Dane testing and posttls-finger ???

John Allen john at klam.ca
Thu Apr 9 14:40:27 CEST 2015 

When I try "posttls-finger dane.sys4.de" I get the following.  I have 
emphasized a couple of areas in the following text that cause me some 
concern.

posttls-finger: Connected to dane.sys4.de[194.126.158.134]:25
posttls-finger: < 220 dane.sys4.de ESMTP Postfix
posttls-finger: > EHLO smtp.klam.ca
posttls-finger: < 250-dane.sys4.de
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-SIZE 10240000
posttls-finger: < 250-ETRN
posttls-finger: < 250-STARTTLS
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250 DSN
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 Ready to start TLS
posttls-finger: dane.sys4.de[194.126.158.134]:25: Matched subjectAltName: dane.sys4.de
posttls-finger: dane.sys4.de[194.126.158.134]:25: subjectAltName: sys4.de
posttls-finger: dane.sys4.de[194.126.158.134]:25 CommonName dane.sys4.de
posttls-finger:*certificate verification failed*  for dane.sys4.de[194.126.158.134]:25: untrusted issuer /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
posttls-finger: dane.sys4.de[194.126.158.134]:25: subject_CN=dane.sys4.de, issuer_CN=StartCom Class 2 Primary Intermediate Server CA, fingerprint=41:B5:70:D5:35:68:72:B2:64:4C:5E:DE:74:52:23:E1:3B:3A:03:07, pkey_fingerprint=E5:CD:96:DD:35:8C:91:30:75:5B:D0:66:47:1D:CD:83:39:9A:D5:CC
posttls-finger:*Untrusted TLS connection *established to dane.sys4.de[194.126.158.134]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
posttls-finger: > EHLO smtp.klam.ca
posttls-finger: < 250-dane.sys4.de
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-SIZE 10240000
posttls-finger: < 250-ETRN
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8BITMIME
posttls-finger: < 250 DSN
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 Bye

Certificate verification fails and I wind up with an untrusted connection.
Is this something I did or is there a real problem?

John A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150409/b5d9ff14/attachment.html>

More information about the dane-users mailing list