summaryrefslogtreecommitdiff
path: root/test/scripts/2000-GnuTLS
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2007-01-18 15:35:42 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2007-01-18 15:35:42 +0000
commit83da1223921fe30362e8374951360dcc8f21c4e7 (patch)
tree174a4beafbf240347d2ecad6d35640469baf96e8 /test/scripts/2000-GnuTLS
parent7b90bba702ae0f7267931524c4c523c4ee9d46b6 (diff)
Add gnutls_require_{kx,mac,protocols}.
Diffstat (limited to 'test/scripts/2000-GnuTLS')
-rw-r--r--test/scripts/2000-GnuTLS/201130
1 files changed, 29 insertions, 1 deletions
diff --git a/test/scripts/2000-GnuTLS/2011 b/test/scripts/2000-GnuTLS/2011
index 4e48ebce6..6f72fba80 100644
--- a/test/scripts/2000-GnuTLS/2011
+++ b/test/scripts/2000-GnuTLS/2011
@@ -1,10 +1,38 @@
-# TLS client: require_ciphers
+# TLS client & server: (gnu)tls_require_xxx
gnutls
+# Start up the server
exim -DSERVER=server -bd -oX PORT_D
****
+# This puts a message on the queue (queue_only is set).
exim userx@test.ex
Testing
****
+# This will fail to deliver encrypted because there are no acceptable
+# ciphers, so it will deliver in clear.
+exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5
+****
+# This delivers the message to the server, where it will remain
+# on the queue because queue_only is set.
+exim -qf -DCREQCIP=tls_require_ciphers=IDEA-CBC-MD5:DES-CBC3-SHA:RSA_ARCFOUR_SHA
+****
+# So we can deliver it again and again, with different parameters.
+exim -qf -DCREQMAC=gnutls_require_mac=MD5
+****
+exim -qf -DCREQMAC=gnutls_require_mac=!SHA1
+****
+exim -qf -DCREQMAC=gnutls_require_mac=MD5:SHA
+****
+exim -qf -DCREQMAC=gnutls_require_kx=!DHE
+****
+exim -qf -DCREQMAC=gnutls_require_protocols=SSL3
+****
+# Restart the server with a cipher restriction
+killdaemon
+exim -DSERVER=server \
+ -DSREQCIP=tls_require_ciphers=ARCFOUR \
+ -DSREQMAC=gnutls_require_mac=MD5 \
+ -bd -oX PORT_D
+****
exim -qf
****
killdaemon