AnsweredAssumed Answered

Feature request: TLSA record verification (DANE protocol, RFC 6698)

Question asked by Anders Giversen on Jan 30, 2014
Latest reply on Sep 24, 2015 by Michael Peters

Are there any plans to incorporate support for the DANE protocol in Qualy's ssl server test?


The DANE protocol (RFC 6698) is a protocol which can be used to verify the authenticity of a TLS/SSL certificate for a domain name using DNS. Hereby it is possible to provide higher security for SSL/TLS certificates / stronger authentication of SLL/TLS certificates.


The DANE protocol uses TLSA DNS records to verify TLS/SLL certificates. TLSA records store hashes of TLS/SSL certificates.

(The DNS records needs to be signed with DNSSEC.)