1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# TLS client: tls-on-connect
#
# For packet-capture, use "runtest -keep" and add (at least) tls debug on the daemon line.
# For GnuTLS, additionally run the daemon under sudo.
# Tell wireshark to use DIR/spool/sslkeys for Master Secret log, and decode TCP/1225 as TLS, TLS/1225 as SMTP
#
# We get (TLS1.3 , OpenSSL):
# SYN >
# < SYN,ACK
# ACK >
# Client Hello >
# < Server Hello, Change Ciph, Extensions, Cert, Cert Verify, Finished
# Change Ciph,Finsh >
# < Banner
# EHLO >
# < EHLO resp
# MAIL,RCPT,DATA >
# < ACK,ACK,DATA-go-ahead
#
# GnuTLS splits both the server records and the client response pair over two TCP segments:
# Client Hello >
# < Server Hello, Change Ciph
# Change Ciph >
# < Extensins, Cert, Cert Verify, Finished
# Finished >
# (otherwise the same). The extra segments are piplined and do not incur an extra roundtrip time.
#
# To see that pipelining:
# sudo tc qdisc add dev lo root netem delay 50ms / sudo tc qdisc delete dev lo root
#
# To test TFO, enable in the transport in the conf/ file
# With TFO we get the Client Hello on the SYN, and the initial Server segment pipelined with/after the SYN,ACK
# and before the 3rd-ACK. We still can't merge the 3rd-ACK with the second Client record set,
# but it does ack the initial Server data.
#
# To see the TFO((R):
# First clear any previously-obtained cookie:
#sudo perl
#open(INFO, "-|", "/usr/bin/uname -s");
#$_ = <INFO>;
#if (/^FreeBSD/) {
#system("sysctl net.inet.tcp.fastopen.client_enable=0"); system("sysctl net.inet.tcp.fastopen.client_enable=1");
#} else {
#system ("[ -e /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec ] && echo 0 > /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec");
#system ("ip tcp_metrics delete 127.0.0.1");
#}
#
#****
#
#
# sudo exim -DSERVER=server -d+tls -bd -oX PORT_D
exim -DSERVER=server -bd -oX PORT_D
****
exim CALLER@test.ex
Test message. Contains FF: �
****
exim CALLER@test.ex abcd@test.ex xyz@test.ex
Test message to two different hosts
****
exim -v -qf
****
killdaemon
exim -DSERVER=server -DNOTDAEMON -qf
****
|
