This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.
Port: 5223
Domain name: xmpp.eco.br
Name Check for DANE-EE: on
Checking Transcript:
Host: xmpp.eco.br Port: 5223
SNI: xmpp.eco.br
DNS TLSA RRset:
qname: _5223._tcp.xmpp.eco.br.
3 1 1 7730e759fd65f0741748e76fdaf9a3d981b46316fffe3579e8e274b77f8f2eef
IP Addresses found:
2a02:c206:2213:944::1
37.60.248.136
## Checking xmpp.eco.br 2a02:c206:2213:944::1 port 5223
DANE TLSA 3 1 1 [7730e759..]: OK matched EE certificate
## Peer Certificate Chain:
0 CN=xmpp.eco.br
CN=E7,O=Let's Encrypt,C=US
1 CN=E7,O=Let's Encrypt,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
## PKIX Certificate Chain 0:
0 CN=xmpp.eco.br
CN=E7,O=Let's Encrypt,C=US
1 CN=E7,O=Let's Encrypt,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
2 CN=ISRG Root X1,O=Internet Security Research Group,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
## DANE Certificate Chain 0:
0 CN=xmpp.eco.br
CN=E7,O=Let's Encrypt,C=US
1 CN=E7,O=Let's Encrypt,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
## TLS Connection Info:
TLS version: 1.3
CipherSuite: TLS_AES_256_GCM_SHA384
## End-Entity Certificate Info:
X509 version: 3
Serial#: 5b9ff4118848e5c3a17d2e9d85554f71912
Subject: CN=xmpp.eco.br
Issuer: CN=E7,O=Let's Encrypt,C=US
SAN dNSName: xmpp.eco.br
Signature Algorithm: ECDSA-SHA384
PublicKey Algorithm: ECDSA 511-Bits
Inception: 2025-12-06 04:22:36 +0000 UTC
Expiration: 2026-03-06 04:22:35 +0000 UTC
KU: DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 5c962bb79b8555d5a12a288844493d2a6e313b15
AKI: ae489edc871d44a06fdaa2e560740478c29c0080
OSCP Servers: []
CA Issuer URL: [http://e7.i.lencr.org/]
CRL Distribution: [http://e7.c.lencr.org/19.crl]
Policy OIDs: [2.23.140.1.2.1]
Result: DANE OK
## Checking xmpp.eco.br 37.60.248.136 port 5223
DANE TLSA 3 1 1 [7730e759..]: OK matched EE certificate
## Peer Certificate Chain:
0 CN=xmpp.eco.br
CN=E7,O=Let's Encrypt,C=US
1 CN=E7,O=Let's Encrypt,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
## PKIX Certificate Chain 0:
0 CN=xmpp.eco.br
CN=E7,O=Let's Encrypt,C=US
1 CN=E7,O=Let's Encrypt,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
2 CN=ISRG Root X1,O=Internet Security Research Group,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
## DANE Certificate Chain 0:
0 CN=xmpp.eco.br
CN=E7,O=Let's Encrypt,C=US
1 CN=E7,O=Let's Encrypt,C=US
CN=ISRG Root X1,O=Internet Security Research Group,C=US
## TLS Connection Info:
TLS version: 1.3
CipherSuite: TLS_AES_256_GCM_SHA384
## End-Entity Certificate Info:
X509 version: 3
Serial#: 5b9ff4118848e5c3a17d2e9d85554f71912
Subject: CN=xmpp.eco.br
Issuer: CN=E7,O=Let's Encrypt,C=US
SAN dNSName: xmpp.eco.br
Signature Algorithm: ECDSA-SHA384
PublicKey Algorithm: ECDSA 511-Bits
Inception: 2025-12-06 04:22:36 +0000 UTC
Expiration: 2026-03-06 04:22:35 +0000 UTC
KU: DigitalSignature
EKU: ServerAuth ClientAuth
Is CA?: false
SKI: 5c962bb79b8555d5a12a288844493d2a6e313b15
AKI: ae489edc871d44a06fdaa2e560740478c29c0080
OSCP Servers: []
CA Issuer URL: [http://e7.i.lencr.org/]
CRL Distribution: [http://e7.c.lencr.org/19.crl]
Policy OIDs: [2.23.140.1.2.1]
Result: DANE OK
[0] Authentication succeeded for all (2) peers.