I've written support for a new SMTP Transport option dane_require_tls_ciphers which is like tls_require_ciphers but is used in _preference_ to tls_require_ciphers when DANE enabled.
This seemed much saner than requiring lots of conditional logic, especially since we already ignore most of the TLS options once DANE is in play anyway. I wrote code for OpenSSL and GnuTLS and tested compilation with OpenSSL. I wrote docs. I did not write tests, I'm way out of practice on the Exim test suite. Pushed to dane_require_tls_ciphers in the main git repo. Jeremy, does this look mergeable/sane? Did we get as far as pre-merge testing at any point, rather than post-merge testing? What sort of coverage do we need from tests? It's honestly going to be faster if someone else writes them (I wrote this code for stress relief but am going to be Rather Busy over the next few days and unlikely to get back to this). But if wanted, I can be less lazy and write them. At some point. -Phil
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
