Gitweb:
https://git.exim.org/exim.git/commitdiff/5d5ad9fb16a2511ff2e0e7d4528d399f06f608da
Commit: 5d5ad9fb16a2511ff2e0e7d4528d399f06f608da
Parent: 4f780c09d2ab95bd9562ebe307a01043933adcd9
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Nov 13 18:12:31 2023 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Mon Nov 13 18:12:31 2023 +0000
TLS: fix resumption for TLS-on-connect
---
doc/doc-docbook/spec.xfpt | 11 +-
doc/doc-txt/ChangeLog | 7 +
src/src/macros.h | 24 +-
src/src/tls-gnu.c | 27 +-
src/src/transports/smtp.c | 31 ++-
src/src/transports/smtp.h | 1 +
test/confs/5890 | 54 ++--
test/confs/5892 | 52 ++--
test/confs/5894 | 54 ++--
test/log/5890 | 378 +++++++++++++++++++--------
test/log/5892 | 100 +++++--
test/log/5894 | 88 +++++--
test/scripts/5890-Resume-GnuTLS/5890 | 20 +-
test/scripts/5892-Resume-OpenSSL/5892 | 8 +-
test/scripts/5894-Resume-OpenSSL-TLS1.3/5894 | 11 +-
test/stdout/5892 | 1 +
16 files changed, 625 insertions(+), 242 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 5a757c4ed..add3a532e 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -25549,15 +25549,24 @@ load-balancer, matching the session stored in the client's cache.
Exim can pull out a server name, if there is one, from the response to the
client's SMTP EHLO command.
-The default value of this option:
+For normal STARTTLS use, the default value of this option:
.code
${if and { {match {$host} {.outlook.com\$}} \
{match {$item} {\N^250-([\w.]+)\s\N}} \
} {$1}}
.endd
suffices for one known case.
+
During the expansion of this option the &$item$& variable will have the
server's EHLO response.
+
+.new
+For TLS-on-connect connections we do not have an EHLO
+response to use. Because of this the default value of this option is
+set to a static string for those cases, meaning that resumption will
+always be attempted if permitted by the &%tls_resumption_hosts%& option.
+.wen
+
The result of the option expansion is included in the key used to store and
retrieve the TLS session, for session resumption.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c74c0c0c6..9d23e8db2 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -24,6 +24,13 @@ JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
a connection_reject log_selector, under tls_on_connect. Previously
with this combination, when the connect ACL rejected, a spurious
paniclog entry was made.
+JH/04 Fix TLS resumption for TLS-on-connect. This was broken by the advent
+ of loadbalancer-detection for resumption, in 4.96 - which tries to
+ use the EHLO response. SMTPS does not have one at the time it is starting
+ TLS. Change the default for the smtp transport host_name_extract option
+ to be a static string, for TLS-on-connect cases; meaning that resumption
+ will always be attempted (unless deliberately overriden).
+
Exim version 4.97
diff --git a/src/src/macros.h b/src/src/macros.h
index 969393561..e2c1d0f94 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -1103,14 +1103,22 @@ should not be one active. */
#define RESUME_USED BIT(4)
#define RESUME_DECODE_STRING \
- US"not requested or offered : 0x02 :client requested, no server ticket" \
- ": 0x04 : 0x05 : 0x06 :client offered session, no server action" \
- ": 0x08 :no client request: 0x0A :client requested new ticket, server provided" \
- ": 0x0C :client offered session, not used: 0x0E :client offered session, server only provided new ticket" \
- ": 0x10 :session resumed unasked: 0x12 :session resumed unasked" \
- ": 0x14 : 0x15 : 0x16 :session resumed" \
- ": 0x18 :session resumed unasked: 0x1A :session resumed unasked" \
- ": 0x1C :session resumed: 0x1E :session resumed, also new ticket"
+ US"not requested or offered" \
+ ": 0x02 :client requested, no server ticket" \
+ ": 0x04 : 0x05 " \
+ ": 0x06 :client offered session, no server action" \
+ ": 0x08 :no client request" \
+ ": 0x0A :client requested new ticket, server provided" \
+ ": 0x0C :client offered session, not used" \
+ ": 0x0E :client offered session, server only provided new ticket" \
+ ": 0x10 :session resumed unasked" \
+ ": 0x12 :session resumed unasked" \
+ ": 0x14 : 0x15" \
+ ": 0x16 :session resumed" \
+ ": 0x18 :session resumed unasked" \
+ ": 0x1A :session resumed unasked" \
+ ": 0x1C :session resumed" \
+ ": 0x1E :session resumed, also new ticket"
/* Flags for string_vformat */
#define SVFMT_EXTEND BIT(0)
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index a17597e8b..56ea93935 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2851,7 +2851,7 @@ static int
tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
unsigned incoming, const gnutls_datum_t * msg)
{
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb (on server)\n");
tls_in.resumption |= RESUME_CLIENT_REQUESTED;
return 0;
}
@@ -2888,9 +2888,12 @@ tls_server_resume_posthandshake(exim_gnutls_state_st * state)
{
if (gnutls_session_resumption_requested(state->session))
{
- /* This tells us the client sent a full ticket. We use a
+ /* This tells us the client sent a full (?) ticket. We use a
callback on session-ticket request, elsewhere, to tell
- if a client asked for a ticket. */
+ if a client asked for a ticket.
+ XXX As of GnuTLS 3.0.1 it seems to be returning true even for
+ a pure ticket-req (a zero-length Session Ticket extension
+ in the Client Hello, for 1.2) which mucks up our logic. */
tls_in.resumption |= RESUME_CLIENT_SUGGESTED;
DEBUG(D_tls) debug_printf("client requested resumption\n");
@@ -3319,7 +3322,8 @@ tls_retrieve_session(tls_support * tlsp, gnutls_session_t session,
tlsp->resumption = RESUME_SUPPORTED;
if (!conn_args->have_lbserver)
- { DEBUG(D_tls) debug_printf("resumption not supported on continued-connection\n"); }
+ { DEBUG(D_tls) debug_printf(
+ "resumption not supported: no LB detection done (continued-conn?)\n"); }
else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host) == OK)
{
dbdata_tls_session * dt;
@@ -3347,6 +3351,7 @@ else if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, conn_args->host
dbfn_close(dbm_file);
}
}
+else DEBUG(D_tls) debug_printf("no resumption for this host\n");
}
@@ -3374,7 +3379,7 @@ if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
int dlen = sizeof(dbdata_tls_session) + tkt.size;
dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
- DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
+ DEBUG(D_tls) debug_printf(" session data size %u\n", (unsigned)tkt.size);
memcpy(dt->session, tkt.data, tkt.size);
gnutls_free(tkt.data);
@@ -3385,11 +3390,15 @@ if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
dbfn_close(dbm_file);
DEBUG(D_tls)
- debug_printf("wrote session db (len %u)\n", (unsigned)dlen);
+ debug_printf(" wrote session db (len %u)\n", (unsigned)dlen);
}
}
- else DEBUG(D_tls)
- debug_printf("extract session data: %s\n", US gnutls_strerror(rc));
+ else
+ { DEBUG(D_tls)
+ debug_printf(" extract session data: %s\n", US gnutls_strerror(rc));
+ }
+ else DEBUG(D_tls)
+ debug_printf(" host not resmable; not saving ticket\n");
}
}
@@ -3406,7 +3415,7 @@ tls_client_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when,
exim_gnutls_state_st * state = gnutls_session_get_ptr(sess);
tls_support * tlsp = state->tlsp;
-DEBUG(D_tls) debug_printf("newticket cb\n");
+DEBUG(D_tls) debug_printf("newticket cb (on client)\n");
if (!tlsp->ticket_received)
tls_save_session(tlsp, sess, state->host);
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index af2e1f2dd..8c00a1ef2 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -203,9 +203,6 @@ smtp_transport_options_block smtp_transport_option_defaults = {
.tls_tempfail_tryclear = TRUE,
.tls_try_verify_hosts = US"*",
.tls_verify_cert_hostnames = US"*",
-# ifndef DISABLE_TLS_RESUME
- .host_name_extract = US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}",
-# endif
#endif
#ifdef SUPPORT_I18N
.utf8_downconvert = US"-1",
@@ -352,7 +349,7 @@ Returns: nothing
void
smtp_transport_init(transport_instance *tblock)
{
-smtp_transport_options_block *ob = SOB tblock->options_block;
+smtp_transport_options_block * ob = SOB tblock->options_block;
int old_pool = store_pool;
/* Retry_use_local_part defaults FALSE if unset */
@@ -769,7 +766,7 @@ return TRUE;
resumption when such servers do not share a session-cache */
static void
-ehlo_response_lbserver(smtp_context * sx, smtp_transport_options_block * ob)
+ehlo_response_lbserver(smtp_context * sx, const uschar * name_extract)
{
#if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
const uschar * s;
@@ -778,7 +775,7 @@ uschar * save_item = iterate_item;
if (sx->conn_args.have_lbserver)
return;
iterate_item = sx->buffer;
-s = expand_cstring(ob->host_name_extract);
+s = expand_cstring(name_extract);
iterate_item = save_item;
sx->conn_args.host_lbserver = s && !*s ? NULL : s;
sx->conn_args.have_lbserver = TRUE;
@@ -1067,6 +1064,8 @@ sx->pending_EHLO = FALSE;
if (pending_BANNER)
{
+ const uschar * s;
+
DEBUG(D_transport) debug_printf("%s expect banner\n", __FUNCTION__);
(*countp)--;
if (!smtp_reap_banner(sx))
@@ -1076,7 +1075,10 @@ if (pending_BANNER)
goto fail;
}
/*XXX EXPERIMENTAL_ESMTP_LIMITS ? */
- ehlo_response_lbserver(sx, sx->conn_args.ob);
+
+ s = ((smtp_transport_options_block *)sx->conn_args.ob)->host_name_extract;
+ if (!s) s = HNE_DEFAULT;
+ ehlo_response_lbserver(sx, s);
}
if (pending_EHLO)
@@ -2474,10 +2476,20 @@ goto SEND_QUIT;
#ifndef DISABLE_TLS
if (sx->smtps)
{
+ const uschar * s;
+
smtp_peer_options |= OPTION_TLS;
suppress_tls = FALSE;
ob->tls_tempfail_tryclear = FALSE;
smtp_command = US"SSL-on-connect";
+
+ /* Having no EHLO response yet, cannot peek there for a servername to detect
+ an LB. Call this anyway, so that a dummy host_name_extract option value can
+ force resumption attempts. */
+
+ if (!(s = ob->host_name_extract)) s = US"never-LB";
+ ehlo_response_lbserver(sx, s);
+
goto TLS_NEGOTIATE;
}
#endif
@@ -2565,6 +2577,8 @@ goto SEND_QUIT;
if (!sx->early_pipe_active)
#endif
{
+ const uschar * s;
+
sx->peer_offered = ehlo_response(sx->buffer,
OPTION_TLS /* others checked later */
#ifndef DISABLE_PIPE_CONNECT
@@ -2600,7 +2614,8 @@ goto SEND_QUIT;
}
}
#endif
- ehlo_response_lbserver(sx, ob);
+ if (!(s = ob->host_name_extract)) s = HNE_DEFAULT;
+ ehlo_response_lbserver(sx, s);
}
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h
index cb1d72625..0d15b9626 100644
--- a/src/src/transports/smtp.h
+++ b/src/src/transports/smtp.h
@@ -109,6 +109,7 @@ typedef struct {
uschar *tls_privatekey;
uschar *tls_require_ciphers;
# ifndef DISABLE_TLS_RESUME
+# define HNE_DEFAULT US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}"
uschar *host_name_extract;
uschar *tls_resumption_hosts;
# endif
diff --git a/test/confs/5890 b/test/confs/5890
index 88743cfd0..ff5adb90f 100644
--- a/test/confs/5890
+++ b/test/confs/5890
@@ -13,9 +13,10 @@ domainlist local_domains = test.ex : *.test.ex
acl_smtp_helo = check_helo
acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption +tls_peerdn
+log_selector = +received_recipients +tls_resumption +tls_peerdn +outgoing_port
tls_advertise_hosts = *
+tls_on_connect_ports = PORT_D2
# Set certificate only if server
@@ -33,30 +34,32 @@ tls_resumption_hosts = 127.0.0.1
begin acl
check_helo:
- accept condition = ${if def:tls_in_cipher}
- logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
- logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
- logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
- logwrite = peer cert verified\t${tls_in_certificate_verified}
- logwrite = peer dn\t${tls_in_peerdn}
- logwrite = cipher\t${tls_in_cipher}
- logwrite = bits\t${tls_in_bits}
+ accept condition = ${if def:tls_in_cipher}
+ logwrite = tls_in_ver\t$tls_in_ver
+ logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+ logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+ logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+ logwrite = peer cert verified\t${tls_in_certificate_verified}
+ logwrite = peer dn\t${tls_in_peerdn}
+ logwrite = cipher\t${tls_in_cipher}
+ logwrite = bits\t${tls_in_bits}
accept
check_recipient:
- accept domains = +local_domains
- deny message = relay not permitted
+ accept domains = +local_domains
+ deny message = relay not permitted
log_resumption:
accept condition = ${if def:tls_out_cipher}
condition = ${if eq {$event_name}{tcp:close}}
+ logwrite = tls_out_ver\t$tls_out_ver
logwrite = tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
- logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}}
- logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
- logwrite = peer cert verified\t${tls_out_certificate_verified}
- logwrite = peer dn\t${tls_out_peerdn}
- logwrite = cipher\t${tls_out_cipher}
- logwrite = bits\t${tls_out_bits}
+ logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+ logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+ logwrite = peer cert verified\t${tls_out_certificate_verified}
+ logwrite = peer dn\t${tls_out_peerdn}
+ logwrite = cipher\t${tls_out_cipher}
+ logwrite = bits\t${tls_out_bits}
# ----- Routers -----
@@ -66,7 +69,7 @@ begin routers
client:
driver = accept
condition = ${if eq {SERVER}{server}{no}{yes}}
- transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
+ transport = send_to_server${if eq{$local_part}{hostnotresume}{2}{1}}
server:
driver = redirect
@@ -80,7 +83,14 @@ send_to_server1:
driver = smtp
allow_localhost
hosts = 127.0.0.1
+.ifdef SELECTOR
+ port = PORT_D2
+ protocol = smtps
+ # Use HELO purely to get a P= different on the server <= line
+ hosts_avoid_esmtp = *
+.else
port = PORT_D
+.endif
helo_data = helo.data.changed
.ifdef HELO_MSG
host_name_extract = HELO_MSG
@@ -96,11 +106,11 @@ send_to_server1:
event_action = ${acl {log_resumption}}
send_to_server2:
- driver = smtp
+ driver = smtp
allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
- hosts_try_fastopen = :
+ hosts = HOSTIPV4
+ port = PORT_D
+ hosts_try_fastopen = :
tls_verify_certificates = CDIR/CA/CA.pem
tls_verify_cert_hostnames = :
event_action = ${acl {log_resumption}}
diff --git a/test/confs/5892 b/test/confs/5892
index 15b09fcff..571cb8e7e 100644
--- a/test/confs/5892
+++ b/test/confs/5892
@@ -13,7 +13,7 @@ domainlist local_domains = test.ex : *.test.ex
acl_smtp_helo = check_helo
acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption +tls_peerdn
+log_selector = +received_recipients +tls_resumption +tls_peerdn +outgoing_port
.ifdef _OPT_OPENSSL_NO_TLSV1_3_X
openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
@@ -21,6 +21,7 @@ openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
openssl_options = +no_sslv2 +no_sslv3 +single_dh_use
.endif
tls_advertise_hosts = *
+tls_on_connect_ports = PORT_D2
# Set certificate only if server
@@ -38,30 +39,32 @@ remote_max_parallel = 1
begin acl
check_helo:
- accept condition = ${if def:tls_in_cipher}
- logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
- logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
- logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
- logwrite = peer cert verified\t${tls_in_certificate_verified}
- logwrite = peer dn\t${tls_in_peerdn}
- logwrite = cipher\t${tls_in_cipher}
- logwrite = bits\t${tls_in_bits}
+ accept condition = ${if def:tls_in_cipher}
+ logwrite = tls_in_ver\t$tls_in_ver
+ logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+ logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+ logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+ logwrite = peer cert verified\t${tls_in_certificate_verified}
+ logwrite = peer dn\t${tls_in_peerdn}
+ logwrite = cipher\t${tls_in_cipher}
+ logwrite = bits\t${tls_in_bits}
accept
check_recipient:
- accept domains = +local_domains
- deny message = relay not permitted
+ accept domains = +local_domains
+ deny message = relay not permitted
log_resumption:
accept condition = ${if def:tls_out_cipher}
condition = ${if eq {$event_name}{tcp:close}}
+ logwrite = tls_out_ver\t$tls_out_ver
logwrite = tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
- logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}}
- logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
- logwrite = peer cert verified\t${tls_out_certificate_verified}
- logwrite = peer dn\t${tls_out_peerdn}
- logwrite = cipher\t${tls_out_cipher}
- logwrite = bits\t${tls_out_bits}
+ logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+ logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+ logwrite = peer cert verified\t${tls_out_certificate_verified}
+ logwrite = peer dn\t${tls_out_peerdn}
+ logwrite = cipher\t${tls_out_cipher}
+ logwrite = bits\t${tls_out_bits}
# ----- Routers -----
@@ -85,7 +88,14 @@ send_to_server1:
driver = smtp
allow_localhost
hosts = 127.0.0.1
+.ifdef SELECTOR
+ port = PORT_D2
+ protocol = smtps
+ # Use HELO purely to get a P= different on the server <= line
+ hosts_avoid_esmtp = *
+.else
port = PORT_D
+.endif
helo_data = helo.data.changed
.ifdef HELO_MSG
host_name_extract = HELO_MSG
@@ -101,11 +111,11 @@ send_to_server1:
event_action = ${acl {log_resumption}}
send_to_server2:
- driver = smtp
+ driver = smtp
allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
- hosts_try_fastopen = :
+ hosts = HOSTIPV4
+ port = PORT_D
+ hosts_try_fastopen = :
tls_verify_certificates = CDIR/CA/CA.pem
tls_verify_cert_hostnames = :
event_action = ${acl {log_resumption}}
diff --git a/test/confs/5894 b/test/confs/5894
index da347178e..4b34c75ae 100644
--- a/test/confs/5894
+++ b/test/confs/5894
@@ -12,10 +12,11 @@ domainlist local_domains = test.ex : *.test.ex
acl_smtp_helo = check_helo
acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption +tls_peerdn
+log_selector = +received_recipients +tls_resumption +tls_peerdn +outgoing_port
openssl_options = +no_sslv2 +no_sslv3 +single_dh_use
tls_advertise_hosts = *
+tls_on_connect_ports = PORT_D2
# Set certificate only if server
@@ -32,30 +33,32 @@ tls_resumption_hosts = 127.0.0.1
begin acl
check_helo:
- accept condition = ${if def:tls_in_cipher}
- logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
- logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
- logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
- logwrite = peer cert verified\t${tls_in_certificate_verified}
- logwrite = peer dn\t${tls_in_peerdn}
- logwrite = cipher\t${tls_in_cipher}
- logwrite = bits\t${tls_in_bits}
+ accept condition = ${if def:tls_in_cipher}
+ logwrite = tls_in_ver\t$tls_in_ver
+ logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+ logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+ logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+ logwrite = peer cert verified\t${tls_in_certificate_verified}
+ logwrite = peer dn\t${tls_in_peerdn}
+ logwrite = cipher\t${tls_in_cipher}
+ logwrite = bits\t${tls_in_bits}
accept
check_recipient:
- accept domains = +local_domains
- deny message = relay not permitted
+ accept domains = +local_domains
+ deny message = relay not permitted
log_resumption:
accept condition = ${if def:tls_out_cipher}
condition = ${if eq {$event_name}{tcp:close}}
+ logwrite = tls_out_ver\t$tls_out_ver
logwrite = tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
- logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}}
- logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
- logwrite = peer cert verified\t${tls_out_certificate_verified}
- logwrite = peer dn\t${tls_out_peerdn}
- logwrite = cipher\t${tls_out_cipher}
- logwrite = bits\t${tls_out_bits}
+ logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+ logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+ logwrite = peer cert verified\t${tls_out_certificate_verified}
+ logwrite = peer dn\t${tls_out_peerdn}
+ logwrite = cipher\t${tls_out_cipher}
+ logwrite = bits\t${tls_out_bits}
# ----- Routers -----
@@ -65,7 +68,7 @@ begin routers
client:
driver = accept
condition = ${if eq {SERVER}{server}{no}{yes}}
- transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
+ transport = send_to_server${if eq{$local_part}{hostnotresume}{2}{1}}
server:
driver = redirect
@@ -79,7 +82,14 @@ send_to_server1:
driver = smtp
allow_localhost
hosts = 127.0.0.1
+.ifdef SELECTOR
+ port = PORT_D2
+ protocol = smtps
+ # Use HELO purely to get a P= different on the server <= line
+ hosts_avoid_esmtp = *
+.else
port = PORT_D
+.endif
helo_data = helo.data.changed
.ifdef VALUE
tls_resumption_hosts = *
@@ -92,11 +102,11 @@ send_to_server1:
event_action = ${acl {log_resumption}}
send_to_server2:
- driver = smtp
+ driver = smtp
allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
- hosts_try_fastopen = :
+ hosts = HOSTIPV4
+ port = PORT_D
+ hosts_try_fastopen = :
tls_verify_certificates = CDIR/CA/CA.pem
tls_verify_cert_hostnames = :
event_action = ${acl {log_resumption}}
diff --git a/test/log/5890 b/test/log/5890
index 065e31b7f..d77b85f92 100644
--- a/test/log/5890
+++ b/test/log/5890
@@ -1,4 +1,5 @@
1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -6,9 +7,10 @@
1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? abcd@??? xyz@???
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? hostnotresume@??? xyz@???
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -16,6 +18,7 @@
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -23,11 +26,12 @@
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -35,9 +39,10 @@
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -45,9 +50,10 @@
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for timeout@???
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -55,9 +61,10 @@
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption no client request
1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -65,9 +72,10 @@
1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noverify_getticket@???
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -75,9 +83,10 @@
1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noverify_resume@???
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -85,120 +94,187 @@
1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_ver TLS1.2
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbO-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbO-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
1999-03-02 09:44:33 10HmbO-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? abcd@??? xyz@???
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_ver TLS1.2
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbS-000000005vi-0000"
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 our cert subject
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 peer cert subject CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbU-000000005vi-0000"
-1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 our cert subject
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 peer cert subject CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbW-000000005vi-0000"
-1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for timeout@???
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 our cert subject
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 peer cert subject CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 peer cert verified 1
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-000000005vi-0000"
-1999-03-02 09:44:33 10HmbX-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 tls_out_resumption no client request
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_ver TLS1.2
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 cipher TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbT-000000005vi-0000"
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbV-000000005vi-0000"
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? hostnotresume@??? xyz@???
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbX-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbX-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 => hostnotresume@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 tls_out_resumption session resumed, also new ticket
1999-03-02 09:44:33 10HmbZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmbZ-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbZ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbZ-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-000000005vi-0000"
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-000000005vi-0000"
1999-03-02 09:44:33 10HmbZ-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmcB-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmcB-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmcB-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmcB-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcC-000000005vi-0000"
+1999-03-02 09:44:33 10HmcB-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcC-000000005vi-0000"
1999-03-02 09:44:33 10HmcB-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcD-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noresume@???
-1999-03-02 09:44:33 10HmcD-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for timeout@???
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 tls_out_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 10HmcD-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmcD-000000005vi-0000 peer dn CN=server1.example.com
1999-03-02 09:44:33 10HmcD-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmcD-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmcD-000000005vi-0000 => noresume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcE-000000005vi-0000"
+1999-03-02 09:44:33 10HmcD-000000005vi-0000 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcE-000000005vi-0000"
1999-03-02 09:44:33 10HmcD-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 tls_out_resumption no client request
1999-03-02 09:44:33 10HmcF-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmcF-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmcF-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmcF-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcG-000000005vi-0000"
+1999-03-02 09:44:33 10HmcF-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcG-000000005vi-0000"
1999-03-02 09:44:33 10HmcF-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmcH-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmcH-000000005vi-0000 peer dn CN=server1.example.com
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmcH-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmcH-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcI-000000005vi-0000"
+1999-03-02 09:44:33 10HmcH-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcI-000000005vi-0000"
1999-03-02 09:44:33 10HmcH-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noresume@???
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 => noresume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcK-000000005vi-0000"
+1999-03-02 09:44:33 10HmcJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcM-000000005vi-0000"
+1999-03-02 09:44:33 10HmcL-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcO-000000005vi-0000"
+1999-03-02 09:44:33 10HmcN-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcQ-000000005vi-0000"
+1999-03-02 09:44:33 10HmcP-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcS-000000005vi-0000"
+1999-03-02 09:44:33 10HmcR-000000005vi-0000 Completed
******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -209,6 +285,7 @@
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@??? for getticket@???
1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@???> R=server
1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -220,6 +297,7 @@
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@???> R=server
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@???> R=server
1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption not requested or offered
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -227,9 +305,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@??? for abcd@???
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <abcd@???> R=server
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@??? for hostnotresume@???
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@???> R=server
1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -240,6 +319,7 @@
1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@??? for renewal@???
1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@???> R=server
1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -250,6 +330,7 @@
1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@??? for postrenewal@???
1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@???> R=server
1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -260,6 +341,7 @@
1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-000000005vi-0000@??? for timeout@???
1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <timeout@???> R=server
1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -270,6 +352,7 @@
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@??? for notreq@???
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@???> R=server
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -280,6 +363,7 @@
1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@??? for noverify_getticket@???
1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <noverify_getticket@???> R=server
1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -290,7 +374,41 @@
1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@??? for noverify_resume@???
1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <noverify_resume@???> R=server
1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbO-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@??? for getticket@???
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <getticket@???> R=server
+1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbS-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmbT-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -298,9 +416,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-000000005vi-0000@??? for getticket@???
-1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <getticket@???> R=server
-1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbU-000000005vi-0000@??? for getticket@???
+1999-03-02 09:44:33 10HmbV-000000005vi-0000 => :blackhole: <getticket@???> R=server
+1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -308,10 +427,11 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-000000005vi-0000@??? for resume@??? xyz@???
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <xyz@???> R=server
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <resume@???> R=server
-1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbW-000000005vi-0000@??? for resume@??? xyz@???
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 => :blackhole: <xyz@???> R=server
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption not requested or offered
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -319,9 +439,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@??? for abcd@???
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 => :blackhole: <abcd@???> R=server
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbW-000000005vi-0000@??? for hostnotresume@???
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 => :blackhole: <hostnotresume@???> R=server
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -329,9 +450,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-000000005vi-0000@??? for renewal@???
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 => :blackhole: <renewal@???> R=server
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcA-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbZ-000000005vi-0000@??? for renewal@???
+1999-03-02 09:44:33 10HmcA-000000005vi-0000 => :blackhole: <renewal@???> R=server
+1999-03-02 09:44:33 10HmcA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -339,9 +461,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbW-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-000000005vi-0000@??? for postrenewal@???
-1999-03-02 09:44:33 10HmbW-000000005vi-0000 => :blackhole: <postrenewal@???> R=server
-1999-03-02 09:44:33 10HmbW-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcC-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcB-000000005vi-0000@??? for postrenewal@???
+1999-03-02 09:44:33 10HmcC-000000005vi-0000 => :blackhole: <postrenewal@???> R=server
+1999-03-02 09:44:33 10HmcC-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -349,9 +472,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbY-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbX-000000005vi-0000@??? for timeout@???
-1999-03-02 09:44:33 10HmbY-000000005vi-0000 => :blackhole: <timeout@???> R=server
-1999-03-02 09:44:33 10HmbY-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcE-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcD-000000005vi-0000@??? for timeout@???
+1999-03-02 09:44:33 10HmcE-000000005vi-0000 => :blackhole: <timeout@???> R=server
+1999-03-02 09:44:33 10HmcE-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -359,9 +483,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmcA-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-000000005vi-0000@??? for notreq@???
-1999-03-02 09:44:33 10HmcA-000000005vi-0000 => :blackhole: <notreq@???> R=server
-1999-03-02 09:44:33 10HmcA-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcG-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcF-000000005vi-0000@??? for notreq@???
+1999-03-02 09:44:33 10HmcG-000000005vi-0000 => :blackhole: <notreq@???> R=server
+1999-03-02 09:44:33 10HmcG-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -369,9 +494,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmcC-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcB-000000005vi-0000@??? for getticket@???
-1999-03-02 09:44:33 10HmcC-000000005vi-0000 => :blackhole: <getticket@???> R=server
-1999-03-02 09:44:33 10HmcC-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcI-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcH-000000005vi-0000@??? for getticket@???
+1999-03-02 09:44:33 10HmcI-000000005vi-0000 => :blackhole: <getticket@???> R=server
+1999-03-02 09:44:33 10HmcI-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -379,9 +505,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmcE-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcD-000000005vi-0000@??? for noresume@???
-1999-03-02 09:44:33 10HmcE-000000005vi-0000 => :blackhole: <noresume@???> R=server
-1999-03-02 09:44:33 10HmcE-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcK-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcJ-000000005vi-0000@??? for noresume@???
+1999-03-02 09:44:33 10HmcK-000000005vi-0000 => :blackhole: <noresume@???> R=server
+1999-03-02 09:44:33 10HmcK-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -389,9 +516,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmcG-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcF-000000005vi-0000@??? for resume@???
-1999-03-02 09:44:33 10HmcG-000000005vi-0000 => :blackhole: <resume@???> R=server
-1999-03-02 09:44:33 10HmcG-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcM-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcL-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmcM-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmcM-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
@@ -399,6 +527,28 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmcI-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcH-000000005vi-0000@??? for resume@???
-1999-03-02 09:44:33 10HmcI-000000005vi-0000 => :blackhole: <resume@???> R=server
-1999-03-02 09:44:33 10HmcI-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmcO-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcN-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmcO-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmcO-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmcQ-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcP-000000005vi-0000@??? for getticket@???
+1999-03-02 09:44:33 10HmcQ-000000005vi-0000 => :blackhole: <getticket@???> R=server
+1999-03-02 09:44:33 10HmcQ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmcS-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcR-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmcS-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmcS-000000005vi-0000 Completed
diff --git a/test/log/5892 b/test/log/5892
index aeaae546a..21b6cc597 100644
--- a/test/log/5892
+++ b/test/log/5892
@@ -1,4 +1,5 @@
1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -6,9 +7,10 @@
1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? hostnotresume@??? xyz@???
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -16,8 +18,9 @@
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -25,9 +28,10 @@
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -35,9 +39,10 @@
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -45,9 +50,10 @@
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for aftertimeout@???
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -55,9 +61,10 @@
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 => aftertimeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 => aftertimeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption not requested or offered
1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -65,10 +72,11 @@
1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noverify_getticket@???
1999-03-02 09:44:33 10HmbK-000000005vi-0000 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/CN=server1.example.com" H="127.0.0.1"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -76,9 +84,10 @@
1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noverify_resume@???
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -86,9 +95,10 @@
1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbO-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbO-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbO-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -96,9 +106,10 @@
1999-03-02 09:44:33 10HmbO-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbO-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbO-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbO-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
+1999-03-02 09:44:33 10HmbO-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-000000005vi-0000"
1999-03-02 09:44:33 10HmbO-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for noresume@???
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -106,9 +117,10 @@
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => noresume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
+1999-03-02 09:44:33 10HmbQ-000000005vi-0000 => noresume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-000000005vi-0000"
1999-03-02 09:44:33 10HmbQ-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbS-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbS-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbS-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -116,9 +128,10 @@
1999-03-02 09:44:33 10HmbS-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbS-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbS-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbS-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbT-000000005vi-0000"
+1999-03-02 09:44:33 10HmbS-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbT-000000005vi-0000"
1999-03-02 09:44:33 10HmbS-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbU-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_ver TLS1.2
1999-03-02 09:44:33 10HmbU-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbU-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -126,11 +139,34 @@
1999-03-02 09:44:33 10HmbU-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbU-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbU-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbU-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbV-000000005vi-0000"
+1999-03-02 09:44:33 10HmbU-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbV-000000005vi-0000"
1999-03-02 09:44:33 10HmbU-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_ver TLS1.2
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbX-000000005vi-0000"
+1999-03-02 09:44:33 10HmbW-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 tls_out_ver TLS1.2
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbZ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbY-000000005vi-0000 Completed
******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -141,6 +177,7 @@
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@??? for getticket@???
1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@???> R=server
1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -152,6 +189,7 @@
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@???> R=server
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@???> R=server
1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption not requested or offered
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -162,6 +200,7 @@
1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@??? for hostnotresume@???
1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@???> R=server
1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -172,6 +211,7 @@
1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@??? for renewal@???
1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@???> R=server
1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -182,6 +222,7 @@
1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@??? for postrenewal@???
1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@???> R=server
1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -192,6 +233,7 @@
1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-000000005vi-0000@??? for aftertimeout@???
1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <aftertimeout@???> R=server
1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption no client request
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -202,6 +244,7 @@
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@??? for notreq@???
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@???> R=server
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -212,6 +255,7 @@
1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@??? for noverify_getticket@???
1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <noverify_getticket@???> R=server
1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -222,6 +266,7 @@
1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@??? for noverify_resume@???
1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <noverify_resume@???> R=server
1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -232,6 +277,7 @@
1999-03-02 09:44:33 10HmbP-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-000000005vi-0000@??? for getticket@???
1999-03-02 09:44:33 10HmbP-000000005vi-0000 => :blackhole: <getticket@???> R=server
1999-03-02 09:44:33 10HmbP-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -242,6 +288,7 @@
1999-03-02 09:44:33 10HmbR-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-000000005vi-0000@??? for noresume@???
1999-03-02 09:44:33 10HmbR-000000005vi-0000 => :blackhole: <noresume@???> R=server
1999-03-02 09:44:33 10HmbR-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -252,6 +299,7 @@
1999-03-02 09:44:33 10HmbT-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbS-000000005vi-0000@??? for resume@???
1999-03-02 09:44:33 10HmbT-000000005vi-0000 => :blackhole: <resume@???> R=server
1999-03-02 09:44:33 10HmbT-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -262,3 +310,25 @@
1999-03-02 09:44:33 10HmbV-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbU-000000005vi-0000@??? for resume@???
1999-03-02 09:44:33 10HmbV-000000005vi-0000 => :blackhole: <resume@???> R=server
1999-03-02 09:44:33 10HmbV-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbW-000000005vi-0000@??? for getticket@???
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 => :blackhole: <getticket@???> R=server
+1999-03-02 09:44:33 10HmbX-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.2
+1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbY-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmbZ-000000005vi-0000 Completed
diff --git a/test/log/5894 b/test/log/5894
index ab0d53703..f3d447c2a 100644
--- a/test/log/5894
+++ b/test/log/5894
@@ -1,4 +1,5 @@
1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_ver TLS1.3
1999-03-02 09:44:33 10HmaX-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmaX-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -6,9 +7,10 @@
1999-03-02 09:44:33 10HmaX-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmaX-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaX-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-000000005vi-0000"
1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? abcd@??? xyz@???
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@??? hostnotresume@??? xyz@???
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver TLS1.3
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -16,6 +18,7 @@
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_ver TLS1.3
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 tls_out_resumption not requested or offered
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -23,41 +26,45 @@
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
-1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-000000005vi-0000"
+1999-03-02 09:44:33 10HmaZ-000000005vi-0000 => hostnotresume@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-000000005vi-0000"
1999-03-02 09:44:33 10HmaZ-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbC-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbC-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmbC-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbC-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbC-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
+1999-03-02 09:44:33 10HmbC-000000005vi-0000 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-000000005vi-0000"
1999-03-02 09:44:33 10HmbC-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 tls_out_resumption session resumed, also new ticket
1999-03-02 09:44:33 10HmbE-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmbE-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbE-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbE-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-000000005vi-0000"
1999-03-02 09:44:33 10HmbE-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for timeout@???
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbG-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer cert verified 1
1999-03-02 09:44:33 10HmbG-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbG-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbG-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-000000005vi-0000"
1999-03-02 09:44:33 10HmbG-000000005vi-0000 Completed
1999-03-02 09:44:33 10HmbI-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_ver TLS1.3
1999-03-02 09:44:33 10HmbI-000000005vi-0000 tls_out_resumption not requested or offered
1999-03-02 09:44:33 10HmbI-000000005vi-0000 our cert subject
1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer cert subject CN=server1.example.com
@@ -65,11 +72,34 @@
1999-03-02 09:44:33 10HmbI-000000005vi-0000 peer dn /CN=server1.example.com
1999-03-02 09:44:33 10HmbI-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbI-000000005vi-0000 bits 256
-1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
+1999-03-02 09:44:33 10HmbI-000000005vi-0000 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-000000005vi-0000"
1999-03-02 09:44:33 10HmbI-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbL-000000005vi-0000"
+1999-03-02 09:44:33 10HmbK-000000005vi-0000 Completed
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 <= CALLER@??? U=CALLER P=local S=sss for resume@???
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_ver TLS1.3
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 our cert subject
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer cert verified 1
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 bits 256
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1]:PORT_D2 X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbN-000000005vi-0000"
+1999-03-02 09:44:33 10HmbM-000000005vi-0000 Completed
******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_D2
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -80,6 +110,7 @@
1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-000000005vi-0000@??? for getticket@???
1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <getticket@???> R=server
1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -91,6 +122,7 @@
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <xyz@???> R=server
1999-03-02 09:44:33 10HmbA-000000005vi-0000 => :blackhole: <resume@???> R=server
1999-03-02 09:44:33 10HmbA-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption not requested or offered
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -98,9 +130,10 @@
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@??? for abcd@???
-1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <abcd@???> R=server
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-000000005vi-0000@??? for hostnotresume@???
+1999-03-02 09:44:33 10HmbB-000000005vi-0000 => :blackhole: <hostnotresume@???> R=server
1999-03-02 09:44:33 10HmbB-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -111,6 +144,7 @@
1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-000000005vi-0000@??? for renewal@???
1999-03-02 09:44:33 10HmbD-000000005vi-0000 => :blackhole: <renewal@???> R=server
1999-03-02 09:44:33 10HmbD-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -121,6 +155,7 @@
1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-000000005vi-0000@??? for postrenewal@???
1999-03-02 09:44:33 10HmbF-000000005vi-0000 => :blackhole: <postrenewal@???> R=server
1999-03-02 09:44:33 10HmbF-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -131,6 +166,7 @@
1999-03-02 09:44:33 10HmbH-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbG-000000005vi-0000@??? for timeout@???
1999-03-02 09:44:33 10HmbH-000000005vi-0000 => :blackhole: <timeout@???> R=server
1999-03-02 09:44:33 10HmbH-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
@@ -141,3 +177,25 @@
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-000000005vi-0000@??? for notreq@???
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 => :blackhole: <notreq@???> R=server
1999-03-02 09:44:33 10HmbJ-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-000000005vi-0000@??? for getticket@???
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 => :blackhole: <getticket@???> R=server
+1999-03-02 09:44:33 10HmbL-000000005vi-0000 Completed
+1999-03-02 09:44:33 tls_in_ver TLS1.3
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] TFO* P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-000000005vi-0000@??? for resume@???
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 => :blackhole: <resume@???> R=server
+1999-03-02 09:44:33 10HmbN-000000005vi-0000 Completed
diff --git a/test/scripts/5890-Resume-GnuTLS/5890 b/test/scripts/5890-Resume-GnuTLS/5890
index d129da2db..3395218fa 100644
--- a/test/scripts/5890-Resume-GnuTLS/5890
+++ b/test/scripts/5890-Resume-GnuTLS/5890
@@ -6,12 +6,12 @@ gnutls
# SSLKEYLOGFILE=/home/jgh/git/exim/test/foo sudo exim -DSERVER=server -bd -oX PORT_D
#
### TLS1.2
-exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D:PORT_D2
****
exim -DVALUE=resume -odf getticket@???
****
-exim -DVALUE=resume -odf resume@??? abcd@??? xyz@???
+exim -DVALUE=resume -odf resume@??? hostnotresume@??? xyz@???
Test message to two different hosts, one does not support resume
****
# allow time for ticket to hit renewal time
@@ -36,18 +36,25 @@ Dest on this means the server cert will not verify (but try_verify will permit i
exim -odf -DVALUE=resume noverify_resume@???
Dest on this means the server cert will not verify (but try_verify will permit it)
****
+# Test TLS-on-connect
+exim -DVALUE=resume -odf resume@???
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@???
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@???
+****
killdaemon
sleep 1
sudo rm -f DIR/spool/db/tls
#
#
### TLS1.3
-exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D:PORT_D2
****
exim -DVALUE=resume -odf getticket@???
****
-exim -DVALUE=resume -odf resume@??? abcd@??? xyz@???
+exim -DVALUE=resume -odf resume@??? hostnotresume@??? xyz@???
Test message to two different hosts, one does not support resume
****
# allow time for ticket to hit renewal time
@@ -78,6 +85,11 @@ exim -DVALUE=resume -DHELO_MSG=differenthost -odf resume@???
****
exim -DVALUE=resume -odf resume@???
****
+# Test TLS-on-connect
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@???
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@???
+****
#
killdaemon
no_msglog_check
diff --git a/test/scripts/5892-Resume-OpenSSL/5892 b/test/scripts/5892-Resume-OpenSSL/5892
index 77b93704b..92eed04d2 100644
--- a/test/scripts/5892-Resume-OpenSSL/5892
+++ b/test/scripts/5892-Resume-OpenSSL/5892
@@ -1,7 +1,7 @@
# TLSv1.2 session resumption
#
### TLS1.2
-exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D:PORT_D2
****
exim -DVALUE=resume -odf getticket@???
Test message.
@@ -46,6 +46,12 @@ exim -DVALUE=resume -DHELO_MSG=differenthost -odf resume@???
exim -DVALUE=resume -odf resume@???
****
#
+# Test TLS-on-connect
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@???
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@???
+****
+#
# Check the -k (key only) option on dumpdb
perl
system 'DIR/eximdir/exim_dumpdb -k DIR/spool tls';
diff --git a/test/scripts/5894-Resume-OpenSSL-TLS1.3/5894 b/test/scripts/5894-Resume-OpenSSL-TLS1.3/5894
index 722bc9b08..b85351bd5 100644
--- a/test/scripts/5894-Resume-OpenSSL-TLS1.3/5894
+++ b/test/scripts/5894-Resume-OpenSSL-TLS1.3/5894
@@ -1,12 +1,12 @@
# TLSv1.3 session resumption
#
### TLS1.3
-exim -DSERVER=server -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D:PORT_D2
****
exim -DVALUE=resume -odf getticket@???
****
-exim -DVALUE=resume -odf resume@??? abcd@??? xyz@???
+exim -DVALUE=resume -odf resume@??? hostnotresume@??? xyz@???
Test message to two different hosts, one does not support resume
****
# allow time for ticket to hit renewal time
@@ -24,5 +24,12 @@ Test message.
exim -odf notreq@???
Test message, not requesting resumption.
****
+#
+# Test TLS-on-connect
+exim -DVALUE=resume -DSELECTOR=smtps -odf getticket@???
+****
+exim -DVALUE=resume -DSELECTOR=smtps -odf resume@???
+****
+#
killdaemon
no_msglog_check
diff --git a/test/stdout/5892 b/test/stdout/5892
index 23a7bcf3e..077a3dd0e 100644
--- a/test/stdout/5892
+++ b/test/stdout/5892
@@ -1,5 +1,6 @@
### TLS1.2
4686560d7a1d9becb8fd0c62406eaaf169b2ea1b889244342653024281bca106
+ 8ff2965550bd60d7e4496ad508a8cff91ac5de6fbec4806e8c9c3d6959300e3e
b90422e57483069e0b7dbcebbdf1be3504bae64df49ea1f699cc773acc8a76d5
******** SERVER ********
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
