Merge branch 'dane_require_tls_ciphers'

New SMTP Transport option for simplified improved security for DANE.

18 files changed, 365 insertions, 10 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 2dbe6d2d3..16d276ee8 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23941,6 +23941,24 @@ For testing purposes, this value can be overridden by the &%-oB%& command line
 option.
 
 
+.new
+.option dane_require_tls_ciphers smtp string&!! unset
+.cindex "TLS" "requiring specific ciphers for DANE"
+.cindex "cipher" "requiring specific"
+.cindex DANE "TLS ciphers"
+This option may be used to override &%tls_require_ciphers%& for connections
+where DANE has been determined to be in effect.
+If not set, then &%tls_require_ciphers%& will be used.
+Normal SMTP delivery is not able to make strong demands of TLS cipher
+configuration, because delivery will fall back to plaintext.  Once DANE has
+been determined to be in effect, there is no plaintext fallback and making the
+TLS cipherlist configuration stronger will increase security, rather than
+counter-intuitively decreasing it.
+If the option expands to be empty or is forced to fail, then it will
+be treated as unset and &%tls_require_ciphers%& will be used instead.
+.wen
+
+
 .option data_timeout smtp time 5m
 This sets a timeout for the transmission of each block in the data portion of
 the message. As a result, the overall timeout for a message depends on the size
@@ -28102,8 +28120,7 @@ that DNS lookups they do for the server have not been tampered with.  The domain
 to this server, its A record, its TLSA record and any associated CNAME records must all be covered by
 DNSSEC.
 2) add TLSA DNS records.  These say what the server certificate for a TLS connection should be.
-3) offer a server certificate, or certificate chain, in TLS connections which is traceable to the one
-defined by (one of?) the TSLA records
+3) offer a server certificate, or certificate chain, in TLS connections which is is anchored by one of the TLSA records.
 
 There are no changes to Exim specific to server-side operation of DANE.
 Support for client-side operation of DANE can be included at compile time by defining SUPPORT_DANE=yes
@@ -28158,8 +28175,9 @@ This modification of hosts_request_ocsp is only done if it has the default value
 those who use &%hosts_require_ocsp%&, should consider the interaction with DANE in their OCSP settings.
 
 
-For client-side DANE there are two new smtp transport options, &%hosts_try_dane%& and &%hosts_require_dane%&.
-The latter variant will result in failure if the target host is not DNSSEC-secured.
+For client-side DANE there are three new smtp transport options, &%hosts_try_dane%&, &%hosts_require_dane%&
+and &%dane_require_tls_ciphers%&.
+The require variant will result in failure if the target host is not DNSSEC-secured.
 
 DANE will only be usable if the target host has DNSSEC-secured MX, A and TLSA records.
 
@@ -28168,6 +28186,14 @@ If a TLSA lookup is done and succeeds, a DANE-verified TLS connection
 will be required for the host.  If it does not, the host will not
 be used; there is no fallback to non-DANE or non-TLS.
 
+If DANE is requested and usable, then the TLS cipher list configuration
+prefers to use the option &%dane_require_tls_ciphers%& and falls
+back to &%tls_require_ciphers%& only if that is unset.
+This lets you configure "decent crypto" for DANE and "better than nothing
+crypto" as the default.  Note though that while GnuTLS lets the string control
+which versions of TLS/SSL will be negotiated, OpenSSL does not and you're
+limited to ciphersuite constraints.
+
 If DANE is requested and useable (see above) the following transport options are ignored:
 .code
   hosts_require_tls
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 201e21207..8d1b33bc2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -187,6 +187,9 @@ JH/35 Cutthrough: for a final-dot response timeout (and nonunderstood responses)
       in defer=pass mode supply a 450 to the initiator.  Previously the message
       would be spooled.
 
+PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+      tls_require_ciphers is used as before.
+
 
 Exim version 4.90
 -----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 58f3f2054..4bf04ec8d 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -14,6 +14,7 @@ Version 4.91
 
  2. DANE is now supported under GnuTLS version 3.0.0 or later.  Both GnuTLS and
     OpenSSL versions are moved to mainline support from Experimental.
+    New SMTP transport option "dane_require_tls_ciphers".
 
  3. Feature macros for the compiled-in set of malware scanner interfaces.
 
diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
index 1fe72be6b..dfb0219cb 100644
--- a/doc/doc-txt/OptionLists.txt
+++ b/doc/doc-txt/OptionLists.txt
@@ -149,12 +149,13 @@ current_directory                    string          unset         transports
 daemon_smtp_ports                    string          unset         main              1.75  pluralised in 4.21
 daemon_startup_retries               int             9             main              4.52
 daemon_startup_sleep                 time            30s           main              4.52
+dane_require_tls_ciphers             string*         unset         smtp              4.91
 data                                 string          unset         redirect          4.00
 data_timeout                         time            5m            smtp
 debug_print                          string*         unset         authenticators    4.00
                                                      unset         routers           4.00
                                                      unset         transports        2.00
-debug_store                          boolean         false         main		     4.90
+debug_store                          boolean         false         main              4.90
 delay_after_cutoff                   boolean         true          smtp
 delay_warning                        time list       24h           main
 delay_warning_condition              string*         +             main              1.73
@@ -300,10 +301,12 @@ hosts_override                       boolean         false         smtp
 hosts_randomize                      boolean         false         manualroute       4.00
                                                      false         smtp              3.14
 hosts_require_auth                   host list       unset         smtp              4.00
+hosts_require_dane                   host list       unset         smtp              4.91 (4.85 experimental)
 hosts_require_ocsp                   host list       unset         smtp              4.82 if experimental_ocsp
 hosts_require_tls                    host list       unset         smtp              3.20
 hosts_treat_as_local                 domain list     unset         main              1.95
 hosts_try_auth                       host list       unset         smtp              4.00
+hosts_try_dane                       host list       unset         smtp              4.91 (4.85 experimental)
 hosts_try_fastopen                   host list       unset         smtp              4.88
 hosts_try_prdr                       host list       unset         smtp              4.82 if experimental_prdr
 ibase_servers                        string          unset         main              4.23
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index eed8c06dc..d73188277 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1681,7 +1681,7 @@ else
 			1, 0))
 	 || (rc = dane_verify_crt_raw(s, certlist, lsize,
 			gnutls_certificate_type_get(state->session),
-			r, 0, 
+			r, 0,
 # ifdef GNUTLS_BROKEN_DANE_VALIDATION
 			usage == (1 << DANESSL_USAGE_DANE_EE)
 			? DANE_VFLAG_ONLY_CHECK_EE_USAGE : 0,
@@ -2260,6 +2260,7 @@ smtp_transport_options_block *ob =
   (smtp_transport_options_block *)tb->options_block;
 int rc;
 exim_gnutls_state_st * state = NULL;
+uschar *cipher_list = NULL;
 #ifndef DISABLE_OCSP
 BOOL require_ocsp =
   verify_check_given_host(&ob->hosts_require_ocsp, host) == OK;
@@ -2269,9 +2270,24 @@ BOOL request_ocsp = require_ocsp ? TRUE
 
 DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd);
 
+#ifdef SUPPORT_DANE
+if (tlsa_dnsa && ob->dane_require_tls_ciphers)
+  {
+  /* not using expand_check_tlsvar because not yet in state */
+  if (!expand_check(ob->dane_require_tls_ciphers, US"dane_require_tls_ciphers",
+      &cipher_list, errstr))
+    return DEFER;
+  cipher_list = cipher_list && *cipher_list
+    ? ob->dane_require_tls_ciphers : ob->tls_require_ciphers;
+  }
+#endif
+
+if (!cipher_list)
+  cipher_list = ob->tls_require_ciphers;
+
 if ((rc = tls_init(host, ob->tls_certificate, ob->tls_privatekey,
     ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl,
-    ob->tls_require_ciphers, &state, errstr)) != OK)
+    cipher_list, &state, errstr)) != OK)
   return rc;
 
   {
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 969a99d99..c142bd059 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -904,7 +904,7 @@ We do not free the stack since it could be needed a second time for
 SNI handling.
 
 Separately we might try to replace using OCSP_basic_verify() - which seems to not
-be a public interface into the OpenSSL library (there's no manual entry) - 
+be a public interface into the OpenSSL library (there's no manual entry) -
 But what with?  We also use OCSP_basic_verify in the client stapling callback.
 And there we NEED it; we must verify that status... unless the
 library does it for us anyway?  */
@@ -2300,8 +2300,23 @@ if (rc != OK) return rc;
 tls_out.certificate_verified = FALSE;
 client_verify_callback_called = FALSE;
 
-if (!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers",
-    &expciphers, errstr))
+expciphers = NULL;
+#ifdef SUPPORT_DANE
+if (tlsa_dnsa)
+  {
+  /* We fall back to tls_require_ciphers if unset, empty or forced failure, but
+  other failures should be treated as problems. */
+  if (ob->dane_require_tls_ciphers &&
+      !expand_check(ob->dane_require_tls_ciphers, US"dane_require_tls_ciphers",
+        &expciphers, errstr))
+    return FAIL;
+  if (expciphers && *expciphers == '\0')
+    expciphers = NULL;
+  }
+#endif
+if (!expciphers &&
+    !expand_check(ob->tls_require_ciphers, US"tls_require_ciphers",
+      &expciphers, errstr))
   return FAIL;
 
 /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 23083f5d8..2dfb5b73a 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -38,6 +38,10 @@ optionlist smtp_transport_options[] = {
       (void *)offsetof(smtp_transport_options_block, connect_timeout) },
   { "connection_max_messages", opt_int | opt_public,
       (void *)offsetof(transport_instance, connection_max_messages) },
+# ifdef SUPPORT_DANE
+  { "dane_require_tls_ciphers", opt_stringptr,
+      (void *)offsetof(smtp_transport_options_block, dane_require_tls_ciphers) },
+# endif
   { "data_timeout",         opt_time,
       (void *)offsetof(smtp_transport_options_block, data_timeout) },
   { "delay_after_cutoff", opt_bool,
@@ -225,6 +229,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
 #ifdef SUPPORT_DANE
   .hosts_try_dane =		NULL,
   .hosts_require_dane =		NULL,
+  .dane_require_tls_ciphers =	NULL,
 #endif
   .hosts_try_fastopen =		NULL,
 #ifndef DISABLE_PRDR
diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h
index 749c6f778..7727c0c6d 100644
--- a/src/src/transports/smtp.h
+++ b/src/src/transports/smtp.h
@@ -32,6 +32,7 @@ typedef struct {
 #ifdef SUPPORT_DANE
   uschar *hosts_try_dane;
   uschar *hosts_require_dane;
+  uschar *dane_require_tls_ciphers;
 #endif
   uschar *hosts_try_fastopen;
 #ifndef DISABLE_PRDR
diff --git a/test/confs/5821 b/test/confs/5821
new file mode 100644
index 000000000..9b73181a9
--- /dev/null
+++ b/test/confs/5821
@@ -0,0 +1,62 @@
+# Exim test configuration 5821
+# DANE/OpenSSL - ciphers option
+
+SERVER=
+OPT=
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept logwrite = "rcpt ACL"
+
+log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
+
+tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
+tls_privatekey =  ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
+
+# Permit two specific ciphers
+tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL
+
+# ----- Routers -----
+begin routers
+
+client:
+  driver =		dnslookup
+  condition =		${if eq {SERVER}{}}
+  ignore_target_hosts = <; 0::0/0
+  dnssec_request_domains = *
+  self =		send
+  transport =		send_to_server
+  errors_to =		""
+
+server:
+  driver =		redirect
+  data =		:blackhole:
+
+# ----- Transports -----
+begin transports
+
+send_to_server:
+  driver =			smtp
+  allow_localhost
+  port =			PORT_D
+  hosts_try_dane =		*
+  tls_verify_certificates =	CDIR2/ca_chain.pem
+
+  # Some commonly-available cipher, we hope
+  tls_require_ciphers =		NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL
+  dane_require_tls_ciphers =	OPT
+
+# ----- Retry -----
+begin retry
+* * F,5d,10s
+
+# End
diff --git a/test/confs/5841 b/test/confs/5841
new file mode 100644
index 000000000..57d692826
--- /dev/null
+++ b/test/confs/5841
@@ -0,0 +1,62 @@
+# Exim test configuration 5841
+# DANE/OpenSSL - ciphers option
+
+SERVER=
+OPT=
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept logwrite = "rcpt ACL"
+
+log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
+
+tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
+tls_privatekey =  ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
+
+# Permit two specific ciphers
+tls_require_ciphers = ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+
+# ----- Routers -----
+begin routers
+
+client:
+  driver =		dnslookup
+  condition =		${if eq {SERVER}{}}
+  ignore_target_hosts = <; 0::0/0
+  dnssec_request_domains = *
+  self =		send
+  transport =		send_to_server
+  errors_to =		""
+
+server:
+  driver =		redirect
+  data =		:blackhole:
+
+# ----- Transports -----
+begin transports
+
+send_to_server:
+  driver =			smtp
+  allow_localhost
+  port =			PORT_D
+  hosts_try_dane =		*
+  tls_verify_certificates =	CDIR2/ca_chain.pem
+
+  # Some commonly-available cipher, we hope
+  tls_require_ciphers =		ECDHE-RSA-AES256-GCM-SHA384
+  dane_require_tls_ciphers =	OPT
+
+# ----- Retry -----
+begin retry
+* * F,5d,10s
+
+# End
diff --git a/test/log/5821 b/test/log/5821
new file mode 100644
index 000000000..39af675fe
--- /dev/null
+++ b/test/log/5821
@@ -0,0 +1,31 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_CAMELLIA_256_GCM_SHA384:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.2:RSA_CAMELLIA_256_GCM_SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
diff --git a/test/log/5841 b/test/log/5841
new file mode 100644
index 000000000..863107c2e
--- /dev/null
+++ b/test/log/5841
@@ -0,0 +1,31 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:ECDHE-RSA-CAMELLIA256-SHA384:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
diff --git a/test/scripts/5820-DANE-GnuTLS/5821 b/test/scripts/5820-DANE-GnuTLS/5821
new file mode 100644
index 000000000..f4ea30564
--- /dev/null
+++ b/test/scripts/5820-DANE-GnuTLS/5821
@@ -0,0 +1,30 @@
+# DANE client: ciphers option
+#
+gnutls
+exim -DSERVER=server -bd -oX PORT_D
+****
+
+### Baseline, dane unused
+exim -odf CALLER@localhost.test.ex
+Testing
+****
+### Baseline, dane used
+exim -odf CALLER@dane256ee.test.ex
+Testing
+****
+#
+#
+### Dane cipher specified, dane unused
+# Since dane unused, should get the same cipher as the baseline
+exim -odf -DOPT=NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL CALLER@localhost.test.ex
+Testing
+****
+### Dane cipher specified, dane used
+# Should get the cipher specified here
+exim -odf -DOPT=NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL CALLER@dane256ee.test.ex
+Testing
+****
+#
+#
+killdaemon
+no_msglog_check
diff --git a/test/scripts/5840-DANE-OpenSSL/5841 b/test/scripts/5840-DANE-OpenSSL/5841
new file mode 100644
index 000000000..52fac186a
--- /dev/null
+++ b/test/scripts/5840-DANE-OpenSSL/5841
@@ -0,0 +1,29 @@
+# DANE client: ciphers option
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+
+### Baseline, dane unused
+exim -odf CALLER@localhost.test.ex
+Testing
+****
+### Baseline, dane used
+exim -odf CALLER@dane256ee.test.ex
+Testing
+****
+#
+#
+### Dane cipher specified, dane unused
+# Since dane unused, should get the same cipher as the baseline
+exim -odf -DOPT=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@localhost.test.ex
+Testing
+****
+### Dane cipher specified, dane used
+# Should get the cipher specified here
+exim -odf -DOPT=ECDHE-RSA-CAMELLIA256-SHA384 CALLER@dane256ee.test.ex
+Testing
+****
+#
+#
+killdaemon
+no_msglog_check
diff --git a/test/stderr/5821 b/test/stderr/5821
new file mode 100644
index 000000000..3f9e5f261
--- /dev/null
+++ b/test/stderr/5821
@@ -0,0 +1,10 @@
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
+
+******** SERVER ********
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
diff --git a/test/stderr/5841 b/test/stderr/5841
new file mode 100644
index 000000000..3f9e5f261
--- /dev/null
+++ b/test/stderr/5841
@@ -0,0 +1,10 @@
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
+
+******** SERVER ********
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
diff --git a/test/stdout/5821 b/test/stdout/5821
new file mode 100644
index 000000000..3f9e5f261
--- /dev/null
+++ b/test/stdout/5821
@@ -0,0 +1,10 @@
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
+
+******** SERVER ********
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
diff --git a/test/stdout/5841 b/test/stdout/5841
new file mode 100644
index 000000000..3f9e5f261
--- /dev/null
+++ b/test/stdout/5841
@@ -0,0 +1,10 @@
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used
+
+******** SERVER ********
+### Baseline, dane unused
+### Baseline, dane used
+### Dane cipher specified, dane unused
+### Dane cipher specified, dane used