-
Configuring acceptable CAs with TLSA records (usage modes 0 and 2) is not supported with this script, and the script returns the (slightly inaccurate) message saying "Certificate doesn't match TLSA re…
-
-
It would be a great add to have a look if the domain has TLSA record and if possible, even verify its validity
ada86 updated
6 months ago
-
The mail server already uses a valid certificate.
We could add a TLSA record for the mail server in DNS, so that mailservers implementing DANE (that include all properly-configured Postfixes) require …
-
I'm running a DNS server and am trying to query it with `q`. (The server is [ncdns](https://github.com/namecoin/ncdns) if that helps reproducing the issue.) The following works:
~~~
$ ./q -tcp -…
-
as testssl is great for integrating into your monitoring, this feature addon would make a great improvement. But maybe I am missing something that already exists?
-
At first sight, this new integrated mail server seems like a great idea - especially to someone who wants to self-host but finds the usual solution of Postfix/Devecot/SpamAssasin/Roundcube to be very …
-
The current default SSL security policy of the `monero-wallet-cli` and `monero-wallet-rpc` is to autodetect whether the daemon RPC has SSL enabled. A root-CA check against the domain is attempted, but…
-
These comments are from reading the document [draft-ietf-high-assurance-dids-with-dns.md](https://github.com/CIRALabs/high-assurance-dids-with-dns/blob/main/draft-ietf-high-assurance-dids-with-dns.md)…
-
When using DoT/DoQ/DoH, but not using DANE (no TLSA records or TLSA SvcParams), what SNI do we use? i.e. what is the [Authentication Domain Name](https://datatracker.ietf.org/doc/html/rfc8310#:~:text=…