blackshift.org - TLS / STARTTLS Test

Discover if the mail servers for blackshift.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 09 Jul 2025 06:52:54 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of blackshift.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @blackshift.org addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
glittertind.blackshift.org 2a01:4f8:1c1c:29e9::1	100	supported	glittertind.blackshift.org	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 ~~SSLv3~~	2025-07-09 1 s
glittertind.blackshift.org 116.203.23.228	100	supported	glittertind.blackshift.org	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 ~~SSLv3~~	2025-07-09 1 s

Outgoing Mails

We have not received any emails from a @blackshift.org address so far. Test mail delivery

Certificates

First seen at: 2025-07-09

CN=glittertind.blackshift.org

Certificate chain

glittertind.blackshift.org
- 2025-07-23 remaining
- 384 bit
- ecdsa-with-SHA384

Subject

Common Name (CN)

glittertind.blackshift.org

Alternative Names

glittertind.blackshift.org

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-04-24
Not valid after: 2025-07-23

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 50:16:36:82:4B:73:FE:C4:99:E6:EB:A5:2C:90:DD:E4:58:38:94:98:B0:45:8D:03:9C:3B:9E:22:36:7B:B6:82
SHA1: 43:16:C8:5D:50:93:7F:06:DF:98:B1:43:0B:86:F1:08:6C:1A:48:7B

X509v3 extensions

subjectKeyIdentifier

DE:A2:B7:42:EF:70:50:5E:56:23:8C:49:07:D9:B2:FB:E3:26:B1:71

authorityKeyIdentifier

keyid:93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2

authorityInfoAccess

OCSP - URI:http://e6.o.lencr.org
CA Issuers - URI:http://e6.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://e6.c.lencr.org/69.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
Timestamp : Apr 24 07:30:06.230 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:AD:36:B0:23:1E:53:64:28:42:82:EE:
8F:C7:1C:F3:4D:F1:21:69:49:28:CF:73:67:37:75:33:
EE:5B:8E:68:2A:02:20:6F:98:EA:89:9D:CE:C9:6D:1B:
58:7F:06:2D:1D:3B:05:99:FD:56:39:5A:74:E8:3F:6C:
78:95:36:24:DA:B6:F3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AF:18:1A:28:D6:8C:A3:E0:A9:8A:4C:9C:67:AB:09:F8:
BB:BC:22:BA:AE:BC:B1:38:A3:A1:9D:D3:F9:B6:03:0D
Timestamp : Apr 24 07:30:06.514 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:4A:7E:7A:9A:33:E6:CC:06:13:17:5C:5A:
7A:BC:79:83:8A:F3:63:C2:20:3E:DC:A1:0E:21:34:A7:
0A:70:51:8B:02:21:00:95:EC:03:C1:9A:3D:33:82:FB:
02:0E:4B:FD:B4:BA:B4:8E:47:55:B0:10:B5:FE:CD:83:
B0:18:54:5F:C5:62:E4

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.glittertind.blackshift.org	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.glittertind.blackshift.org	DANE-EE: Domain Issued Certificate Use subject public key SHA-512 Hash	valid	valid
_25._tcp.glittertind.blackshift.org	DANE-EE: Domain Issued Certificate Use subject public key SHA-512 Hash	valid	—
_25._tcp.glittertind.blackshift.org	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	—

SSL check results of blackshift.org