On Sun, May 02, 2021 at 04:11:30PM -0400, Viktor Dukhovni via Exim-users wrote:
> With Postfix, I get: > > # posttls-finger -c "[serv02.atvirtual.eu]" > posttls-finger: serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: > Matched DANE EE certificate at depth 0: 3 1 1 > 7E95E999DA41CDD250EB3F97C397BFDB087AEAB914EDBDF1B5B6C49457923048 > posttls-finger: serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: > subject_CN=serv02.atvirtual.eu, issuer_CN=AlphaSSL CA - SHA256 - G2, > fingerprint=70:4C:CF:00:75:BF:47:BB:D4:C7:D1:B4:E6:63:2B:52:E0:40:97:4F:3E:F1:18:C5:F7:D6:B3:E6:43:25:6C:69, > > pkey_fingerprint=7E:95:E9:99:DA:41:CD:D2:50:EB:3F:97:C3:97:BF:DB:08:7A:EA:B9:14:ED:BD:F1:B5:B6:C4:94:57:92:30:48 > posttls-finger: Verified TLS connection established to > serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: TLSv1.2 with cipher > ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) FWIW, there's no evidence of any recent changes in the associated TLSA records, unless the DANE survey happened to miss a brief glitch. The history table shows a single TLSA record unchanged in 3+ years: { "qname": "_25._tcp.serv02.atvirtual.eu", "usage": 3, "selector": 1, "mtype": 1, "data": "7e95e999da41cdd250eb3f97c397bfdb087aeab914edbdf1b5b6c49457923048", "stime": "2018-04-13", "etime": null } -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/