diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-29 14:16:36 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-29 14:58:02 +0100 |
| commit | 5b2fd993eadb7b476e5ef14028c7db09fda6c3ae (patch) | |
| tree | 20a5788a0b121ef8118a01740c2eac7261d8c170 /test/confs/5652 | |
| parent | d896cef5f6f3ff1b7509fd832a4ee66403a7c57f (diff) | |
OpenSSL: support OCSP stapling on multi-cert servers
Diffstat (limited to 'test/confs/5652')
| -rw-r--r-- | test/confs/5652 | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/test/confs/5652 b/test/confs/5652 index 5b29f5b68..da6e5197a 100644 --- a/test/confs/5652 +++ b/test/confs/5652 @@ -1,5 +1,5 @@ # Exim test configuration 5652 -# OCSP stapling, server, multiple certs +# OCSP stapling, server, multiple leaf-certs .include DIR/aux-var/tls_conf_prefix @@ -29,7 +29,12 @@ tls_ocsp_file = DRSA/server1.example.com/server1.example.com.ocsp.good.resp \ : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp +.ifdef _HAVE_GNUTLS tls_require_ciphers = NORMAL:!VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.0 +.endif +.ifdef _OPT_OPENSSL_NO_TLSV1_3_X +openssl_options = +no_tlsv1_3 +.endif # ------ ACL ------ @@ -70,9 +75,21 @@ remote_delivery: driver = smtp port = PORT_D hosts_require_tls = * - tls_require_ciphers = OPT +.ifdef _HAVE_GNUTLS + tls_require_ciphers = NONE:\ + ${if eq {SELECTOR}{auth_ecdsa} \ + {+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL:} \ + {+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:}}\ + +CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 +.endif +.ifdef _HAVE_OPENSSL + tls_require_ciphers = ${if eq {SELECTOR}{auth_ecdsa} {ECDSA:RSA:!COMPLEMENTOFDEFAULT} {RSA}} +.endif hosts_require_ocsp = * - tls_verify_certificates = CERT + tls_verify_certificates = CADIR/\ + ${if eq {SELECTOR}{auth_ecdsa} \ + {example_ec.com/server1.example_ec.com/ca_chain.pem}\ + {example.com/server1.example.com/ca_chain.pem}} tls_verify_cert_hostnames = : local_delivery: |