[uylug-varios] Fwd: [dane] OpenSSL 1.1.0 released, supports DANE TLSA
Carlos M. Martinez
carlosmarcelomartinez at gmail.com
Fri Aug 26 10:19:53 PDT 2016
OpenSSL 1.1.0 soporta validación de certificados usando DANE/TLSA.
Forwarded message:
> From: Viktor Dukhovni <ietf-dane at dukhovni.org>
> To: dane at ietf.org
> Subject: [dane] OpenSSL 1.1.0 released, supports DANE TLSA
> Date: Fri, 26 Aug 2016 16:25:32 +0000
>
>
> For those who might not yet have heard the news, OpenSSL 1.1.0 was
> released yesterday and includes support for DANE TLSA authentication.
>
> https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_dane_enable.html
> https://www.openssl.org/docs/manmaster/apps/s_client.html
>
> Example:
>
> $ PATH=/.../OpenSSL_1_1_0/bin:$PATH
> $ dig +short -t mx ietf.org |
> while read pref mx; do
> mx=${mx%.}
> printf "=== %s\n" "$mx"
> dig +short -t tlsa "_25._tcp.$mx" |
> while read rrdata; do
> printf "+++ %s\n" "$rrdata"
> (sleep 2; printf "QUIT\r\n" ) |
> openssl s_client -brief -starttls smtp -connect
> "$mx:25" \
> -dane_tlsa_domain "$mx" -dane_tlsa_rrdata
> "$rrdata" \
> -dane_ee_no_namechecks
> done
> done
> === mail.ietf.org
> +++ 3 1 1 0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B566
> 64C5D3D6
> CONNECTION ESTABLISHED
> Protocol version: TLSv1.2
> Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
> Peer certificate: OU = Domain Control Validated, CN = *.ietf.org
> Hash used: SHA512
> Verification: OK
> Verified peername: *.ietf.org
> DANE TLSA 3 1 1 ...e7cb23e5b514b56664c5d3d6 matched EE certificate
> at depth 0
> Supported Elliptic Curve Point Formats:
> uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
> Server Temp Key: ECDH, P-256, 256 bits
> 250 8BITMIME
> DONE
>
> --
> Viktor.
>
> _______________________________________________
> dane mailing list
> dane at ietf.org
> https://www.ietf.org/mailman/listinfo/dane
More information about the Uylug-varios
mailing list