Posts Tagged ‘TLSA’

OpenSSL 1.1.0 released

Catching up on developments from last week, and it’s worth mentioning that version 1.1.0 of OpenSSL has been released. As well as removing support for deprecated cryptographic protocols including SSLv2, this release is notable for adding support for DANE (DNS-based Authentication of Named Entities) and Certificate Transparency. OpenSSL is an open-source software library developed by the OpenSSL Software Foundation Read more…

Let’s Encrypt certificates for mail servers and DANE – Part 1 of 2

Some would think that having a trusted certificate for your services such as web and email servers is enough, but some might wish to add an extra layer of security by publishing the hash of that in the DNS through a TLSA record and signed with DNSSEC. We already enabled Let’s Encrypt certificates for various web servers in the Go6lab, but this Read more…

January 29th, 2016 by | Posted in DANE, DANE, DNSSEC, Let's Encrypt, TLS for Applications | Tags: , , | 1 Comment

More DANE / DNSSEC / TLS Testing From Go6lab


After we successfully implemented DANE for email server in Go6lab – we thought of doing a small experiment. Who else on the Internet is using DANE for email servers and is verifying the TLS certificate hash using the TLSA DNS record? Let’s find out. As we don’t have all existing domain names in a handy Read more…

June 9th, 2015 by | Posted in DANE, DNSSEC, TLS for Applications | Tags: , , , | 1 Comment