Viktor,

It’s great that this is out.

Question — was there any usability testing done regarding the API?

Simson


On 8/26/16, 12:25 PM, "dane on behalf of Viktor Dukhovni" 
<[email protected] on behalf of [email protected]> wrote:

    
    For those who might not yet have heard the news, OpenSSL 1.1.0 was
    released yesterday and includes support for DANE TLSA authentication.
    
        https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_dane_enable.html
        https://www.openssl.org/docs/manmaster/apps/s_client.html
    
    Example:
    
       $ PATH=/.../OpenSSL_1_1_0/bin:$PATH
       $  dig +short -t mx ietf.org |
             while read pref mx; do
                mx=${mx%.}
                printf "=== %s\n" "$mx"
                dig +short -t tlsa "_25._tcp.$mx" |
                   while read rrdata; do
                      printf "+++ %s\n" "$rrdata"
                      (sleep 2; printf "QUIT\r\n" ) |
                      openssl s_client -brief -starttls smtp -connect "$mx:25" \
                         -dane_tlsa_domain "$mx" -dane_tlsa_rrdata "$rrdata" \
                         -dane_ee_no_namechecks
                   done
             done
       === mail.ietf.org
       +++ 3 1 1 0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B566 
64C5D3D6
       CONNECTION ESTABLISHED
       Protocol version: TLSv1.2
       Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
       Peer certificate: OU = Domain Control Validated, CN = *.ietf.org
       Hash used: SHA512
       Verification: OK
       Verified peername: *.ietf.org
       DANE TLSA 3 1 1 ...e7cb23e5b514b56664c5d3d6 matched EE certificate at 
depth 0
       Supported Elliptic Curve Point Formats: 
uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
       Server Temp Key: ECDH, P-256, 256 bits
       250 8BITMIME
       DONE
    
    -- 
        Viktor.
    
    _______________________________________________
    dane mailing list
    [email protected]
    https://www.ietf.org/mailman/listinfo/dane
    

_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to