condition: def:received_protocol
  ├─────result: true
        
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local-esmtp
+  ├──expanding: with $received_protocol 
+  └─────result: with local-esmtp 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -216,7 +235,8 @@ end of inline ACL: ACCEPT
        for userx@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        for userx@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -352,7 +372,8 @@ end of inline ACL: ACCEPT
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -360,7 +381,8 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -370,19 +392,22 @@ end of inline ACL: ACCEPT
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -393,7 +418,8 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -407,12 +433,25 @@ end of inline ACL: ACCEPT
        
  ├──condition: def:received_protocol
  ├─────result: true
        
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding: with $received_protocol 
+  └─────result: with local-esmtp 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local-esmtp
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -432,7 +471,8 @@ end of inline ACL: ACCEPT
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -568,7 +608,8 @@ end of inline ACL: ACCEPT
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -576,7 +617,8 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -586,19 +628,22 @@ end of inline ACL: ACCEPT
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -609,7 +654,8 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -623,12 +669,25 @@ end of inline ACL: ACCEPT
        
  ├──condition: def:received_protocol
  ├─────result: true
        
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding: with $received_protocol 
+  └─────result: with local-esmtp 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local-esmtp
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -648,7 +707,8 @@ end of inline ACL: ACCEPT
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
diff --git a/test/stderr/5420 b/test/stderr/5420
index 25963326bafcd9d4209b3f068a4cb8cdb42cb08e..5bc80bb1fc90cf90b036b349233fcd90c00225c1 100644 (file)
--- a/test/stderr/5420
+++ b/test/stderr/5420
@@ -137,7 +137,8 @@ end of inline ACL: ACCEPT
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -145,7 +146,8 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -155,19 +157,22 @@ end of inline ACL: ACCEPT
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -178,7 +183,8 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -192,12 +198,25 @@ end of inline ACL: ACCEPT
        
  ├──condition: def:received_protocol
  ├─────result: true
        
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local-esmtp
+  ├──expanding: with $received_protocol 
+  └─────result: with local-esmtp 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -217,7 +236,8 @@ end of inline ACL: ACCEPT
        for userx@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        for userx@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -353,7 +373,8 @@ end of inline ACL: ACCEPT
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -361,7 +382,8 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -371,19 +393,22 @@ end of inline ACL: ACCEPT
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -394,7 +419,8 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -408,12 +434,25 @@ end of inline ACL: ACCEPT
        
  ├──condition: def:received_protocol
  ├─────result: true
        
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding: with $received_protocol 
+  └─────result: with local-esmtp 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local-esmtp
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -433,7 +472,8 @@ end of inline ACL: ACCEPT
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -569,7 +609,8 @@ end of inline ACL: ACCEPT
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  └─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -577,7 +618,8 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ┌───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -587,19 +629,22 @@ end of inline ACL: ACCEPT
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   └───skipping: result is not used
   ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──condition: def:sender_ident
   ├─────result: true
    ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ for $received_for}}
@@ -610,7 +655,8 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ┌considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
@@ -624,12 +670,25 @@ end of inline ACL: ACCEPT
        
  ├──condition: def:received_protocol
  ├─────result: true
        
  ├──condition: def:received_protocol
  ├─────result: true
-  ┌considering: with $received_protocol}} (Exim $version_number)
+  ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
+       ${if def:sender_address {(envelope-from <$sender_address>)
+       }}id $message_exim_id${if def:received_for {
+       for $received_for}}
+  ├──expanding: with $received_protocol 
+  └─────result: with local-esmtp 
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+  ┌───scanning:  tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding: with $received_protocol
-  └─────result: with local-esmtp
+  ├──expanding:  tls $tls_in_cipher_std
+       
+  ├─────result:  tls 
+       
+  └───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
  ├──condition: def:sender_address
  ├─────result: true
   ┌considering: (envelope-from <$sender_address>)
@@ -649,7 +708,8 @@ end of inline ACL: ACCEPT
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        for usery@domain.com
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
diff --git a/test/stdout/2114.openssl_1_1_1 b/test/stdout/2114.openssl_1_1_1
index 744d0e2fa2bb343d737838259540c04c1ad5a1dc..ee0af955f7111681380286f6c2ad9c0057722c34 100644 (file)
--- a/test/stdout/2114.openssl_1_1_1
+++ b/test/stdout/2114.openssl_1_1_1
@@ -19,7 +19,7 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
@@ -55,7 +55,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> helo rhu.barb
 ??? 250
 Succeeded in starting TLS
 >>> helo rhu.barb
 ??? 250
@@ -93,7 +93,7 @@ Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
@@ -128,7 +128,7 @@ Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
@@ -163,7 +163,7 @@ Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
@@ -196,7 +196,7 @@ Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
@@ -231,7 +231,7 @@ Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.c
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
@@ -264,7 +264,7 @@ Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.c
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
@@ -299,7 +299,7 @@ Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<userx@test.ex>
 ??? 250
diff --git a/test/stdout/2124.openssl_1_1_1 b/test/stdout/2124.openssl_1_1_1
index e7777a1b21830fa8f05d740dfa932a2d98530d08..d40f58a31a95e8b0813f3a2e86f22c4f5e0a3f0d 100644 (file)
--- a/test/stdout/2124.openssl_1_1_1
+++ b/test/stdout/2124.openssl_1_1_1
@@ -20,7 +20,7 @@ Key file = aux-fixed/cert2
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
 Succeeded in starting TLS
 >>> noop
 ????554 Security failure
diff --git a/test/stdout/2132.openssl_1_1_1 b/test/stdout/2132.openssl_1_1_1
index 179a9ef32c81f051c34cac91d7ecad91c128610f..a3a8ec5efee4b4dd18c64ec3f358c986265334bb 100644 (file)
--- a/test/stdout/2132.openssl_1_1_1
+++ b/test/stdout/2132.openssl_1_1_1
@@ -19,7 +19,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<CALLER@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<CALLER@test.ex>
 ??? 250
@@ -59,7 +59,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<"name with spaces"@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<"name with spaces"@test.ex>
 ??? 250
@@ -99,7 +99,7 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> noop
 ????554
 Succeeded in starting TLS
 >>> noop
 ????554
@@ -132,7 +132,7 @@ Key file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.e
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
 Succeeded in starting TLS
 >>> mail from:<CALLER@test.ex>
 ??? 250
 Succeeded in starting TLS
 >>> mail from:<CALLER@test.ex>
 ??? 250
Unnamed repository; edit this file 'description' to name the repository.