This application checks a DANE TLS Service. It connects to the specified TLS service and then attempts to authenticate its TLS server certificate according to its corresponding DANE TLSA records in the DNS.
Port: 5223
Domain name: xmpp.eco.br
Name Check for DANE-EE: on
Checking Transcript:
Host: xmpp.eco.br Port: 5223 SNI: xmpp.eco.br DNS TLSA RRset: qname: _5223._tcp.xmpp.eco.br. 3 1 1 7f6443180ba81570d8be42016c3a9a06371939306b0c95bc7c0b6dd4b8d3dc9c IP Addresses found: 2a02:c206:2213:944::1 37.60.248.136 ## Checking xmpp.eco.br 2a02:c206:2213:944::1 port 5223 DANE TLSA 3 1 1 [7f644318..]: FAIL did not match EE certificate ## Peer Certificate Chain: 0 CN=xmpp.eco.br CN=E5,O=Let's Encrypt,C=US 1 CN=E5,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## PKIX Certificate Chain 0: 0 CN=xmpp.eco.br CN=E5,O=Let's Encrypt,C=US 1 CN=E5,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=xmpp.eco.br CN=E5,O=Let's Encrypt,C=US 1 CN=E5,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## TLS Connection Info: TLS version: 1.3 CipherSuite: TLS_AES_256_GCM_SHA384 ## End-Entity Certificate Info: X509 version: 3 Serial#: 611803cac415d16729eab1d429eb6f93dcf Subject: CN=xmpp.eco.br Issuer: CN=E5,O=Let's Encrypt,C=US SAN dNSName: xmpp.eco.br Signature Algorithm: ECDSA-SHA384 PublicKey Algorithm: ECDSA 511-Bits Inception: 2025-06-09 22:18:15 +0000 UTC Expiration: 2025-09-07 22:18:14 +0000 UTC KU: DigitalSignature EKU: ServerAuth ClientAuth Is CA?: false SKI: 149beff1d74156a7b6f1ab90b647209757ccfa83 AKI: 9f2b5fcf3c214f9d04b7ed2b2cc4c6708bd2d70d OSCP Servers: [] CA Issuer URL: [http://e5.i.lencr.org/] CRL Distribution: [http://e5.c.lencr.org/80.crl] Policy OIDs: [2.23.140.1.2.1] Result: FAILED: DANE TLS authentication failed ## Checking xmpp.eco.br 37.60.248.136 port 5223 DANE TLSA 3 1 1 [7f644318..]: FAIL did not match EE certificate ## Peer Certificate Chain: 0 CN=xmpp.eco.br CN=E5,O=Let's Encrypt,C=US 1 CN=E5,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## PKIX Certificate Chain 0: 0 CN=xmpp.eco.br CN=E5,O=Let's Encrypt,C=US 1 CN=E5,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US 2 CN=ISRG Root X1,O=Internet Security Research Group,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## DANE Certificate Chain 0: 0 CN=xmpp.eco.br CN=E5,O=Let's Encrypt,C=US 1 CN=E5,O=Let's Encrypt,C=US CN=ISRG Root X1,O=Internet Security Research Group,C=US ## TLS Connection Info: TLS version: 1.3 CipherSuite: TLS_AES_256_GCM_SHA384 ## End-Entity Certificate Info: X509 version: 3 Serial#: 611803cac415d16729eab1d429eb6f93dcf Subject: CN=xmpp.eco.br Issuer: CN=E5,O=Let's Encrypt,C=US SAN dNSName: xmpp.eco.br Signature Algorithm: ECDSA-SHA384 PublicKey Algorithm: ECDSA 511-Bits Inception: 2025-06-09 22:18:15 +0000 UTC Expiration: 2025-09-07 22:18:14 +0000 UTC KU: DigitalSignature EKU: ServerAuth ClientAuth Is CA?: false SKI: 149beff1d74156a7b6f1ab90b647209757ccfa83 AKI: 9f2b5fcf3c214f9d04b7ed2b2cc4c6708bd2d70d OSCP Servers: [] CA Issuer URL: [http://e5.i.lencr.org/] CRL Distribution: [http://e5.c.lencr.org/80.crl] Policy OIDs: [2.23.140.1.2.1] Result: FAILED: DANE TLS authentication failed [2] Authentication failed for all (2) peers.