Posts Tagged ‘TLSA’

Postfix 3.2 released

Postfix version 3.2 was released on 28 February 2017 and implements several changes to its DANE functionality in order to conform with RFCs 7671 and 7672, as well as operational practices Postfix is a free and open-source mail transfer agent that includes support for the DANE protocol. DANE can address the issue of third-party trust Read more…


OpenSSL 1.1.0 released

Catching up on developments from last week, and it’s worth mentioning that version 1.1.0 of OpenSSL has been released. As well as removing support for deprecated cryptographic protocols including SSLv2, this release is notable for adding support for DANE (DNS-based Authentication of Named Entities) and Certificate Transparency. OpenSSL is an open-source software library developed by the OpenSSL Software Foundation Read more…


Let’s Encrypt certificates for mail servers and DANE – Part 1 of 2

Some would think that having a trusted certificate for your services such as web and email servers is enough, but some might wish to add an extra layer of security by publishing the hash of that in the DNS through a TLSA record and signed with DNSSEC. We already enabled Let’s Encrypt certificates for various web servers in the Go6lab, but this Read more…


January 29th, 2016 by | Posted in DANE, DANE, DNSSEC, Let's Encrypt, TLS for Applications | Tags: , , | 1 Comment

More DANE / DNSSEC / TLS Testing From Go6lab

DANE

After we successfully implemented DANE for email server in Go6lab – we thought of doing a small experiment. Who else on the Internet is using DANE for email servers and is verifying the TLS certificate hash using the TLSA DNS record? Let’s find out. As we don’t have all existing domain names in a handy Read more…


June 9th, 2015 by | Posted in DANE, DNSSEC, TLS for Applications | Tags: , , , | 1 Comment