[uylug-varios] Fwd: [dane] OpenSSL 1.1.0 released, supports DANE TLSA

Carlos M. Martinez carlosmarcelomartinez at gmail.com
Fri Aug 26 10:19:53 PDT 2016


OpenSSL 1.1.0 soporta validación de certificados usando DANE/TLSA.


Forwarded message:

> From: Viktor Dukhovni <ietf-dane at dukhovni.org>
> To: dane at ietf.org
> Subject: [dane] OpenSSL 1.1.0 released, supports DANE TLSA
> Date: Fri, 26 Aug 2016 16:25:32 +0000
>
>
> For those who might not yet have heard the news, OpenSSL 1.1.0 was
> released yesterday and includes support for DANE TLSA authentication.
>
>    https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_dane_enable.html
>     https://www.openssl.org/docs/manmaster/apps/s_client.html
>
> Example:
>
>    $ PATH=/.../OpenSSL_1_1_0/bin:$PATH
>    $  dig +short -t mx ietf.org |
>          while read pref mx; do
>             mx=${mx%.}
>             printf "=== %s\n" "$mx"
>             dig +short -t tlsa "_25._tcp.$mx" |
>                while read rrdata; do
>                   printf "+++ %s\n" "$rrdata"
>                   (sleep 2; printf "QUIT\r\n" ) |
>                   openssl s_client -brief -starttls smtp -connect 
> "$mx:25" \
>                      -dane_tlsa_domain "$mx" -dane_tlsa_rrdata 
> "$rrdata" \
>                      -dane_ee_no_namechecks
>                done
>          done
>    === mail.ietf.org
>    +++ 3 1 1 0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B566 
> 64C5D3D6
>    CONNECTION ESTABLISHED
>    Protocol version: TLSv1.2
>    Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
>    Peer certificate: OU = Domain Control Validated, CN = *.ietf.org
>    Hash used: SHA512
>    Verification: OK
>    Verified peername: *.ietf.org
>    DANE TLSA 3 1 1 ...e7cb23e5b514b56664c5d3d6 matched EE certificate 
> at depth 0
>    Supported Elliptic Curve Point Formats: 
> uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
>    Server Temp Key: ECDH, P-256, 256 bits
>    250 8BITMIME
>    DONE
>
> -- 
> 	Viktor.
>
> _______________________________________________
> dane mailing list
> dane at ietf.org
> https://www.ietf.org/mailman/listinfo/dane


More information about the Uylug-varios mailing list