Network Bastion: June 2012

I recently received an e-mail from my insurance company, Allstate, asking me to rate their products and services. Of course, in an effort to improve the response to the survey about how well my agent was doing the incentive of a $500 prize was noted in the message asking me to complete the survey - in effect a bribe to ensure that as many people as possible responded and the completion rate by the survey company was as high as possible.

I am always bothered by such bribes but, in this case, it was not the bribe which made me crazy, but some blatant security issues with the e-mail message, along with the links to the survey, which were insecure.

I was also bothered by the fact that a link, obviously linked to my e-mail address, to tell whether I had responded or not, was also accompanied by a PASSWORD which I could use if the embedded URL did not properly launch a browser from within my e-mail client.

WAIT A MINUTE? AN INSURANCE COMPANY SENDS A LINK WITH A PASSWORD IN A NON-SECURE MESSAGE! THERE IS A MAJOR PROBLEM HERE.

So here is the original message - personal and agency information removed:

==============================================

Dear Bruce Barnes,

At Allstate, your opinion matters. You are part of a select group of customers we are asking for feedback. We want to know how you feel about your experiences with us and your agency, AGENCY NAME REDACTED.

To show appreciation for your time and effort, upon completion of the survey you may enter your name into a sweepstakes for a $500 cash prize. 10 prizes will be awarded each quarter (click here to view the official sweepstakes rules).

Please let us know about your experience by completing a quick and easy online survey. To access the survey, simply click here [link removed from survey link] to begin.

http://www.researchhq.com/allstatesurvey

Thank you for allowing us to keep you in Good Hands.

Sincerely,

Barbara Higgins
Senior Vice President
Customer Experience & Retention

For technical questions, please email allstatesurvey@researchhq.com
If you would like to review Allstate’s privacy policy, click here.
If you would like to be removed from future mailings please click here.

Allstate Insurance Company | 2775 Sanders Road | Northbrook | Illinois | 60062

==============================================

An analysis of both the company which sent the message, along with the embedded links in the message, revealed many security risks.

Those risks included SSL certificates which are improperly configured to respond to URL queries which may or may not begin with WWW, sending a password in the same message with a link to a secured site which requires a password to enter the site, and the use of plain e-mail without encryption or a certificate which contains personally identifiable information.

There was also an issue with the fact that the SENDING E-MAIL ADDRESS DID NOT MATCH THE REPLY TO E-MAIL ADDRESS. How about helping to eliminate spam, Allstate? Surely, you can do better than this.

The analysis resulted in the following note being sent to Allstate's network security department and management team:

===============================================

Dear Allstate;

If you want me to take a survey, which allegedly originates from Allstate, then please send your survey request via an ALLSTATE.COM e-mail address, NOT via a RESEARCHHQ.COM e-mail address.

I have several issues with the potential lack of security in this e-mail message [included below my assessment of the insecurity of the original message], and have listed them in detail here:

The survey message was sent from a NON ALLSTATE sending e-mail address, IE:
- From: "Allstate Survey Manager" <allstatesurvey@researchhq.com>
  - data taken from MESSAGE HEADER - included below signature below
The RETURN ADDRESS is a different address than the FROM ADDRESS, IE:
- Return-Path: <bounce-142_html-422358214-2693216-1063737-16@bounce.researchhq.mar0.net> [NOTE: MANY ISPS are getting ready to COMPLETELY BLOCK e-mail in which the SENDING e-mail address and the RETURN e-mail address do not match exactly, including me!]
  - data taken from MESSAGE HEADER - included below signature below
The "TECHNICAL QUESTIONS" e-mail address does not match either the FROM ADDRESS or the RETURN ADDRESS, IE:
- For technical questions, please email allstatesurvey@researchhq.com
The only thing which does point back to an ALLSTATE.COM domain name is the PRIVACY POLICY LINK, IE:
- http://www.allstate.com/about/privacy-statement-aic.aspx

While the PRIVACY POLICY LINK does point back to the ALLSTATE.COM domain name, it is a REDIRECT, from a url which belongs to CLICK.RESEARCHHQ.MAR0.NET, IE:

If you would like to review Allstate’s privacy policy, click <a href="http://click.researchhq.mar0.net/?qs=8157f1704562892524c736070ccb03f7cd2336c86f206202393852d15f43c782756f67c894cdd4dd">here</a>
This link opens an INSECURE website at:
- http://www.allstate.com/about/privacy-statement-aic.aspx
Because your entire Allstate..com website is capable of supporting SSL, a better link would be the SECURE:
- https://www.allstate.com/about/privacy-statement-aic.aspx

The privacy link embedded within the survey message is not a secure link. While this is not normally required for privacy pages, your privacy page states:

"What Security Procedures Do We Use to Guard Against the Loss, Misuse, Alteration, or Theft of Information While That Information Is Being Submitted to Allstate Over the Internet?

To help ensure the security of your personal and financial information that you submit this site, (other than via an e-mail message), we use security software to encrypt the information before and during its transmission through the Internet. We only allow information to be submitted for transmission if your browser is compatible with our security software. If your browser is not compatible, you will receive a message indicating your transaction can be completed but at a lower level of security.

E-mail messages are not secure. Our security software does not encrypt e-mail messages. E-mail messages traveling through the Internet are subject to viewing, alteration, and copying by potentially anyone on the Internet.

You should exercise discretion with respect to the submission of any personal or financial information via e-mail. If you are concerned about the security of your communication, we encourage you to send your correspondence through the postal service or use the telephone to speak directly to us. We are not responsible for the security or confidentiality of communications you send to us through the Internet using e-mail messages."

According to your privacy policy:

E-mail messages are not secure. Our security software does not encrypt e-mail messages. E-mail messages traveling through the Internet are subject to viewing, alteration, and copying by potentially anyone on the Internet.

The ALLSTATE CUSTOMER EXPERIENCE STUDY SWEEPSTAKES OFFICIAL RULES link points neither to a secure web page, nor a page under the domain name of the survey company, nor an Allstate.com website page, IE:

http://pages.s4.exacttarget.com/Sweepstakes_Rules/

The UNSUBSCRIBE link DOES point back to a secure Allstate website page. This is the single positive item in the entire e-mail message, IE:

https://www.allstate.com/allstate/joinourmailinglist/Verification.aspx

You placed a PLAIN TEXT PASSWORD into an UNSECURED E-MAIL, which, even though it is sent via a link that is capable of being secured by a TLS enabled e-mail server, the fact that the e-mail server is "capable" of TLS, does not ensure that is will actually deliver via TLS because TLS is not a universally adopted e-mail transmission protocal, [SEE TLS SECURITY REPORTS AT THE END OF THIS MESSAGE] IE:

"If your browser does not take you directly to the survey, please type the web address below into your internet browser address bar and enter in your password. The survey will be available through June 19, 2012.

Web address: http://www.researchhq.com/allstatesurvey
Password: mpqcnhjw3

As referenced above, this appears to be a potential violation of Allstate's written, public security policy at https://www.allstate.com/about/privacy-statement-aic.aspx, IE:

E-mail messages are not secure. Our security software does not encrypt e-mail messages. E-mail messages traveling through the Internet are subject to viewing, alteration, and copying by potentially anyone on the Internet.

Because e-mail, unless sent using encryption technology, is an insecure medium, generally accepted best practices for passwords mandate that the use of e-mail to send passwords should be avoided.

If it is not possible to deliver a password in any other manner, IE: because of the timeliness of a survey such as the one allegedly sent on behalf of Allstate by CLICK.RESEARCHHQ.MAR0.NET, then, at the very least, the password should be sent via a SEPARATE e-mail message and not included in the same link as the message containing a username or login link.

NOTE: THERE ARE ISSUES WITH ALLSTATE'S SSL CERTIFICATE - one of the certificates in the chain has either been compromised or is invalid! This is documented in the ALLSTATE.COM TLS TEST included below my signature below, IE

[001.441]
Cert NOT VALIDATED: unable to get local issuer certificate
[001.441]
this may help: What Is An Intermediate Certificate
[001.441]
So email is encrypted but the domain is not verified
[001.441] ssl : scheme=http cert=-1221772720
: identity=smtp.allstate.com cn=smtp.allstate.com alt=

Additional issues exist with your SSL certificate for ALLSTATE.COM because it is trusted for "WWW.ALLSTATE.COM" it is NOT TRUSTED for "ALLSTATE.COM"

Common names www.allstate.com
Alternative names - Prefix handling Not valid for "allstate.com" CONFUSING
Valid from Wed Sep 15 14:58:26 UTC 2010
Valid until Sun Sep 16 15:28:26 UTC 2012 (expires in 3 months and 5 days)
Key RSA / 1024 bits Signature algorithm SHA1withRSA

See: https://www.ssllabs.com/ssltest/analyze.html?d=allstate.com&hideResults=on to do independent testing. Remember to check the box "DO NOT SHOW RESULTS ON BOARDS" if you do not want your results publically displayed on the testing website.
At ChicagoNetTech, we use many different resources to validate our customer's e-mail message security, including:

CHECK TLS: http://www.checktls..com/perl/TestReceiver.pl - free TLS testing set

UNLOCK THE INBOX: http://www.unlocktheinbox.com/ - partial subscription tool set

DNS STUFF dot COM: http://www.dnsstuff.com/tools - subscription tool set

QUALYS SSL LABS: https://www.ssllabs.com/ssltest/index.html - free SSL/TLS testing set
SUMMARY: The use of RESEARCHHQ.COM to send surveys on your behalf erodes my confidence because of the obvious header mismatches for the SENDING and RETURN e-mail addresses and the fact that they are using an INSECURE LINK to point to the PRIVACY PAGE on a the Allstate website which is capable supporting SSL links throughout the entire website, but is only truly secure when the site is accessed via HTTPS://WWW.ALLSTATE.COM. Accessing via HTTPS://ALLSTATE.COM breaks the authority of the certificate because of the prefix handling issue outlined a few paragraphs above, validated via https://www.ssllabs.com/ssltest/index.html

The major issues of the original e-mail message from the survey company are:

The survey request is Allstate customer survey originates from an outside source;

In as much as Allstate is an insurance company Allstate, and Allstate subsidiaries, should be zealous in their desire to maintain absolute integrity for all e-mail and web transactions;

The use of an outside agency does not alleviate Allstate from any liabilities which may be incurred because of poor security practices by a survey company.

PASSWORD and SURVEY LINK sent within the same message;

ALLSTATE PRIVACY PAGE link NOT SECURE within message:

Link is NON SECURE FORWARD via survey company;

Link to which non-secure forwarding link is forwarded is non-secure.

ALLSTATE CUSTOMER EXPERIENCE STUDY SWEEPSTAKES OFFICIAL RULES link points neither to a secure web page, nor a page under the domain name of the survey company, nor an Allstate.com website page.

Message is not digitally signed or encrypted;

Message is sent via TLS capable but not all receiving e-mail servers are capable of TLS
Security is not just a word in a dictionary. It is something which requires punctilious attention 24 hours a day, 7 days a week, 365 days a year. Hackers do not take even a moment off. Hackers and crackers are pervasive in their efforts to penetrate the best of security measures and it is important that everyone who is responsible for e-mail and web communications take every possible measure to protect both the integrity of e-mail messages sent both by and on our behalf.

To enhance the security of Allstate's e-mail servers consider adding:

SPF records which point ONLY to Allstate's MX servers;

Force ALL e-mail to AUTHENTICATE through Allstate's MX servers;

10 smtp.allstate.com 167.127.98.30

20 smtp.allstate.com 167.127.98.30

do NOT allow any outside e-mail messages to go through Allstate e-mail servers without authentication. This may take some effort and cause your IT staff to revisit older web servers, but e-mail security is extremely important.

Setup DKIM and DOMAIN KEYS for all outgoing Allstate e-mail

Setup DMARC records for Allstate e-mail servers

Setup a REVERSE DNS ENTRY for Allstate - you currently have none. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry.

Validate your Allstate e-mail server reputation using one of the many tools freely available on the internet. A very good example can be found at http://www.unlocktheinbox.com/resources/emailauthentication/. By simply sending an e-mail, from ANY VALID Allstate e-mail address, to mailtest@unlocktheinbox.com, you will receive a report back which will vet Allstate's e-mail servers using all of the above listed e-mail tests, along with a few more, and show you any weaknesses in the Allstate e-mail network.
Secure e-mail and web servers take effort and require the dedication of any company to ensure that those tools are neither compromised or can cause a compromise for those who receive e-mail from them or access them for information.

By setting up these e-mail DNS records suggested above, and testing your servers on a regular basis, Allstate will help to ensure that Allstate's e-mail is coming from Allstate's e-mail servers and this will help to protect Allstate's reputation as a company which is interested in helping to protect not only Allstate customers, but all internet users.

As a long-time, and otherwise very satisfied, customer of Allstate I have enormous respect for both Allstate and their local agents.

I also respect your desire to follow-up with Allstate customers to determine satisfaction with service and products. This is simply good business practice and benefits both the customer and Allstate.

Because Allstate is an insurance company, Allstate should carefully vet the security practices used by their partners and vendors and make certain those vendors are not potentially putting their customers, their customers confidential information, or Allstate's networks at risk.

Therefore, I cannot participate in this survey request because there are too many questions as to the legitimacy of the survey because neither the headers nor the links are consistent with the ALLSTATE.COM domain name and there are too many security questions raised by the methods and security procedures used by the agent selected by Allstate to publish the survey.

In as much as Allstate has both a reputation, market branding, and security to consider Allstate should consider taking all future surveys and other such customer marketing procedures in-house and drop all outside activity. Protect Allstate's brand, reputation and customers by paying close attention to every aspect of both perceived inconsistencies, actual inconsistencies, and security at every level - both within any e-mail correspondence, the links within the messages sent, whether by Allstate or an associate or vendor, and in the practices used to secure the websites and e-mail servers used by vendors and associates.
Sincerely,

Bruce Barnes

============================================================

RECEIVED MESSAGE HEADER:

Return-Path: <bounce-142_html-422358214-2693216-1063737-16@bounce.researchhq.mar0.net>
Received: from mta2.researchhq.mar0.net (mta2.researchhq.mar0.net [68.232.195.205]) by securemail.chicagonettech.com with SMTP;
Tue, 12 Jun 2012 09:17:34 -0500
Received: by mta2.researchhq.mar0.net (PowerMTA(TM) v3.5r16) id hqt6ko0ie1st for <BBARNES@CHICAGONETTECH.COM>; Tue, 12 Jun 2012 07:52:55 -0600 (envelope-from <bounce-142_HTML-422358214-2693216-1063737-16@bounce.researchhq.mar0.net>)
From: "Allstate Survey Manager" <allstatesurvey@researchhq.com>
To: <BBARNES@CHICAGONETTECH.COM>
Subject: Reminder: Allstate Needs Your Help
Date: Tue, 12 Jun 2012 08:02:14 -0600
List-Unsubscribe: <mailto:leave-fd541574770b5c392848-fe30107277670175771574-fe9216767c67067c73-fe9415707367037e72-ff981576@leave.researchhq.mar0.net>
MIME-Version: 1.0
Reply-To: "Maritz" <reply-fe9216767c67067c73-142_HTML-422358214-1063737-16@researchhq.mar0.net>
x-job: 1063737_2693216
Message-ID: <b485f8ca-c2be-4b83-86c6-dcd413f0e009@xtnvmta4230.xt.local>
Content-Type: multipart/alternative;
boundary="r8bCOdP3LJQK=_?:"
X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None

===========================================================

TLS SECURITY REPORTS FOLLOW

============================================================

TLS REPORT FOR ALLSTATE.COM - from http://www.checktls.com/perl/TestReceiver.pl

CheckTLS Confidence Factor for "customerprivacy@allstate.com": 90

MX Server Pref Con-
nect All-
owed Can
Use TLS
Adv Cert
OK TLS
Neg Sndr
OK Rcvr
OK
smtp.allstate.com
[167.127.98.30] 10 OK
(83ms) OK
(183ms) OK
(233ms) OK
(295ms) FAIL OK
(1,581ms) OK
(489ms) OK
(509ms)
smtp.allstate.com
[167.127.98.30] 20 OK
(82ms) OK
(179ms) OK
(71ms) OK
(72ms) FAIL OK
(778ms) OK
(109ms) OK
(242ms)
Average
100% 100% 100% 100% 0% 100% 100% 100%

(double click matrix to select all for copy and paste)Note: Cert failures do not affect TLS encryption, but may mean the site isn't who they say they are.

(double click in detail below to select all for copy and paste)

Checking customerprivacy@allstate.com

looking up MX hosts on domain "allstate.com"
smtp.allstate.com (preference:10)
smtp.allstate.com (preference:20)

Trying TLS on smtp.allstate.com[167.127.98.30] (10):

seconds
test stage and result
[000.083]
Connected to server
[000.266] <-- 220 SMTP Proxy Server Ready
[000.266]
We are allowed to connect
[000.267] --> EHLO checktls.com
[000.498] <-- 250-ESMTP Server Ready
250-SIZE 15728640
250-DSN
250-STARTTLS
250 TLS
[000.499]
We can use this server
[000.499]
TLS is an option on this server
[000.500] --> STARTTLS
[000.794] <-- 220 Server ready Ready to start TLS
[000.794]
STARTTLS command works on this server
[001.294] ssl : new ctx -1220103072
: start handshake
: ssl handshake not started
: set socket to non-blocking to enforce timeout=30
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: ok=0 cert=-1221772720
: ok=0 cert=-1221772720
: ok=0 cert=-1221772720
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> 1
: ssl handshake done

[001.295]
Cipher in use: AES256-SHA
[001.295]
Connection converted to SSL
[001.332]
Certificate 1 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276850255 (0x4c1b304f) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Sep 20 08:24:01 2011 GMT Not After : Oct 1 12:23:29 2013 GMT Subject: countryName = US stateOrProvinceName = Illinois localityName = Northbrook organizationName = Allstate Insurance Company organizationalUnitName = ETAS commonName = smtp.allstate.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:d9:3a:ed:c6:8f:eb:93:50:6f:55:b0:8d:18: 57:bb:15:9e:f4:89:e8:29:ca:a5:5f:06:5d:40:bf: 17:a6:4d:3e:89:3d:cc:84:69:bb:40:57:bb:79:3f: ea:9d:e9:0f:f4:f0:52:49:d5:6a:ac:4a:36:6a:9a: f7:de:7e:1d:b4:7b:c3:cd:92:ed:1a:da:e1:38:6a: 1c:34:3f:e7:d7:ba:b1:68:dd:cd:cb:b0:09:b5:eb: 06:ff:f5:4f:90:fb:2d:c8:0b:52:a5:3c:91:f2:6e: 31:d7:9d:33:23:51:d6:44:a9:0b:8e:9b:c8:60:1e: 63:38:1c:a0:c9:a4:7b:eb:02:92:e0:1c:38:68:44: 1f:bd:96:30:31:20:2f:c6:be:18:c0:c0:c2:c9:24: d0:0b:bf:ee:40:92:d2:8a:45:57:ac:e8:c9:ed:a6: 6b:5e:5f:27:62:9e:ae:99:54:07:42:19:d8:63:e7: b5:ad:a8:75:89:7e:70:ee:17:64:60:cc:63:33:6c: 72:8d:c7:c6:20:80:7c:45:94:a6:3a:54:c8:3a:1c: 18:49:29:ae:db:3b:2f:94:53:61:51:cb:f6:59:0d: f9:58:5e:6e:a5:5d:b2:b3:7f:70:f8:2e:67:ef:45: 21:6f:c1:6d:dd:64:76:30:0c:a1:12:36:32:23:97: 27:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/l1c-chain.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 07:D1:85:62:3B:04:BA:27:3A:0A:DB:49:8A:65:A7:0C:98:0C:E6:FC X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 22:b8:44:df:2a:42:76:58:a7:f4:14:a8:fb:2b:10:ea:45:27: 1f:a1:34:bf:7a:b8:eb:5a:cf:2f:bc:b1:2d:9c:5d:33:14:13: db:1e:10:0d:5b:9a:a4:c9:68:80:59:0a:95:88:15:26:1d:33: cc:31:8b:c0:d2:27:d1:bd:ab:2c:4a:11:f8:ce:82:01:db:7e: 17:3e:2e:6c:79:8c:f2:ce:2d:70:b2:b9:bc:42:a8:d1:17:27: 7a:08:35:8d:d0:60:1c:e2:be:81:c9:81:71:89:fd:27:a8:3b: 62:b3:bb:69:06:7d:18:19:a5:01:18:07:b1:52:64:f5:48:76: 11:37:93:4b:c9:cf:ef:43:31:02:5c:9e:d6:e7:c6:71:a6:9c: be:4f:c0:32:97:2e:10:4b:59:8e:84:6e:7a:2f:71:d7:bd:47: 01:93:e9:85:b4:10:69:c7:a5:e6:d0:d4:e1:27:5b:8b:f7:ef: 96:b6:07:69:2c:7f:6f:de:a9:bf:1a:af:92:0b:67:a3:7c:19: 66:48:32:93:8f:4f:59:24:2e:8d:e6:6e:76:e3:3e:e9:88:d0: 79:d2:52:d5:b2:5c:39:0a:a1:48:3f:5c:c2:51:61:f5:b0:e7: b5:72:99:b3:98:55:2e:c5:64:9b:74:50:7d:29:1e:39:fc:86: 6d:e9:36:64 -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETBswTzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA5MjAwODI0MDFaFw0xMzEwMDEx MjIzMjlaMIGFMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNV BAcTCk5vcnRoYnJvb2sxIzAhBgNVBAoTGkFsbHN0YXRlIEluc3VyYW5jZSBDb21w YW55MQ0wCwYDVQQLEwRFVEFTMRowGAYDVQQDExFzbXRwLmFsbHN0YXRlLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHZOu3Gj+uTUG9VsI0YV7sV nvSJ6CnKpV8GXUC/F6ZNPok9zIRpu0BXu3k/6p3pD/TwUknVaqxKNmqa995+HbR7 w82S7Rra4ThqHDQ/59e6sWjdzcuwCbXrBv/1T5D7LcgLUqU8kfJuMdedMyNR1kSp C46byGAeYzgcoMmke+sCkuAcOGhEH72WMDEgL8a+GMDAwskk0Au/7kCS0opFV6zo ye2ma15fJ2KerplUB0IZ2GPnta2odYl+cO4XZGDMYzNsco3HxiCAfEWUpjpUyDoc GEkprts7L5RTYVHL9lkN+VhebqVdsrN/cPguZ+9FIW/Bbd1kdjAMoRI2MiOXJ60C AwEAAaOCAU8wggFLMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWMu Y3JsMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50 cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFj LWNoYWluLmNlcjBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIB FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJ DwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUB9GFYjsEuic6CttJimWnDJgM5vwwCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAIrhE3ypCdlin9BSo+ysQ6kUnH6E0 v3q461rPL7yxLZxdMxQT2x4QDVuapMlogFkKlYgVJh0zzDGLwNIn0b2rLEoR+M6C Adt+Fz4ubHmM8s4tcLK5vEKo0Rcnegg1jdBgHOK+gcmBcYn9J6g7YrO7aQZ9GBml ARgHsVJk9Uh2ETeTS8nP70MxAlye1ufGcaacvk/AMpcuEEtZjoRuei9x171HAZPp hbQQacel5tDU4Sdbi/fvlrYHaSx/b96pvxqvkgtno3wZZkgyk49PWSQujeZuduM+ 6YjQedJS1bJcOQqhSD9cwlFh9bDntXKZs5hVLsVkm3RQfSkeOfyGbek2ZA== -----END CERTIFICATE-----

[001.368]
Certificate 2 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276850255 (0x4c1b304f) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Sep 20 08:24:01 2011 GMT Not After : Oct 1 12:23:29 2013 GMT Subject: countryName = US stateOrProvinceName = Illinois localityName = Northbrook organizationName = Allstate Insurance Company organizationalUnitName = ETAS commonName = smtp.allstate.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:d9:3a:ed:c6:8f:eb:93:50:6f:55:b0:8d:18: 57:bb:15:9e:f4:89:e8:29:ca:a5:5f:06:5d:40:bf: 17:a6:4d:3e:89:3d:cc:84:69:bb:40:57:bb:79:3f: ea:9d:e9:0f:f4:f0:52:49:d5:6a:ac:4a:36:6a:9a: f7:de:7e:1d:b4:7b:c3:cd:92:ed:1a:da:e1:38:6a: 1c:34:3f:e7:d7:ba:b1:68:dd:cd:cb:b0:09:b5:eb: 06:ff:f5:4f:90:fb:2d:c8:0b:52:a5:3c:91:f2:6e: 31:d7:9d:33:23:51:d6:44:a9:0b:8e:9b:c8:60:1e: 63:38:1c:a0:c9:a4:7b:eb:02:92:e0:1c:38:68:44: 1f:bd:96:30:31:20:2f:c6:be:18:c0:c0:c2:c9:24: d0:0b:bf:ee:40:92:d2:8a:45:57:ac:e8:c9:ed:a6: 6b:5e:5f:27:62:9e:ae:99:54:07:42:19:d8:63:e7: b5:ad:a8:75:89:7e:70:ee:17:64:60:cc:63:33:6c: 72:8d:c7:c6:20:80:7c:45:94:a6:3a:54:c8:3a:1c: 18:49:29:ae:db:3b:2f:94:53:61:51:cb:f6:59:0d: f9:58:5e:6e:a5:5d:b2:b3:7f:70:f8:2e:67:ef:45: 21:6f:c1:6d:dd:64:76:30:0c:a1:12:36:32:23:97: 27:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/l1c-chain.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 07:D1:85:62:3B:04:BA:27:3A:0A:DB:49:8A:65:A7:0C:98:0C:E6:FC X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 22:b8:44:df:2a:42:76:58:a7:f4:14:a8:fb:2b:10:ea:45:27: 1f:a1:34:bf:7a:b8:eb:5a:cf:2f:bc:b1:2d:9c:5d:33:14:13: db:1e:10:0d:5b:9a:a4:c9:68:80:59:0a:95:88:15:26:1d:33: cc:31:8b:c0:d2:27:d1:bd:ab:2c:4a:11:f8:ce:82:01:db:7e: 17:3e:2e:6c:79:8c:f2:ce:2d:70:b2:b9:bc:42:a8:d1:17:27: 7a:08:35:8d:d0:60:1c:e2:be:81:c9:81:71:89:fd:27:a8:3b: 62:b3:bb:69:06:7d:18:19:a5:01:18:07:b1:52:64:f5:48:76: 11:37:93:4b:c9:cf:ef:43:31:02:5c:9e:d6:e7:c6:71:a6:9c: be:4f:c0:32:97:2e:10:4b:59:8e:84:6e:7a:2f:71:d7:bd:47: 01:93:e9:85:b4:10:69:c7:a5:e6:d0:d4:e1:27:5b:8b:f7:ef: 96:b6:07:69:2c:7f:6f:de:a9:bf:1a:af:92:0b:67:a3:7c:19: 66:48:32:93:8f:4f:59:24:2e:8d:e6:6e:76:e3:3e:e9:88:d0: 79:d2:52:d5:b2:5c:39:0a:a1:48:3f:5c:c2:51:61:f5:b0:e7: b5:72:99:b3:98:55:2e:c5:64:9b:74:50:7d:29:1e:39:fc:86: 6d:e9:36:64 -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETBswTzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA5MjAwODI0MDFaFw0xMzEwMDEx MjIzMjlaMIGFMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNV BAcTCk5vcnRoYnJvb2sxIzAhBgNVBAoTGkFsbHN0YXRlIEluc3VyYW5jZSBDb21w YW55MQ0wCwYDVQQLEwRFVEFTMRowGAYDVQQDExFzbXRwLmFsbHN0YXRlLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHZOu3Gj+uTUG9VsI0YV7sV nvSJ6CnKpV8GXUC/F6ZNPok9zIRpu0BXu3k/6p3pD/TwUknVaqxKNmqa995+HbR7 w82S7Rra4ThqHDQ/59e6sWjdzcuwCbXrBv/1T5D7LcgLUqU8kfJuMdedMyNR1kSp C46byGAeYzgcoMmke+sCkuAcOGhEH72WMDEgL8a+GMDAwskk0Au/7kCS0opFV6zo ye2ma15fJ2KerplUB0IZ2GPnta2odYl+cO4XZGDMYzNsco3HxiCAfEWUpjpUyDoc GEkprts7L5RTYVHL9lkN+VhebqVdsrN/cPguZ+9FIW/Bbd1kdjAMoRI2MiOXJ60C AwEAAaOCAU8wggFLMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWMu Y3JsMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50 cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFj LWNoYWluLmNlcjBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIB FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJ DwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUB9GFYjsEuic6CttJimWnDJgM5vwwCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAIrhE3ypCdlin9BSo+ysQ6kUnH6E0 v3q461rPL7yxLZxdMxQT2x4QDVuapMlogFkKlYgVJh0zzDGLwNIn0b2rLEoR+M6C Adt+Fz4ubHmM8s4tcLK5vEKo0Rcnegg1jdBgHOK+gcmBcYn9J6g7YrO7aQZ9GBml ARgHsVJk9Uh2ETeTS8nP70MxAlye1ufGcaacvk/AMpcuEEtZjoRuei9x171HAZPp hbQQacel5tDU4Sdbi/fvlrYHaSx/b96pvxqvkgtno3wZZkgyk49PWSQujeZuduM+ 6YjQedJS1bJcOQqhSD9cwlFh9bDntXKZs5hVLsVkm3RQfSkeOfyGbek2ZA== -----END CERTIFICATE-----

[001.441]
Certificate 3 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276850255 (0x4c1b304f) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Sep 20 08:24:01 2011 GMT Not After : Oct 1 12:23:29 2013 GMT Subject: countryName = US stateOrProvinceName = Illinois localityName = Northbrook organizationName = Allstate Insurance Company organizationalUnitName = ETAS commonName = smtp.allstate.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b1:d9:3a:ed:c6:8f:eb:93:50:6f:55:b0:8d:18: 57:bb:15:9e:f4:89:e8:29:ca:a5:5f:06:5d:40:bf: 17:a6:4d:3e:89:3d:cc:84:69:bb:40:57:bb:79:3f: ea:9d:e9:0f:f4:f0:52:49:d5:6a:ac:4a:36:6a:9a: f7:de:7e:1d:b4:7b:c3:cd:92:ed:1a:da:e1:38:6a: 1c:34:3f:e7:d7:ba:b1:68:dd:cd:cb:b0:09:b5:eb: 06:ff:f5:4f:90:fb:2d:c8:0b:52:a5:3c:91:f2:6e: 31:d7:9d:33:23:51:d6:44:a9:0b:8e:9b:c8:60:1e: 63:38:1c:a0:c9:a4:7b:eb:02:92:e0:1c:38:68:44: 1f:bd:96:30:31:20:2f:c6:be:18:c0:c0:c2:c9:24: d0:0b:bf:ee:40:92:d2:8a:45:57:ac:e8:c9:ed:a6: 6b:5e:5f:27:62:9e:ae:99:54:07:42:19:d8:63:e7: b5:ad:a8:75:89:7e:70:ee:17:64:60:cc:63:33:6c: 72:8d:c7:c6:20:80:7c:45:94:a6:3a:54:c8:3a:1c: 18:49:29:ae:db:3b:2f:94:53:61:51:cb:f6:59:0d: f9:58:5e:6e:a5:5d:b2:b3:7f:70:f8:2e:67:ef:45: 21:6f:c1:6d:dd:64:76:30:0c:a1:12:36:32:23:97: 27:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/l1c-chain.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 07:D1:85:62:3B:04:BA:27:3A:0A:DB:49:8A:65:A7:0C:98:0C:E6:FC X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 22:b8:44:df:2a:42:76:58:a7:f4:14:a8:fb:2b:10:ea:45:27: 1f:a1:34:bf:7a:b8:eb:5a:cf:2f:bc:b1:2d:9c:5d:33:14:13: db:1e:10:0d:5b:9a:a4:c9:68:80:59:0a:95:88:15:26:1d:33: cc:31:8b:c0:d2:27:d1:bd:ab:2c:4a:11:f8:ce:82:01:db:7e: 17:3e:2e:6c:79:8c:f2:ce:2d:70:b2:b9:bc:42:a8:d1:17:27: 7a:08:35:8d:d0:60:1c:e2:be:81:c9:81:71:89:fd:27:a8:3b: 62:b3:bb:69:06:7d:18:19:a5:01:18:07:b1:52:64:f5:48:76: 11:37:93:4b:c9:cf:ef:43:31:02:5c:9e:d6:e7:c6:71:a6:9c: be:4f:c0:32:97:2e:10:4b:59:8e:84:6e:7a:2f:71:d7:bd:47: 01:93:e9:85:b4:10:69:c7:a5:e6:d0:d4:e1:27:5b:8b:f7:ef: 96:b6:07:69:2c:7f:6f:de:a9:bf:1a:af:92:0b:67:a3:7c:19: 66:48:32:93:8f:4f:59:24:2e:8d:e6:6e:76:e3:3e:e9:88:d0: 79:d2:52:d5:b2:5c:39:0a:a1:48:3f:5c:c2:51:61:f5:b0:e7: b5:72:99:b3:98:55:2e:c5:64:9b:74:50:7d:29:1e:39:fc:86: 6d:e9:36:64 -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETBswTzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA5MjAwODI0MDFaFw0xMzEwMDEx MjIzMjlaMIGFMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNV BAcTCk5vcnRoYnJvb2sxIzAhBgNVBAoTGkFsbHN0YXRlIEluc3VyYW5jZSBDb21w YW55MQ0wCwYDVQQLEwRFVEFTMRowGAYDVQQDExFzbXRwLmFsbHN0YXRlLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALHZOu3Gj+uTUG9VsI0YV7sV nvSJ6CnKpV8GXUC/F6ZNPok9zIRpu0BXu3k/6p3pD/TwUknVaqxKNmqa995+HbR7 w82S7Rra4ThqHDQ/59e6sWjdzcuwCbXrBv/1T5D7LcgLUqU8kfJuMdedMyNR1kSp C46byGAeYzgcoMmke+sCkuAcOGhEH72WMDEgL8a+GMDAwskk0Au/7kCS0opFV6zo ye2ma15fJ2KerplUB0IZ2GPnta2odYl+cO4XZGDMYzNsco3HxiCAfEWUpjpUyDoc GEkprts7L5RTYVHL9lkN+VhebqVdsrN/cPguZ+9FIW/Bbd1kdjAMoRI2MiOXJ60C AwEAAaOCAU8wggFLMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWMu Y3JsMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50 cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFj LWNoYWluLmNlcjBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIB FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJ DwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUB9GFYjsEuic6CttJimWnDJgM5vwwCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAIrhE3ypCdlin9BSo+ysQ6kUnH6E0 v3q461rPL7yxLZxdMxQT2x4QDVuapMlogFkKlYgVJh0zzDGLwNIn0b2rLEoR+M6C Adt+Fz4ubHmM8s4tcLK5vEKo0Rcnegg1jdBgHOK+gcmBcYn9J6g7YrO7aQZ9GBml ARgHsVJk9Uh2ETeTS8nP70MxAlye1ufGcaacvk/AMpcuEEtZjoRuei9x171HAZPp hbQQacel5tDU4Sdbi/fvlrYHaSx/b96pvxqvkgtno3wZZkgyk49PWSQujeZuduM+ 6YjQedJS1bJcOQqhSD9cwlFh9bDntXKZs5hVLsVkm3RQfSkeOfyGbek2ZA== -----END CERTIFICATE-----

[001.441]
Cert NOT VALIDATED: unable to get local issuer certificate
[001.441]
this may help: What Is An Intermediate Certificate
[001.441]
So email is encrypted but the domain is not verified
[001.441] ssl : scheme=http cert=-1221772720
: identity=smtp.allstate.com cn=smtp.allstate.com alt=

[001.442]
Cert Hostname VERIFIED (smtp.allstate.com = smtp.allstate.com)
[001.442] ~~> EHLO checktls.com
[001.444] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.580] ssl got `250 DSN
' (9:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.581] <~~ 250-ESMTP Server Ready
250-SIZE 15728640
250 DSN
[001.581]
TLS successfully started on this server
[001.582] ~~> MAIL FROM: <test@checktls.com>
[001.583] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `MAIL FROM:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 32:32 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.069] ssl got `250 +OK Sender OK
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay..pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.070] <~~ 250 +OK Sender OK
[002.070]
Sender is OK
[002.071] ~~> RCPT TO: <customerprivacy@allstate.com>
[002.072] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `RCPT TO:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 41:41 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.579] ssl got `250 +OK Recipient OK
' (22:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.579] <~~ 250 +OK Recipient OK
[002.579]
Recipient OK, E-mail address proofed
[002.580] ~~> QUIT
[002.581] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `QUIT
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 6:6 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.822] ssl got `221 Service closing transmission channel closing connection
' (61:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.823] <~~ 221 Service closing transmission channel closing connection
[002.826] ssl : free ctx -1220103072 open=-1220103072
: free ctx -1220103072 callback
: OK free ctx -1220103072

Trying TLS on smtp.allstate.com[167.127.98.30] (20):

seconds
test stage and result
[000.082]
Connected to server
[000.261] <-- 220 SMTP Proxy Server Ready
[000.261]
We are allowed to connect
[000.262] --> EHLO checktls.com
[000.332] <-- 250-ESMTP Server Ready
250-SIZE 15728640
250-DSN
250-STARTTLS
250 TLS
[000.333]
We can use this server
[000.333]
TLS is an option on this server
[000.333] --> STARTTLS
[000.404] <-- 220 Server ready Ready to start TLS
[000.404]
STARTTLS command works on this server
[000.592] ssl : new ctx -1220103072
: start handshake
: ssl handshake not started
: set socket to non-blocking to enforce timeout=30
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: ok=0 cert=-1220474968
: ok=0 cert=-1220474968
: ok=0 cert=-1220474968
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> 1
: ssl handshake done

[000.593]
Cipher in use: AES256-SHA
[000.593]
Connection converted to SSL
[000.628]
Certificate 1 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276850249 (0x4c1b3049) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Sep 20 08:14:51 2011 GMT Not After : Oct 1 13:18:05 2013 GMT Subject: countryName = US stateOrProvinceName = Illinois localityName = Northbrook organizationName = Allstate Insurance Company organizationalUnitName = ETAS commonName = smtp.allstate.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e4:a8:fb:c7:05:74:7e:34:f4:97:14:e3:14:da: 7c:08:e0:33:db:eb:31:3b:92:66:7d:0b:00:27:de: df:8f:58:f9:0c:6e:a4:b5:16:7e:35:01:14:63:3d: 02:fb:ba:a4:29:db:4c:2e:27:bc:70:d0:26:65:d8: 7c:99:83:98:f7:70:a2:09:ac:66:c3:56:db:4c:14: 59:68:c3:0a:5b:0a:b6:e8:b3:9b:9e:fc:2f:36:4e: 48:81:e2:de:09:98:fe:9d:6d:b1:f5:04:13:94:a9: 83:4b:a7:56:80:e5:86:58:00:71:53:ac:dc:54:ba: 1a:94:ba:b8:62:34:42:1e:fe:ae:83:0b:5b:6f:67: a2:2b:c1:eb:42:47:05:63:52:81:49:ba:e3:ea:1b: 41:dd:05:b5:92:e4:a7:d3:98:e4:e4:e4:ba:c3:ab: 8d:87:5d:47:d2:9a:b9:3e:f6:d4:d0:0b:f4:5a:21: 88:60:a5:8d:92:de:73:02:47:22:c2:d6:94:99:01: 28:1e:d0:cd:67:06:73:2d:7c:5f:c3:30:e4:a8:69: 5e:4b:54:ab:fd:57:1e:46:1a:2b:4b:b4:01:e2:c3: b9:55:4e:71:8f:19:89:11:3a:a4:03:54:18:fa:42: 59:b3:f3:e1:dc:50:3c:9f:34:91:7e:53:f6:00:07: 93:91 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/l1c-chain.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 23:2A:C8:90:77:8B:DC:9E:17:86:EF:1A:A1:AC:15:42:5B:05:12:C1 X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 1a:a8:8c:05:c3:07:90:42:59:6b:9d:6e:b4:1a:c4:ce:ea:51: 4a:db:a6:47:c2:e6:65:84:3f:79:70:79:10:6f:13:67:c6:6b: 6a:1a:d1:49:eb:b4:4f:9f:26:5b:dd:09:1b:db:68:de:90:b3: c8:80:f8:30:fa:d7:39:95:9b:2e:b4:0f:96:4e:fc:76:b9:74: 6c:d9:8b:ae:0a:a9:33:bd:f8:7c:f0:4d:c9:45:a0:a6:3e:ca: 72:4a:52:ae:76:07:50:3b:d0:f9:6d:84:4b:1e:fb:a8:19:e8: 3e:f2:2d:e9:be:82:88:ea:4c:03:6b:03:c8:52:47:8f:df:c1: be:da:de:fd:f3:a2:91:2b:bd:22:5c:bf:3e:e3:66:1a:fc:f9: 70:4d:35:bd:cc:1c:b8:d6:4e:93:f2:b5:c2:7a:7e:36:8d:7f: 72:17:56:f0:50:74:06:00:53:87:48:e2:80:77:2e:0b:f7:1d: ce:a3:7f:7b:30:55:83:b9:9c:ef:57:45:9e:af:e9:3d:7a:57: 74:49:29:aa:76:0f:af:bb:5b:11:d1:be:ea:f8:86:3c:13:04: f5:bd:de:3c:4f:35:6b:e1:d7:7a:a0:ce:b0:b2:e4:21:27:7e: 95:0c:2d:66:a5:db:fa:cc:68:37:e6:07:5b:fb:94:c8:cc:c9: 4f:6a:b2:97 -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETBswSTANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA5MjAwODE0NTFaFw0xMzEwMDEx MzE4MDVaMIGFMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNV BAcTCk5vcnRoYnJvb2sxIzAhBgNVBAoTGkFsbHN0YXRlIEluc3VyYW5jZSBDb21w YW55MQ0wCwYDVQQLEwRFVEFTMRowGAYDVQQDExFzbXRwLmFsbHN0YXRlLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSo+8cFdH409JcU4xTafAjg M9vrMTuSZn0LACfe349Y+QxupLUWfjUBFGM9Avu6pCnbTC4nvHDQJmXYfJmDmPdw ogmsZsNW20wUWWjDClsKtuizm578LzZOSIHi3gmY/p1tsfUEE5Spg0unVoDlhlgA cVOs3FS6GpS6uGI0Qh7+roMLW29noivB60JHBWNSgUm64+obQd0FtZLkp9OY5OTk usOrjYddR9KauT721NAL9FohiGCljZLecwJHIsLWlJkBKB7QzWcGcy18X8Mw5Khp XktUq/1XHkYaK0u0AeLDuVVOcY8ZiRE6pANUGPpCWbPz4dxQPJ80kX5T9gAHk5EC AwEAAaOCAU8wggFLMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWMu Y3JsMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50 cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFj LWNoYWluLmNlcjBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIB FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJ DwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUIyrIkHeL3J4Xhu8aoawVQlsFEsEwCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAGqiMBcMHkEJZa51utBrEzupRStum R8LmZYQ/eXB5EG8TZ8ZrahrRSeu0T58mW90JG9to3pCzyID4MPrXOZWbLrQPlk78 drl0bNmLrgqpM734fPBNyUWgpj7KckpSrnYHUDvQ+W2ESx77qBnoPvIt6b6CiOpM A2sDyFJHj9/Bvtre/fOikSu9Ily/PuNmGvz5cE01vcwcuNZOk/K1wnp+No1/chdW 8FB0BgBTh0jigHcuC/cdzqN/ezBVg7mc71dFnq/pPXpXdEkpqnYPr7tbEdG+6viG PBME9b3ePE81a+HXeqDOsLLkISd+lQwtZqXb+sxoN+YHW/uUyMzJT2qylw== -----END CERTIFICATE-----

[000.665]
Certificate 2 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276850249 (0x4c1b3049) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Sep 20 08:14:51 2011 GMT Not After : Oct 1 13:18:05 2013 GMT Subject: countryName = US stateOrProvinceName = Illinois localityName = Northbrook organizationName = Allstate Insurance Company organizationalUnitName = ETAS commonName = smtp.allstate.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e4:a8:fb:c7:05:74:7e:34:f4:97:14:e3:14:da: 7c:08:e0:33:db:eb:31:3b:92:66:7d:0b:00:27:de: df:8f:58:f9:0c:6e:a4:b5:16:7e:35:01:14:63:3d: 02:fb:ba:a4:29:db:4c:2e:27:bc:70:d0:26:65:d8: 7c:99:83:98:f7:70:a2:09:ac:66:c3:56:db:4c:14: 59:68:c3:0a:5b:0a:b6:e8:b3:9b:9e:fc:2f:36:4e: 48:81:e2:de:09:98:fe:9d:6d:b1:f5:04:13:94:a9: 83:4b:a7:56:80:e5:86:58:00:71:53:ac:dc:54:ba: 1a:94:ba:b8:62:34:42:1e:fe:ae:83:0b:5b:6f:67: a2:2b:c1:eb:42:47:05:63:52:81:49:ba:e3:ea:1b: 41:dd:05:b5:92:e4:a7:d3:98:e4:e4:e4:ba:c3:ab: 8d:87:5d:47:d2:9a:b9:3e:f6:d4:d0:0b:f4:5a:21: 88:60:a5:8d:92:de:73:02:47:22:c2:d6:94:99:01: 28:1e:d0:cd:67:06:73:2d:7c:5f:c3:30:e4:a8:69: 5e:4b:54:ab:fd:57:1e:46:1a:2b:4b:b4:01:e2:c3: b9:55:4e:71:8f:19:89:11:3a:a4:03:54:18:fa:42: 59:b3:f3:e1:dc:50:3c:9f:34:91:7e:53:f6:00:07: 93:91 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/l1c-chain.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 23:2A:C8:90:77:8B:DC:9E:17:86:EF:1A:A1:AC:15:42:5B:05:12:C1 X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 1a:a8:8c:05:c3:07:90:42:59:6b:9d:6e:b4:1a:c4:ce:ea:51: 4a:db:a6:47:c2:e6:65:84:3f:79:70:79:10:6f:13:67:c6:6b: 6a:1a:d1:49:eb:b4:4f:9f:26:5b:dd:09:1b:db:68:de:90:b3: c8:80:f8:30:fa:d7:39:95:9b:2e:b4:0f:96:4e:fc:76:b9:74: 6c:d9:8b:ae:0a:a9:33:bd:f8:7c:f0:4d:c9:45:a0:a6:3e:ca: 72:4a:52:ae:76:07:50:3b:d0:f9:6d:84:4b:1e:fb:a8:19:e8: 3e:f2:2d:e9:be:82:88:ea:4c:03:6b:03:c8:52:47:8f:df:c1: be:da:de:fd:f3:a2:91:2b:bd:22:5c:bf:3e:e3:66:1a:fc:f9: 70:4d:35:bd:cc:1c:b8:d6:4e:93:f2:b5:c2:7a:7e:36:8d:7f: 72:17:56:f0:50:74:06:00:53:87:48:e2:80:77:2e:0b:f7:1d: ce:a3:7f:7b:30:55:83:b9:9c:ef:57:45:9e:af:e9:3d:7a:57: 74:49:29:aa:76:0f:af:bb:5b:11:d1:be:ea:f8:86:3c:13:04: f5:bd:de:3c:4f:35:6b:e1:d7:7a:a0:ce:b0:b2:e4:21:27:7e: 95:0c:2d:66:a5:db:fa:cc:68:37:e6:07:5b:fb:94:c8:cc:c9: 4f:6a:b2:97 -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETBswSTANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA5MjAwODE0NTFaFw0xMzEwMDEx MzE4MDVaMIGFMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNV BAcTCk5vcnRoYnJvb2sxIzAhBgNVBAoTGkFsbHN0YXRlIEluc3VyYW5jZSBDb21w YW55MQ0wCwYDVQQLEwRFVEFTMRowGAYDVQQDExFzbXRwLmFsbHN0YXRlLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSo+8cFdH409JcU4xTafAjg M9vrMTuSZn0LACfe349Y+QxupLUWfjUBFGM9Avu6pCnbTC4nvHDQJmXYfJmDmPdw ogmsZsNW20wUWWjDClsKtuizm578LzZOSIHi3gmY/p1tsfUEE5Spg0unVoDlhlgA cVOs3FS6GpS6uGI0Qh7+roMLW29noivB60JHBWNSgUm64+obQd0FtZLkp9OY5OTk usOrjYddR9KauT721NAL9FohiGCljZLecwJHIsLWlJkBKB7QzWcGcy18X8Mw5Khp XktUq/1XHkYaK0u0AeLDuVVOcY8ZiRE6pANUGPpCWbPz4dxQPJ80kX5T9gAHk5EC AwEAAaOCAU8wggFLMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWMu Y3JsMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50 cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFj LWNoYWluLmNlcjBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIB FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJ DwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUIyrIkHeL3J4Xhu8aoawVQlsFEsEwCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAGqiMBcMHkEJZa51utBrEzupRStum R8LmZYQ/eXB5EG8TZ8ZrahrRSeu0T58mW90JG9to3pCzyID4MPrXOZWbLrQPlk78 drl0bNmLrgqpM734fPBNyUWgpj7KckpSrnYHUDvQ+W2ESx77qBnoPvIt6b6CiOpM A2sDyFJHj9/Bvtre/fOikSu9Ily/PuNmGvz5cE01vcwcuNZOk/K1wnp+No1/chdW 8FB0BgBTh0jigHcuC/cdzqN/ezBVg7mc71dFnq/pPXpXdEkpqnYPr7tbEdG+6viG PBME9b3ePE81a+HXeqDOsLLkISd+lQwtZqXb+sxoN+YHW/uUyMzJT2qylw== -----END CERTIFICATE-----

[000.700]
Certificate 3 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276850249 (0x4c1b3049) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Sep 20 08:14:51 2011 GMT Not After : Oct 1 13:18:05 2013 GMT Subject: countryName = US stateOrProvinceName = Illinois localityName = Northbrook organizationName = Allstate Insurance Company organizationalUnitName = ETAS commonName = smtp.allstate.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e4:a8:fb:c7:05:74:7e:34:f4:97:14:e3:14:da: 7c:08:e0:33:db:eb:31:3b:92:66:7d:0b:00:27:de: df:8f:58:f9:0c:6e:a4:b5:16:7e:35:01:14:63:3d: 02:fb:ba:a4:29:db:4c:2e:27:bc:70:d0:26:65:d8: 7c:99:83:98:f7:70:a2:09:ac:66:c3:56:db:4c:14: 59:68:c3:0a:5b:0a:b6:e8:b3:9b:9e:fc:2f:36:4e: 48:81:e2:de:09:98:fe:9d:6d:b1:f5:04:13:94:a9: 83:4b:a7:56:80:e5:86:58:00:71:53:ac:dc:54:ba: 1a:94:ba:b8:62:34:42:1e:fe:ae:83:0b:5b:6f:67: a2:2b:c1:eb:42:47:05:63:52:81:49:ba:e3:ea:1b: 41:dd:05:b5:92:e4:a7:d3:98:e4:e4:e4:ba:c3:ab: 8d:87:5d:47:d2:9a:b9:3e:f6:d4:d0:0b:f4:5a:21: 88:60:a5:8d:92:de:73:02:47:22:c2:d6:94:99:01: 28:1e:d0:cd:67:06:73:2d:7c:5f:c3:30:e4:a8:69: 5e:4b:54:ab:fd:57:1e:46:1a:2b:4b:b4:01:e2:c3: b9:55:4e:71:8f:19:89:11:3a:a4:03:54:18:fa:42: 59:b3:f3:e1:dc:50:3c:9f:34:91:7e:53:f6:00:07: 93:91 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net CA Issuers - URI:http://aia.entrust.net/l1c-chain.cer X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: 23:2A:C8:90:77:8B:DC:9E:17:86:EF:1A:A1:AC:15:42:5B:05:12:C1 X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 1a:a8:8c:05:c3:07:90:42:59:6b:9d:6e:b4:1a:c4:ce:ea:51: 4a:db:a6:47:c2:e6:65:84:3f:79:70:79:10:6f:13:67:c6:6b: 6a:1a:d1:49:eb:b4:4f:9f:26:5b:dd:09:1b:db:68:de:90:b3: c8:80:f8:30:fa:d7:39:95:9b:2e:b4:0f:96:4e:fc:76:b9:74: 6c:d9:8b:ae:0a:a9:33:bd:f8:7c:f0:4d:c9:45:a0:a6:3e:ca: 72:4a:52:ae:76:07:50:3b:d0:f9:6d:84:4b:1e:fb:a8:19:e8: 3e:f2:2d:e9:be:82:88:ea:4c:03:6b:03:c8:52:47:8f:df:c1: be:da:de:fd:f3:a2:91:2b:bd:22:5c:bf:3e:e3:66:1a:fc:f9: 70:4d:35:bd:cc:1c:b8:d6:4e:93:f2:b5:c2:7a:7e:36:8d:7f: 72:17:56:f0:50:74:06:00:53:87:48:e2:80:77:2e:0b:f7:1d: ce:a3:7f:7b:30:55:83:b9:9c:ef:57:45:9e:af:e9:3d:7a:57: 74:49:29:aa:76:0f:af:bb:5b:11:d1:be:ea:f8:86:3c:13:04: f5:bd:de:3c:4f:35:6b:e1:d7:7a:a0:ce:b0:b2:e4:21:27:7e: 95:0c:2d:66:a5:db:fa:cc:68:37:e6:07:5b:fb:94:c8:cc:c9: 4f:6a:b2:97 -----BEGIN CERTIFICATE----- MIIFBzCCA++gAwIBAgIETBswSTANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA5MjAwODE0NTFaFw0xMzEwMDEx MzE4MDVaMIGFMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNV BAcTCk5vcnRoYnJvb2sxIzAhBgNVBAoTGkFsbHN0YXRlIEluc3VyYW5jZSBDb21w YW55MQ0wCwYDVQQLEwRFVEFTMRowGAYDVQQDExFzbXRwLmFsbHN0YXRlLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSo+8cFdH409JcU4xTafAjg M9vrMTuSZn0LACfe349Y+QxupLUWfjUBFGM9Avu6pCnbTC4nvHDQJmXYfJmDmPdw ogmsZsNW20wUWWjDClsKtuizm578LzZOSIHi3gmY/p1tsfUEE5Spg0unVoDlhlgA cVOs3FS6GpS6uGI0Qh7+roMLW29noivB60JHBWNSgUm64+obQd0FtZLkp9OY5OTk usOrjYddR9KauT721NAL9FohiGCljZLecwJHIsLWlJkBKB7QzWcGcy18X8Mw5Khp XktUq/1XHkYaK0u0AeLDuVVOcY8ZiRE6pANUGPpCWbPz4dxQPJ80kX5T9gAHk5EC AwEAAaOCAU8wggFLMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWMu Y3JsMGUGCCsGAQUFBwEBBFkwVzAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50 cnVzdC5uZXQwMAYIKwYBBQUHMAKGJGh0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFj LWNoYWluLmNlcjBABgNVHSAEOTA3MDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIB FhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBQe8auJBvhJ DwEzd+4Ueu4ZfJMoTTAdBgNVHQ4EFgQUIyrIkHeL3J4Xhu8aoawVQlsFEsEwCQYD VR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAGqiMBcMHkEJZa51utBrEzupRStum R8LmZYQ/eXB5EG8TZ8ZrahrRSeu0T58mW90JG9to3pCzyID4MPrXOZWbLrQPlk78 drl0bNmLrgqpM734fPBNyUWgpj7KckpSrnYHUDvQ+W2ESx77qBnoPvIt6b6CiOpM A2sDyFJHj9/Bvtre/fOikSu9Ily/PuNmGvz5cE01vcwcuNZOk/K1wnp+No1/chdW 8FB0BgBTh0jigHcuC/cdzqN/ezBVg7mc71dFnq/pPXpXdEkpqnYPr7tbEdG+6viG PBME9b3ePE81a+HXeqDOsLLkISd+lQwtZqXb+sxoN+YHW/uUyMzJT2qylw== -----END CERTIFICATE-----

[000.701]
Cert NOT VALIDATED: unable to get local issuer certificate
[000.701]
this may help: What Is An Intermediate Certificate
[000.702]
So email is encrypted but the domain is not verified
[000.702] ssl : scheme=http cert=-1220474968
: identity=smtp.allstate.com cn=smtp.allstate.com alt=

[000.702]
Cert Hostname VERIFIED (smtp.allstate.com = smtp.allstate.com)
[000.702] ~~> EHLO checktls.com
[000.704] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[000.777] ssl got `250 DSN
' (9:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[000.778] <~~ 250-ESMTP Server Ready
250-SIZE 15728640
250 DSN
[000.778]
TLS successfully started on this server
[000.778] ~~> MAIL FROM: <test@checktls.com>
[000.779] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `MAIL FROM:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 32:32 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[000.886] ssl got `250 +OK Sender OK
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay..pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[000.886] <~~ 250 +OK Sender OK
[000.887]
Sender is OK
[000.887] ~~> RCPT TO: <customerprivacy@allstate.com>
[000.888] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `RCPT TO:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 41:41 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.128] ssl got `250 +OK Recipient OK
' (22:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.129] <~~ 250 +OK Recipient OK
[001.129]
Recipient OK, E-mail address proofed
[001.129] ~~> QUIT
[001.131] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `QUIT
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 6:6 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.349] ssl got `221 Service closing transmission channel closing connection
' (61:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.349] <~~ 221 Service closing transmission channel closing connection
[001.353] ssl : free ctx -1220103072 open=-1220103072
: free ctx -1220103072 callback
: OK free ctx -1220103072

Scroll to top to see the important stuff.

Copyright © 2010-2011 CheckTLS.com All Rights Reserved. Feel free to link to our site! We welcome any feedback: Info@CheckTLS.com
"CheckTLS", "ForceTLS", "MonitorTLS", and "Confidence Factor" are Service Marks (SM) of CheckTLS.com.

===================================================

TLS SECURITY REPORT FOR allstatesurvey@researchhq.com

TestReceiver

CheckTLS Confidence Factor for "allstatesurvey@researchhq.com": 100

MX Server Pref Con-
nect All-
owed Can
Use TLS
Adv Cert
OK TLS
Neg Sndr
OK Rcvr
OK
maritzmail02.maritz.com
[156.45.254.32] 10 OK
(77ms) OK
(766ms) OK
(70ms) OK
(913ms) OK
(443ms) OK
(70ms) OK
(68ms) OK
(68ms)
maritzmail01.maritz.com
[156.45.254.31] 10 OK
(78ms) OK
(587ms) OK
(68ms) OK
(67ms) OK
(414ms) OK
(70ms) OK
(69ms) OK
(69ms)
Average
100% 100% 100% 100% 100% 100% 100% 100%

(double click in detail below to select all for copy and paste)

Checking allstatesurvey@researchhq.com

looking up MX hosts on domain "researchhq.com"
maritzmail02.maritz.com (preference:10)
maritzmail01.maritz.com (preference:10)

Trying TLS on maritzmail02.maritz.com[156.45.254.32] (10):

seconds
test stage and result
[000.077]
Connected to server
[000.842] <-- 220 maritzmail02.maritz.com ESMTP
[000.842]
We are allowed to connect
[000.843] --> EHLO checktls.com
[000.912] <-- 250-maritzmail02.maritz.com
250-8BITMIME
250-SIZE 52428800
250 STARTTLS
[000.913]
We can use this server
[000.913]
TLS is an option on this server
[000.913] --> STARTTLS
[001.825] <-- 220 Go ahead with TLS
[001.825]
STARTTLS command works on this server
[002.091] ssl : new ctx -1219032424
: start handshake
: ssl handshake not started
: set socket to non-blocking to enforce timeout=30
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: ok=1 cert=-1220655392
: ok=1 cert=-1220551560
: ok=1 cert=-1220556728
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> 1
: ssl handshake done

[002.092]
Cipher in use: DHE-RSA-AES256-SHA
[002.092]
Connection converted to SSL
[002.128]
Certificate 1 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276671973 (0x4c1877e5) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Jul 27 19:53:36 2010 GMT Not After : Jul 27 20:23:36 2013 GMT Subject: countryName = US stateOrProvinceName = Missouri localityName = Fenton organizationName = Maritz LLC organizationalUnitName = Internet Operations commonName = webmail.maritz.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a5:a8:5f:f4:88:d3:fe:aa:86:1a:82:80:13:50: 78:82:dd:21:0c:5f:c4:7f:e1:67:e3:ac:e4:ab:24: e6:73:38:6a:02:76:bd:ae:22:bc:f6:e1:49:88:8d: 52:33:ee:ba:b1:85:6d:09:b9:cc:ce:09:7f:23:38: 42:4c:97:da:55:54:f5:ad:9a:af:b8:a3:67:91:82: 73:b9:33:40:09:eb:7e:8c:6d:01:4c:4b:07:ca:b8: e6:7f:06:5f:51:75:cc:8e:23:4c:08:86:73:fd:00: ac:01:4b:03:62:6d:0e:fd:8d:b2:45:31:44:78:fc: e1:7f:2d:62:5b:c3:46:a8:55:67:b2:26:c4:68:dc: d7:30:8c:47:c9:cd:21:82:60:8f:e4:8e:50:a1:5b: 6b:82:e0:f8:dc:6f:a6:ea:c0:94:40:ee:b0:23:df: a0:d5:3e:8f:37:5b:7e:50:71:94:60:ac:3a:91:ea: f0:ca:ee:2c:70:27:cf:1b:a2:77:95:58:8e:ce:6e: c5:56:b2:e7:8a:8d:32:e7:de:42:fc:e5:8c:8b:df: d1:4e:b2:78:a7:0e:4c:a7:0c:2c:d6:87:ee:fb:91: 40:34:f0:00:64:4d:68:68:26:bd:b6:0d:24:60:cd: 62:db:98:12:4b:0d:06:92:ad:e1:31:bc:53:44:61: ac:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Subject Alternative Name: DNS:webmail.maritz.com, DNS:autodiscover.maritz.com, DNS:outlook.maritz.com, DNS:maritzmail01.maritz.com, DNS:maritzmail02.maritz.com, DNS:clavin.maritz.com X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: C2:62:57:1A:C6:45:8C:B7:06:21:B4:7C:0A:9E:0F:F9:22:C4:F3:DC X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 25:bc:bc:9b:c8:1c:67:34:d3:68:bb:33:8d:4a:8e:1a:73:e2: 2e:e3:67:48:56:72:53:16:7f:f2:0c:22:00:b6:ff:3c:d9:58: 7f:1b:03:95:c1:de:3b:97:e2:b7:37:bf:bf:9b:62:a9:4c:09: d3:31:88:c2:b9:4d:20:49:4e:50:27:d6:09:f4:5e:21:9b:8b: 56:38:d6:5b:a7:43:6e:fb:e3:95:b6:69:7c:74:66:b7:e2:cf: a5:db:26:57:96:5e:77:22:88:4f:de:c6:df:19:c1:0d:6f:e7: 76:40:76:db:77:3b:d4:9d:0a:81:a3:56:86:29:d8:7b:07:8c: 98:df:67:02:74:91:5f:60:16:ff:95:e9:5d:7e:02:41:28:68: 0c:6c:a1:8f:08:1b:43:38:e7:9b:de:19:c6:ab:d4:fc:c7:16: 7a:4a:c0:ed:a4:cf:d7:b3:23:13:38:45:c3:09:d8:60:cd:8c: ec:c1:37:27:90:b8:86:9d:a5:51:27:5b:f1:f9:53:c7:98:27: 77:f9:3a:cc:57:ed:d8:ef:03:4e:61:56:c7:ed:8d:86:28:ea: 49:f3:e5:42:95:43:3f:e9:78:4f:fe:48:ce:76:79:b8:32:10: 04:4b:ae:28:14:ef:9d:b7:18:4b:2a:55:e9:c3:02:73:fb:7e: ec:ab:b2:bc -----BEGIN CERTIFICATE----- MIIFbzCCBFegAwIBAgIETBh35TANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMDA3MjcxOTUzMzZaFw0xMzA3Mjcy MDIzMzZaMIGBMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWlzc291cmkxDzANBgNV BAcTBkZlbnRvbjETMBEGA1UEChMKTWFyaXR6IExMQzEcMBoGA1UECxMTSW50ZXJu ZXQgT3BlcmF0aW9uczEbMBkGA1UEAxMSd2VibWFpbC5tYXJpdHouY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApahf9IjT/qqGGoKAE1B4gt0hDF/E f+Fn46zkqyTmczhqAna9riK89uFJiI1SM+66sYVtCbnMzgl/IzhCTJfaVVT1rZqv uKNnkYJzuTNACet+jG0BTEsHyrjmfwZfUXXMjiNMCIZz/QCsAUsDYm0O/Y2yRTFE ePzhfy1iW8NGqFVnsibEaNzXMIxHyc0hgmCP5I5QoVtrguD43G+m6sCUQO6wI9+g 1T6PN1t+UHGUYKw6kerwyu4scCfPG6J3lViOzm7FVrLnio0y595C/OWMi9/RTrJ4 pw5Mpwws1ofu+5FANPAAZE1oaCa9tg0kYM1i25gSSw0Gkq3hMbxTRGGsTwIDAQAB o4IBuzCCAbcwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xl dmVsMWMuY3JsMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j c3AuZW50cnVzdC5uZXQwQAYDVR0gBDkwNzA1BgkqhkiG9n0HSwIwKDAmBggrBgEF BQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwgZEGA1UdEQSBiTCBhoIS d2VibWFpbC5tYXJpdHouY29tghdhdXRvZGlzY292ZXIubWFyaXR6LmNvbYISb3V0 bG9vay5tYXJpdHouY29tghdtYXJpdHptYWlsMDEubWFyaXR6LmNvbYIXbWFyaXR6 bWFpbDAyLm1hcml0ei5jb22CEWNsYXZpbi5tYXJpdHouY29tMB8GA1UdIwQYMBaA FB7xq4kG+EkPATN37hR67hl8kyhNMB0GA1UdDgQWBBTCYlcaxkWMtwYhtHwKng/5 IsTz3DAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAlvLybyBxnNNNouzON So4ac+Iu42dIVnJTFn/yDCIAtv882Vh/GwOVwd47l+K3N7+/m2KpTAnTMYjCuU0g SU5QJ9YJ9F4hm4tWONZbp0Nu++OVtml8dGa34s+l2yZXll53IohP3sbfGcENb+d2 QHbbdzvUnQqBo1aGKdh7B4yY32cCdJFfYBb/leldfgJBKGgMbKGPCBtDOOeb3hnG q9T8xxZ6SsDtpM/XsyMTOEXDCdhgzYzswTcnkLiGnaVRJ1vx+VPHmCd3+TrMV+3Y 7wNOYVbH7Y2GKOpJ8+VClUM/6XhP/kjOdnm4MhAES64oFO+dtxhLKlXpwwJz+37s q7K8 -----END CERTIFICATE-----

[002.165]
Certificate 2 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 946072060 (0x3863e9fc) Signature Algorithm: sha1WithRSAEncryption Issuer: organizationName = Entrust.net organizationalUnitName = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) organizationalUnitName = (c) 1999 Entrust.net Limited commonName = Entrust.net Certification Authority (2048) Validity Not Before: Dec 10 20:43:54 2009 GMT Not After : Dec 10 21:13:54 2019 GMT Subject: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:97:a3:2d:3c:9e:de:05:da:13:c2:11:8d:9d:8e: e3:7f:c7:4b:7e:5a:9f:b3:ff:62:ab:73:c8:28:6b: ba:10:64:82:87:13:cd:57:18:ff:28:ce:c0:e6:0e: 06:91:50:29:83:d1:f2:c3:2a:db:d8:db:4e:04:cc: 00:eb:8b:b6:96:dc:bc:aa:fa:52:77:04:c1:db:19: e4:ae:9c:fd:3c:8b:03:ef:4d:bc:1a:03:65:f9:c1: b1:3f:72:86:f2:38:aa:19:ae:10:88:78:28:da:75: c3:3d:02:82:02:9c:b9:c1:65:77:76:24:4c:98:f7: 6d:31:38:fb:db:fe:db:37:02:76:a1:18:97:a6:cc: de:20:09:49:36:24:69:42:f6:e4:37:62:f1:59:6d: a9:3c:ed:34:9c:a3:8e:db:dc:3a:d7:f7:0a:6f:ef: 2e:d8:d5:93:5a:7a:ed:08:49:68:e2:41:e3:5a:90: c1:86:55:fc:51:43:9d:e0:b2:c4:67:b4:cb:32:31: 25:f0:54:9f:4b:d1:6f:db:d4:dd:fc:af:5e:6c:78: 90:95:de:ca:3a:48:b9:79:3c:9b:19:d6:75:05:a0: f9:88:d7:c1:e8:a5:09:e4:1a:15:dc:87:23:aa:b2: 75:8c:63:25:87:d8:f8:3d:a6:c2:cc:66:ff:a5:66: 68:55 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/2048ca.crl X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.entrust.net/rpa X509v3 Subject Key Identifier: 1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Authority Key Identifier: keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 Signature Algorithm: sha1WithRSAEncryption 07:f6:5f:82:84:7f:80:40:c7:90:34:46:42:24:03:ce:2f:ab: ba:83:9e:25:73:0d:ed:ac:05:69:c6:87:ed:a3:5c:f2:57:c1: b1:49:76:9a:4d:f2:3f:dd:e4:0e:fe:0b:3e:b9:98:d9:32:95: 1d:32:f4:01:ee:9c:c8:c8:e5:3f:e0:53:76:62:fc:dd:ab:6d: 3d:94:90:f2:c0:b3:3c:98:27:36:5e:28:97:22:fc:1b:40:d3: 2b:0d:ad:b5:57:6d:df:0f:e3:4b:ef:73:02:10:65:fa:1b:d0: ac:31:d5:e3:0f:e8:ba:32:30:83:ee:4a:d0:bf:df:22:90:7a: be:ec:3a:1b:c4:49:04:1d:f1:ae:80:77:3c:42:08:db:a7:3b: 28:a6:80:01:03:e6:39:a3:eb:df:80:59:1b:f3:2c:be:dc:72: 44:79:a0:6c:07:a5:6d:4d:44:8e:42:68:ca:94:7c:2e:36:ba: 85:9e:cd:aa:c4:5e:3c:54:be:fe:2f:ea:69:9d:1c:1e:29:9b: 96:d8:c8:fe:51:90:f1:24:a6:90:06:b3:f0:29:a2:ff:78:2e: 77:5c:45:21:d9:44:00:31:f3:be:32:4f:f5:0a:32:0d:fc:fc: ba:16:76:56:b2:d6:48:92:f2:8b:a6:3e:b7:ac:5c:69:ea:0b: 3f:66:45:b9 -----BEGIN CERTIFICATE----- MIIE8jCCA9qgAwIBAgIEOGPp/DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0wOTEyMTAyMDQzNTRaFw0xOTEy MTAyMTEzNTRaMIGxMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j LjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0ZWQg YnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMuMS4w LAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFDMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6MtPJ7eBdoTwhGNnY7jf8dL flqfs/9iq3PIKGu6EGSChxPNVxj/KM7A5g4GkVApg9Hywyrb2NtOBMwA64u2lty8 qvpSdwTB2xnkrpz9PIsD7028GgNl+cGxP3KG8jiqGa4QiHgo2nXDPQKCApy5wWV3 diRMmPdtMTj72/7bNwJ2oRiXpszeIAlJNiRpQvbkN2LxWW2pPO00nKOO29w61/cK b+8u2NWTWnrtCElo4kHjWpDBhlX8UUOd4LLEZ7TLMjEl8FSfS9Fv29Td/K9ebHiQ ld7KOki5eTybGdZ1BaD5iNfB6KUJ5BoV3IcjqrJ1jGMlh9j4PabCzGb/pWZoVQID AQABo4IBCzCCAQcwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wMwYI KwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l dDAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmVudHJ1c3QubmV0LzIwNDhj YS5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93 d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBQe8auJBvhJDwEzd+4Ueu4ZfJMo TTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDANBgkqhkiG9w0BAQUF AAOCAQEAB/ZfgoR/gEDHkDRGQiQDzi+ruoOeJXMN7awFacaH7aNc8lfBsUl2mk3y P93kDv4LPrmY2TKVHTL0Ae6cyMjlP+BTdmL83attPZSQ8sCzPJgnNl4olyL8G0DT Kw2ttVdt3w/jS+9zAhBl+hvQrDHV4w/oujIwg+5K0L/fIpB6vuw6G8RJBB3xroB3 PEII26c7KKaAAQPmOaPr34BZG/MsvtxyRHmgbAelbU1EjkJoypR8Lja6hZ7NqsRe PFS+/i/qaZ0cHimbltjI/lGQ8SSmkAaz8Cmi/3gud1xFIdlEADHzvjJP9QoyDfz8 uhZ2VrLWSJLyi6Y+t6xcaeoLP2ZFuQ== -----END CERTIFICATE-----

[002.266]
Certificate 3 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 946059622 (0x3863b966) Signature Algorithm: sha1WithRSAEncryption Issuer: organizationName = Entrust.net organizationalUnitName = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) organizationalUnitName = (c) 1999 Entrust.net Limited commonName = Entrust.net Certification Authority (2048) Validity Not Before: Dec 24 17:50:51 1999 GMT Not After : Dec 24 18:20:51 2019 GMT Subject: organizationName = Entrust.net organizationalUnitName = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) organizationalUnitName = (c) 1999 Entrust.net Limited commonName = Entrust.net Certification Authority (2048) Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64: 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7: 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76: 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf: e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1: 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29: b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64: ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c: e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89: a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90: 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2: cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a: fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55: 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86: 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26: 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e: 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0: 07:e1 Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Authority Key Identifier: keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 X509v3 Subject Key Identifier: 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 1.2.840.113533.7.65.0: 0...V5.0:4.0.... Signature Algorithm: sha1WithRSAEncryption 59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c: 4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61: 7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73: ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5: da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4: 03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4: 15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68: c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c: 7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33: db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18: b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2: de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c: e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e: c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1: d2:69:7c:c5 -----BEGIN CERTIFICATE----- MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH 4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy vUxFnmG6v4SBkgPR0ml8xQ== -----END CERTIFICATE-----

[002.267]
Cert VALIDATED: ok
[002.267] ssl : scheme=http cert=-1220556728
: identity=maritzmail02.maritz.com cn=webmail.maritz.com alt=2 webmail.maritz.com 2 autodiscover.maritz.com 2 outlook.maritz.com 2 maritzmail01.maritz.com 2 maritzmail02.maritz.com 2 clavin.maritz.com

[002.268]
Cert Hostname VERIFIED (maritzmail02.maritz.com = webmail.maritz..com)
[002.268] ~~> EHLO checktls.com
[002.270] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.337] ssl got `250 SIZE 52428800
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.337] <~~ 250-maritzmail02.maritz.com
250-8BITMIME
250 SIZE 52428800
[002.338]
TLS successfully started on this server
[002.338] ~~> MAIL FROM: <test@checktls.com>
[002.339] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `MAIL FROM:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 32:32 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.405] ssl got `250 sender ok
' (35:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.406] <~~ 250 sender <test@checktls.com> ok
[002.406]
Sender is OK
[002.406] ~~> RCPT TO: <allstatesurvey@researchhq.com>
[002.407] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `RCPT TO:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 42:42 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.474] ssl got `250 recipient ok
' (50:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.474] <~~ 250 recipient <allstatesurvey@researchhq.com> ok
[002.475]
Recipient OK, E-mail address proofed
[002.475] ~~> QUIT
[002.476] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `QUIT
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 6:6 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[002.543] ssl got `221 maritzmail02.maritz.com
' (29:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[002.543] <~~ 221 maritzmail02.maritz.com
[002.547] ssl : free ctx -1219032424 open=-1219032424
: free ctx -1219032424 callback
: OK free ctx -1219032424

Trying TLS on maritzmail01.maritz.com[156.45.254.31] (10):

seconds
test stage and result
[000.079]
Connected to server
[000.665] <-- 220 MaritzMail01.maritz.com ESMTP
[000.665]
We are allowed to connect
[000.666] --> EHLO checktls.com
[000.733] <-- 250-MaritzMail01.maritz.com
250-8BITMIME
250-SIZE 52428800
250 STARTTLS
[000.734]
We can use this server
[000.734]
TLS is an option on this server
[000.734] --> STARTTLS
[000.801] <-- 220 Go ahead with TLS
[000.801]
STARTTLS command works on this server
[001.106] ssl : new ctx -1219032424
: start handshake
: ssl handshake not started
: set socket to non-blocking to enforce timeout=30
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: ok=1 cert=-1219030464
: ok=1 cert=-1218972864
: ok=1 cert=-1219100656
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> -1
: ssl handshake in progress
: waiting for fd to become ready: SSL wants a read first
: socket ready, retrying connect
: Net::SSLeay::connect -> 1
: ssl handshake done

[001.108]
Cipher in use: DHE-RSA-AES256-SHA
[001.108]
Connection converted to SSL
[001.144]
Certificate 1 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 1276671973 (0x4c1877e5) Signature Algorithm: sha1WithRSAEncryption Issuer: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Validity Not Before: Jul 27 19:53:36 2010 GMT Not After : Jul 27 20:23:36 2013 GMT Subject: countryName = US stateOrProvinceName = Missouri localityName = Fenton organizationName = Maritz LLC organizationalUnitName = Internet Operations commonName = webmail.maritz.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a5:a8:5f:f4:88:d3:fe:aa:86:1a:82:80:13:50: 78:82:dd:21:0c:5f:c4:7f:e1:67:e3:ac:e4:ab:24: e6:73:38:6a:02:76:bd:ae:22:bc:f6:e1:49:88:8d: 52:33:ee:ba:b1:85:6d:09:b9:cc:ce:09:7f:23:38: 42:4c:97:da:55:54:f5:ad:9a:af:b8:a3:67:91:82: 73:b9:33:40:09:eb:7e:8c:6d:01:4c:4b:07:ca:b8: e6:7f:06:5f:51:75:cc:8e:23:4c:08:86:73:fd:00: ac:01:4b:03:62:6d:0e:fd:8d:b2:45:31:44:78:fc: e1:7f:2d:62:5b:c3:46:a8:55:67:b2:26:c4:68:dc: d7:30:8c:47:c9:cd:21:82:60:8f:e4:8e:50:a1:5b: 6b:82:e0:f8:dc:6f:a6:ea:c0:94:40:ee:b0:23:df: a0:d5:3e:8f:37:5b:7e:50:71:94:60:ac:3a:91:ea: f0:ca:ee:2c:70:27:cf:1b:a2:77:95:58:8e:ce:6e: c5:56:b2:e7:8a:8d:32:e7:de:42:fc:e5:8c:8b:df: d1:4e:b2:78:a7:0e:4c:a7:0c:2c:d6:87:ee:fb:91: 40:34:f0:00:64:4d:68:68:26:bd:b6:0d:24:60:cd: 62:db:98:12:4b:0d:06:92:ad:e1:31:bc:53:44:61: ac:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/level1c.crl Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 Certificate Policies: Policy: 1.2.840.113533.7.75.2 CPS: http://www.entrust.net/rpa X509v3 Subject Alternative Name: DNS:webmail.maritz.com, DNS:autodiscover.maritz.com, DNS:outlook.maritz.com, DNS:maritzmail01.maritz.com, DNS:maritzmail02.maritz.com, DNS:clavin.maritz.com X509v3 Authority Key Identifier: keyid:1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Subject Key Identifier: C2:62:57:1A:C6:45:8C:B7:06:21:B4:7C:0A:9E:0F:F9:22:C4:F3:DC X509v3 Basic Constraints: CA:FALSE Signature Algorithm: sha1WithRSAEncryption 25:bc:bc:9b:c8:1c:67:34:d3:68:bb:33:8d:4a:8e:1a:73:e2: 2e:e3:67:48:56:72:53:16:7f:f2:0c:22:00:b6:ff:3c:d9:58: 7f:1b:03:95:c1:de:3b:97:e2:b7:37:bf:bf:9b:62:a9:4c:09: d3:31:88:c2:b9:4d:20:49:4e:50:27:d6:09:f4:5e:21:9b:8b: 56:38:d6:5b:a7:43:6e:fb:e3:95:b6:69:7c:74:66:b7:e2:cf: a5:db:26:57:96:5e:77:22:88:4f:de:c6:df:19:c1:0d:6f:e7: 76:40:76:db:77:3b:d4:9d:0a:81:a3:56:86:29:d8:7b:07:8c: 98:df:67:02:74:91:5f:60:16:ff:95:e9:5d:7e:02:41:28:68: 0c:6c:a1:8f:08:1b:43:38:e7:9b:de:19:c6:ab:d4:fc:c7:16: 7a:4a:c0:ed:a4:cf:d7:b3:23:13:38:45:c3:09:d8:60:cd:8c: ec:c1:37:27:90:b8:86:9d:a5:51:27:5b:f1:f9:53:c7:98:27: 77:f9:3a:cc:57:ed:d8:ef:03:4e:61:56:c7:ed:8d:86:28:ea: 49:f3:e5:42:95:43:3f:e9:78:4f:fe:48:ce:76:79:b8:32:10: 04:4b:ae:28:14:ef:9d:b7:18:4b:2a:55:e9:c3:02:73:fb:7e: ec:ab:b2:bc -----BEGIN CERTIFICATE----- MIIFbzCCBFegAwIBAgIETBh35TANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMDA3MjcxOTUzMzZaFw0xMzA3Mjcy MDIzMzZaMIGBMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWlzc291cmkxDzANBgNV BAcTBkZlbnRvbjETMBEGA1UEChMKTWFyaXR6IExMQzEcMBoGA1UECxMTSW50ZXJu ZXQgT3BlcmF0aW9uczEbMBkGA1UEAxMSd2VibWFpbC5tYXJpdHouY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApahf9IjT/qqGGoKAE1B4gt0hDF/E f+Fn46zkqyTmczhqAna9riK89uFJiI1SM+66sYVtCbnMzgl/IzhCTJfaVVT1rZqv uKNnkYJzuTNACet+jG0BTEsHyrjmfwZfUXXMjiNMCIZz/QCsAUsDYm0O/Y2yRTFE ePzhfy1iW8NGqFVnsibEaNzXMIxHyc0hgmCP5I5QoVtrguD43G+m6sCUQO6wI9+g 1T6PN1t+UHGUYKw6kerwyu4scCfPG6J3lViOzm7FVrLnio0y595C/OWMi9/RTrJ4 pw5Mpwws1ofu+5FANPAAZE1oaCa9tg0kYM1i25gSSw0Gkq3hMbxTRGGsTwIDAQAB o4IBuzCCAbcwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xl dmVsMWMuY3JsMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j c3AuZW50cnVzdC5uZXQwQAYDVR0gBDkwNzA1BgkqhkiG9n0HSwIwKDAmBggrBgEF BQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwgZEGA1UdEQSBiTCBhoIS d2VibWFpbC5tYXJpdHouY29tghdhdXRvZGlzY292ZXIubWFyaXR6LmNvbYISb3V0 bG9vay5tYXJpdHouY29tghdtYXJpdHptYWlsMDEubWFyaXR6LmNvbYIXbWFyaXR6 bWFpbDAyLm1hcml0ei5jb22CEWNsYXZpbi5tYXJpdHouY29tMB8GA1UdIwQYMBaA FB7xq4kG+EkPATN37hR67hl8kyhNMB0GA1UdDgQWBBTCYlcaxkWMtwYhtHwKng/5 IsTz3DAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAlvLybyBxnNNNouzON So4ac+Iu42dIVnJTFn/yDCIAtv882Vh/GwOVwd47l+K3N7+/m2KpTAnTMYjCuU0g SU5QJ9YJ9F4hm4tWONZbp0Nu++OVtml8dGa34s+l2yZXll53IohP3sbfGcENb+d2 QHbbdzvUnQqBo1aGKdh7B4yY32cCdJFfYBb/leldfgJBKGgMbKGPCBtDOOeb3hnG q9T8xxZ6SsDtpM/XsyMTOEXDCdhgzYzswTcnkLiGnaVRJ1vx+VPHmCd3+TrMV+3Y 7wNOYVbH7Y2GKOpJ8+VClUM/6XhP/kjOdnm4MhAES64oFO+dtxhLKlXpwwJz+37s q7K8 -----END CERTIFICATE-----

[001.179]
Certificate 2 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 946072060 (0x3863e9fc) Signature Algorithm: sha1WithRSAEncryption Issuer: organizationName = Entrust.net organizationalUnitName = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) organizationalUnitName = (c) 1999 Entrust.net Limited commonName = Entrust.net Certification Authority (2048) Validity Not Before: Dec 10 20:43:54 2009 GMT Not After : Dec 10 21:13:54 2019 GMT Subject: countryName = US organizationName = Entrust, Inc. organizationalUnitName = www..entrust.net/rpa is incorporated by reference organizationalUnitName = (c) 2009 Entrust, Inc. commonName = Entrust Certification Authority - L1C Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:97:a3:2d:3c:9e:de:05:da:13:c2:11:8d:9d:8e: e3:7f:c7:4b:7e:5a:9f:b3:ff:62:ab:73:c8:28:6b: ba:10:64:82:87:13:cd:57:18:ff:28:ce:c0:e6:0e: 06:91:50:29:83:d1:f2:c3:2a:db:d8:db:4e:04:cc: 00:eb:8b:b6:96:dc:bc:aa:fa:52:77:04:c1:db:19: e4:ae:9c:fd:3c:8b:03:ef:4d:bc:1a:03:65:f9:c1: b1:3f:72:86:f2:38:aa:19:ae:10:88:78:28:da:75: c3:3d:02:82:02:9c:b9:c1:65:77:76:24:4c:98:f7: 6d:31:38:fb:db:fe:db:37:02:76:a1:18:97:a6:cc: de:20:09:49:36:24:69:42:f6:e4:37:62:f1:59:6d: a9:3c:ed:34:9c:a3:8e:db:dc:3a:d7:f7:0a:6f:ef: 2e:d8:d5:93:5a:7a:ed:08:49:68:e2:41:e3:5a:90: c1:86:55:fc:51:43:9d:e0:b2:c4:67:b4:cb:32:31: 25:f0:54:9f:4b:d1:6f:db:d4:dd:fc:af:5e:6c:78: 90:95:de:ca:3a:48:b9:79:3c:9b:19:d6:75:05:a0: f9:88:d7:c1:e8:a5:09:e4:1a:15:dc:87:23:aa:b2: 75:8c:63:25:87:d8:f8:3d:a6:c2:cc:66:ff:a5:66: 68:55 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE Authority Information Access: OCSP - URI:http://ocsp.entrust.net X509v3 CRL Distribution Points: Full Name: URI:http://crl.entrust.net/2048ca.crl X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.entrust.net/rpa X509v3 Subject Key Identifier: 1E:F1:AB:89:06:F8:49:0F:01:33:77:EE:14:7A:EE:19:7C:93:28:4D X509v3 Authority Key Identifier: keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 Signature Algorithm: sha1WithRSAEncryption 07:f6:5f:82:84:7f:80:40:c7:90:34:46:42:24:03:ce:2f:ab: ba:83:9e:25:73:0d:ed:ac:05:69:c6:87:ed:a3:5c:f2:57:c1: b1:49:76:9a:4d:f2:3f:dd:e4:0e:fe:0b:3e:b9:98:d9:32:95: 1d:32:f4:01:ee:9c:c8:c8:e5:3f:e0:53:76:62:fc:dd:ab:6d: 3d:94:90:f2:c0:b3:3c:98:27:36:5e:28:97:22:fc:1b:40:d3: 2b:0d:ad:b5:57:6d:df:0f:e3:4b:ef:73:02:10:65:fa:1b:d0: ac:31:d5:e3:0f:e8:ba:32:30:83:ee:4a:d0:bf:df:22:90:7a: be:ec:3a:1b:c4:49:04:1d:f1:ae:80:77:3c:42:08:db:a7:3b: 28:a6:80:01:03:e6:39:a3:eb:df:80:59:1b:f3:2c:be:dc:72: 44:79:a0:6c:07:a5:6d:4d:44:8e:42:68:ca:94:7c:2e:36:ba: 85:9e:cd:aa:c4:5e:3c:54:be:fe:2f:ea:69:9d:1c:1e:29:9b: 96:d8:c8:fe:51:90:f1:24:a6:90:06:b3:f0:29:a2:ff:78:2e: 77:5c:45:21:d9:44:00:31:f3:be:32:4f:f5:0a:32:0d:fc:fc: ba:16:76:56:b2:d6:48:92:f2:8b:a6:3e:b7:ac:5c:69:ea:0b: 3f:66:45:b9 -----BEGIN CERTIFICATE----- MIIE8jCCA9qgAwIBAgIEOGPp/DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0wOTEyMTAyMDQzNTRaFw0xOTEy MTAyMTEzNTRaMIGxMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j LjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0ZWQg YnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMuMS4w LAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFDMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6MtPJ7eBdoTwhGNnY7jf8dL flqfs/9iq3PIKGu6EGSChxPNVxj/KM7A5g4GkVApg9Hywyrb2NtOBMwA64u2lty8 qvpSdwTB2xnkrpz9PIsD7028GgNl+cGxP3KG8jiqGa4QiHgo2nXDPQKCApy5wWV3 diRMmPdtMTj72/7bNwJ2oRiXpszeIAlJNiRpQvbkN2LxWW2pPO00nKOO29w61/cK b+8u2NWTWnrtCElo4kHjWpDBhlX8UUOd4LLEZ7TLMjEl8FSfS9Fv29Td/K9ebHiQ ld7KOki5eTybGdZ1BaD5iNfB6KUJ5BoV3IcjqrJ1jGMlh9j4PabCzGb/pWZoVQID AQABo4IBCzCCAQcwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wMwYI KwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l dDAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmVudHJ1c3QubmV0LzIwNDhj YS5jcmwwOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93 d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBQe8auJBvhJDwEzd+4Ueu4ZfJMo TTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDANBgkqhkiG9w0BAQUF AAOCAQEAB/ZfgoR/gEDHkDRGQiQDzi+ruoOeJXMN7awFacaH7aNc8lfBsUl2mk3y P93kDv4LPrmY2TKVHTL0Ae6cyMjlP+BTdmL83attPZSQ8sCzPJgnNl4olyL8G0DT Kw2ttVdt3w/jS+9zAhBl+hvQrDHV4w/oujIwg+5K0L/fIpB6vuw6G8RJBB3xroB3 PEII26c7KKaAAQPmOaPr34BZG/MsvtxyRHmgbAelbU1EjkJoypR8Lja6hZ7NqsRe PFS+/i/qaZ0cHimbltjI/lGQ8SSmkAaz8Cmi/3gud1xFIdlEADHzvjJP9QoyDfz8 uhZ2VrLWSJLyi6Y+t6xcaeoLP2ZFuQ== -----END CERTIFICATE-----

[001.214]
Certificate 3 of 3 in chain: Certificate: Data: Version: 3 (0x2) Serial Number: 946059622 (0x3863b966) Signature Algorithm: sha1WithRSAEncryption Issuer: organizationName = Entrust.net organizationalUnitName = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) organizationalUnitName = (c) 1999 Entrust.net Limited commonName = Entrust.net Certification Authority (2048) Validity Not Before: Dec 24 17:50:51 1999 GMT Not After : Dec 24 18:20:51 2019 GMT Subject: organizationName = Entrust.net organizationalUnitName = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) organizationalUnitName = (c) 1999 Entrust.net Limited commonName = Entrust.net Certification Authority (2048) Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64: 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7: 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76: 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf: e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1: 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29: b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64: ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c: e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89: a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90: 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2: cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a: fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55: 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86: 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26: 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e: 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0: 07:e1 Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Authority Key Identifier: keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 X509v3 Subject Key Identifier: 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 1.2.840.113533.7.65.0: 0...V5.0:4.0.... Signature Algorithm: sha1WithRSAEncryption 59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c: 4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61: 7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73: ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5: da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4: 03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4: 15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68: c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c: 7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33: db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18: b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2: de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c: e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e: c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1: d2:69:7c:c5 -----BEGIN CERTIFICATE----- MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH 4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy vUxFnmG6v4SBkgPR0ml8xQ== -----END CERTIFICATE-----

[001.215]
Cert VALIDATED: ok
[001.215] ssl : scheme=http cert=-1219100656
: identity=maritzmail01.maritz.com cn=webmail.maritz.com alt=2 webmail.maritz.com 2 autodiscover.maritz.com 2 outlook.maritz.com 2 maritzmail01.maritz.com 2 maritzmail02.maritz.com 2 clavin.maritz.com

[001.215]
Cert Hostname VERIFIED (maritzmail01.maritz.com = webmail.maritz..com)
[001.215] ~~> EHLO checktls.com
[001.217] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `EHLO checktls.com
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 19:19 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.285] ssl got `250 SIZE 52428800
' (19:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.285] <~~ 250-MaritzMail01.maritz.com
250-8BITMIME
250 SIZE 52428800
[001.285]
TLS successfully started on this server
[001.286] ~~> MAIL FROM: <test@checktls.com>
[001.287] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `MAIL FROM:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 32:32 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.354] ssl got `250 sender ok
' (35:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.354] <~~ 250 sender <test@checktls.com> ok
[001.355]
Sender is OK
[001.355] ~~> RCPT TO: <allstatesurvey@researchhq.com>
[001.356] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `RCPT TO:
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 42:42 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.423] ssl got `250 recipient ok
' (50:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.423] <~~ 250 recipient <allstatesurvey@researchhq.com> ok
[001.424]
Recipient OK, E-mail address proofed
[001.424] ~~> QUIT
[001.425] ssl write_all VM at entry=vm_unknown
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1890
partial `QUIT
'
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 1893
written so far 6:6 bytes (VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 2012

[001.491] ssl got `221 MaritzMail01.maritz.com
' (29:0 bytes, VM=vm_unknown)
at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/debug_read.al) line 1837

[001.492] <~~ 221 MaritzMail01.maritz.com
[001.495] ssl : free ctx -1219032424 open=-1219032424
: free ctx -1219032424 callback
: OK free ctx -1219032424

Sroll to top to see the important stuff.

Copyright © 2010-2011 CheckTLS.com All Rights Reserved. Feel free to link to our site! We welcome any feedback: Info@CheckTLS.com

"CheckTLS", "ForceTLS", "MonitorTLS", and "Confidence Factor" are Service Marks (SM) of CheckTLS.com.

=====================================================

Since Allstate has choosen to refuse to respond to my security assesment and inquiries, I am posting this informaiton publically to see if they change their mind and reassess their use of outside vendors for the purpose of conducting surveys when those vendors have no concept of proper security protocals.

Come on, Allstate! Clean up your act and make certain everything you do with your policy holders is totally secure. Bring your survey process in-house and take control over your networks and network security.

Finally, you are big enough to know better when it comes to SSL certificates!

While you get an "A" for cleaning up the ability to hack your SSL protocals, you have problems with common name identification.

Here is what is wrong with yours:

Certificate Information
Common names	www.allstate.com
Alternative names	-
Prefix handling	Not valid for "allstate.com" `CONFUSING`
Valid from	Wed Sep 15 14:58:26 UTC 2010
Valid until	Sun Sep 16 15:28:26 UTC 2012 (expires in 2 months and 19 days)
Key	RSA / 1024 bits
Signature algorithm	SHA1withRSA
Server Gated Cryptography	No
Weak key (Debian)	No
Issuer	Entrust Certification Authority - L1C
Next Issuer	Entrust.net Certification Authority (2048) `TRUSTED`
Chain length (size)	3 (3506 bytes)
Chain issues	None
Extended Validation	No
Revocation information	CRL, OCSP
Revocation status	Good (not revoked)
Trusted	Yes

=============================================== Read all of ChicagoNetTech's security blogs at: http://networkbastion.blogspot.com/

If you have any questions, or are looking for hosted solutions, please feel free to contact me.
Copyright © 2012, Bruce Barnes, ChicagoNetTech Inc, All Rights Reserved

Network Bastion

28 June 2012

Survey E-Mail and Security

"What Security Procedures Do We Use to Guard Against the Loss, Misuse, Alteration, or Theft of Information While That Information Is Being Submitted to Allstate Over the Internet?