Viktor, It’s great that this is out.
Question — was there any usability testing done regarding the API? Simson On 8/26/16, 12:25 PM, "dane on behalf of Viktor Dukhovni" <[email protected] on behalf of [email protected]> wrote: For those who might not yet have heard the news, OpenSSL 1.1.0 was released yesterday and includes support for DANE TLSA authentication. https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_dane_enable.html https://www.openssl.org/docs/manmaster/apps/s_client.html Example: $ PATH=/.../OpenSSL_1_1_0/bin:$PATH $ dig +short -t mx ietf.org | while read pref mx; do mx=${mx%.} printf "=== %s\n" "$mx" dig +short -t tlsa "_25._tcp.$mx" | while read rrdata; do printf "+++ %s\n" "$rrdata" (sleep 2; printf "QUIT\r\n" ) | openssl s_client -brief -starttls smtp -connect "$mx:25" \ -dane_tlsa_domain "$mx" -dane_tlsa_rrdata "$rrdata" \ -dane_ee_no_namechecks done done === mail.ietf.org +++ 3 1 1 0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B566 64C5D3D6 CONNECTION ESTABLISHED Protocol version: TLSv1.2 Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 Peer certificate: OU = Domain Control Validated, CN = *.ietf.org Hash used: SHA512 Verification: OK Verified peername: *.ietf.org DANE TLSA 3 1 1 ...e7cb23e5b514b56664c5d3d6 matched EE certificate at depth 0 Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 Server Temp Key: ECDH, P-256, 256 bits 250 8BITMIME DONE -- Viktor. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
