On Samstag, 28. März 2020 19:55:15 CEST Kim Alvefur wrote: > Suggestions for additional tests are welcomed.
I have a few! - Outright bogus DNSSEC - Expired DNSSEC - SRV record pointing at the root zone (`.`) mixed into other SRV records - Only a single SRV record pointing at the root zone (`.`) - Only DH suites with short (<1024 bits) DH parameters - Only "export" ciphers Not necessarily bad, but would be good as test cases either way: - DNSSEC-signed SRV record pointing at a hostname different from the domain name and the service only has a certificate for that hostname. This is valid from my understanding, but probably without widespread support. - No SRV record, only A/AAAA records. Echo-ing what moparisthebest suggested in xsf@:´ - xmpps-server records where one of which points at an HTTPS port (with a valid one pointing at XMPPS) Thanks for this service! kind regards, Jonas _______________________________________________ JDev mailing list Info: https://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
