On Sun, May 02, 2021 at 04:11:30PM -0400, Viktor Dukhovni via Exim-users wrote:
> With Postfix, I get:
>
> # posttls-finger -c "[serv02.atvirtual.eu]"
> posttls-finger: serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: Matched DANE EE certificate at depth 0: 3 1 1 7E95E999DA41CDD250EB3F97C397BFDB087AEAB914EDBDF1B5B6C49457923048
> posttls-finger: serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: subject_CN=serv02.atvirtual.eu, issuer_CN=AlphaSSL CA - SHA256 - G2, fingerprint=70:4C:CF:00:75:BF:47:BB:D4:C7:D1:B4:E6:63:2B:52:E0:40:97:4F:3E:F1:18:C5:F7:D6:B3:E6:43:25:6C:69, pkey_fingerprint=7E:95:E9:99:DA:41:CD:D2:50:EB:3F:97:C3:97:BF:DB:08:7A:EA:B9:14:ED:BD:F1:B5:B6:C4:94:57:92:30:48
> posttls-finger: Verified TLS connection established to serv02.atvirtual.eu[2a0b:1640:1:1:1:1:179:ba44]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
FWIW, there's no evidence of any recent changes in the associated TLSA
records, unless the DANE survey happened to miss a brief glitch. The
history table shows a single TLSA record unchanged in 3+ years:
{
"qname": "_25._tcp.serv02.atvirtual.eu",
"usage": 3,
"selector": 1,
"mtype": 1,
"data": "7e95e999da41cdd250eb3f97c397bfdb087aeab914edbdf1b5b6c49457923048",
"stime": "2018-04-13",
"etime": null
}
--
Viktor.
