[ldns-users] TLSA verification using ldns-dane
Paul Wouters
paul at nohats.ca
Wed Jun 1 03:00:38 UTC 2016
On Tue, 31 May 2016, A. Schulze wrote:
> i use the command "ldns-dane verify www.example.org 443" to check if
> the TLSA-Record _443._tcp.www.example.org match the certificate at
> https://www.example.org.
> That works.
>
> Now I try to check a mailserver that support STARTTLS.
Not sure about ldns-dane, but I think it lacks STARTTLS
support. With the hash-slinger package installed, you can
run:
tlsa --verify mx.nohats.ca --starttls smtp --port 25
SUCCESS (Usage 3 [DANE-EE]): Certificate offered by the server matches the TLSA record (193.110.157.68)
Paul
More information about the ldns-users
mailing list