shuque / gotls Goto Github PK

#Host: mail.bayern.de Port: 25
SNI: mail.bayern.de
STARTTLS application: smtp
DNS TLSA RRset:
  qname: _25._tcp.mail.bayern.de.
  2 0 1 32a2bc1d515cdbc412b62b47a1cccf2bb1b8e3ef309f982458d3a7c61797422a
IP Addresses found:
  195.200.70.95
  195.200.70.104

## Checking mail.bayern.de 195.200.70.95 port 25
DANE TLSA 2 0 1 [32a2bc1d..]: FAIL matched TA certificate at depth 1 but name check failed
## STARTTLS Transcript:
recv: 220 mail96.bayern.de ESMTP Bavarian Mail Gateway; Tue, 1 Feb 2022 16:48:09 +0100
send: EHLO v22019048273988146
recv: 250-mail96.bayern.de Hello, pleased to meet you
recv: 250-ENHANCEDSTATUSCODES
recv: 250-PIPELINING
recv: 250-8BITMIME
recv: 250-SIZE 50000000
recv: 250-DSN
recv: 250-ETRN
recv: 250-STARTTLS
recv: 250-DELIVERBY
recv: 250 HELP
send: STARTTLS
recv: 220 2.0.0 Ready to start TLS
## Peer Certificate Chain:
   0 CN=mail.bayern.de,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   1 CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
## Verified Certificate Chain 0:
   0 CN=mail.bayern.de,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   1 CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
## TLS Connection Info:
   TLS version: TLS1.2
   CipherSuite: TLS_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 1
   Serial#: eebc66ec77fe726e
   Subject: CN=mail.bayern.de,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   Issuer:  CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   Signature Algorithm: SHA256-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2022-01-31 05:27:22 +0000 UTC
   Expiration: 2022-03-02 05:27:22 +0000 UTC
   KU:
   EKU:
   SKI:
   AKI:
   OSCP Servers: []
   CA Issuer URL: []
   CRL Distribution: []
   Policy OIDs: []
Result: FAILED: DANE TLS authentication failed

## Checking mail.bayern.de 195.200.70.104 port 25
DANE TLSA 2 0 1 [32a2bc1d..]: FAIL matched TA certificate at depth 1 but name check failed
## STARTTLS Transcript:
recv: 220 mail115.bayern.de ESMTP Bavarian Mail Gateway; Tue, 1 Feb 2022 16:48:10 +0100
send: EHLO v22019048273988146
recv: 250-mail115.bayern.de Hello, pleased to meet you
recv: 250-ENHANCEDSTATUSCODES
recv: 250-PIPELINING
recv: 250-8BITMIME
recv: 250-SIZE 50000000
recv: 250-DSN
recv: 250-ETRN
recv: 250-STARTTLS
recv: 250-DELIVERBY
recv: 250 HELP
send: STARTTLS
recv: 220 2.0.0 Ready to start TLS
## Peer Certificate Chain:
   0 CN=mail.bayern.de,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   1 CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
## Verified Certificate Chain 0:
   0 CN=mail.bayern.de,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   1 CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
     CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
## TLS Connection Info:
   TLS version: TLS1.2
   CipherSuite: TLS_RSA_WITH_AES_256_GCM_SHA384
## End-Entity Certificate Info:
   X509 version: 1
   Serial#: eebc66ec77fe7269
   Subject: CN=mail.bayern.de,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   Issuer:  CN=Bayerische DANE-CA,O=Freistaat Bayern,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c1e4265686f657264656e6e65747a6469656e7374654062617965726e2e6465
   Signature Algorithm: SHA256-RSA
   PublicKey Algorithm: RSA 2048-Bits
   Inception:  2022-01-31 05:25:08 +0000 UTC
   Expiration: 2022-03-02 05:25:08 +0000 UTC
   KU:
   EKU:
   SKI:
   AKI:
   OSCP Servers: []
   CA Issuer URL: []
   CRL Distribution: []
   Policy OIDs: []
Result: FAILED: DANE TLS authentication failed

[2] Authentication failed for all (2) peers.