-
Roi
sslh is running on 5223 here at Hot-Chilli now. Transparent and dual stack. What a pain in the *ss... ;-)
-
Roi
...to set it up. But it runs smooth now. ;-)
-
Ty3r0X
On a slightly unrelated note, regarding ssl, I believe xmpp clients should trust certificates received via dnssec + dane (I consider this to be the future of chain of trust)
-
Menel
It is the utopian chain of trust at least...
-
msavoritias
they dont trust these certificates atm? they should then yeah
-
moparisthebest
> sslh is running on 5223 here at Hot-Chilli now. Transparent and dual stack. What a pain in the *ss... ;-) Haha yes indeed, but great work Roi ! :)
-
moparisthebest
Ty3r0X: they should, but it's tricky and only some do, not many, but yes we should fix it
-
Menel
Is there some automatic process available to generate Dane TLSA records, or does one need to manually copy their cert in some online generator program and then enter that as record.... Some offline script/helper/program?
-
jonas’
yes
-
jonas’
let me check
-
jonas’
Menel, tlsa(1), from the hash-slinger debian package
-
Menel
I see, thanks... All the talk about DANE, led me to maybe try that out
-
Roi
> > sslh is running on 5223 here at Hot-Chilli now. Transparent and dual stack. What a pain in the *ss... ;-) > Haha yes indeed, but great work Roi ! :) Thank you! :-) And it really seems to work. That is fancy stuff. ;-)