bn-online.net - TLS / STARTTLS Test

Discover if the mail servers for bn-online.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 20 Nov 2023 21:28:07 +0000

Certificates

Problems found
Protocol

Secure
DANE

Problems found

We can not guarantee a secure connection to the mailservers of bn-online.net!

Please contact the operator of bn-online.net and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/bn-online.net

Servers

Incoming Mails

These servers are responsible for incoming mails to @bn-online.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.bn-online.net 2a02:b30:101:100::46 Results incomplete	10	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2023-11-20 3 s
mail.bn-online.net 217.76.96.46 Results incomplete	10	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2023-11-20 2 s
blatz010.blatzheim.com 2a02:b30:301:100::2	20	supported	blatz010.blatzheim.com	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 ~~SSLv3~~	2023-11-20 8 s
blatz010.blatzheim.com 217.76.99.34	20	supported	blatz010.blatzheim.com	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 ~~SSLv3~~	2023-11-20 8 s
mx01.blatzheim.com 217.76.102.244 Results incomplete	90		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2023-11-20 11 s
mx02.blatzheim.com 217.76.102.245 Results incomplete	95		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2023-11-20 11 s

Outgoing Mails

We have not received any emails from a @bn-online.net address so far. Test mail delivery

Certificates

First seen at: 2020-05-27

CN=blatz010.blatzheim.com,O=bn:t Blatzheim Networks Telecom GmbH,L=Bonn,ST=Northrhine-Westfalia,C=DE

Certificate chain

blatz010.blatzheim.com (Certificate is self-signed.)
- 2022-04-25 remaining
- 2048 bit
- sha1WithRSAEncryption
- Expired
- Unknown Authority

Subject

Country (C)

State (ST)

Northrhine-Westfalia

Locality (L)

Bonn

Organization (O)

bn:t Blatzheim Networks Telecom GmbH

Common Name (CN)

blatz010.blatzheim.com

Issuer

Certificate is self-signed.

validity period

Not valid before: 2012-04-27
Not valid after: 2022-04-25

Fingerprints

SHA256: 91:F1:4B:B9:A5:85:F6:97:C1:89:9F:64:5D:C2:A2:BF:B4:3E:E5:27:99:9D:08:48:7B:51:4C:FB:2B:7E:DF:B3
SHA1: 59:1B:EF:62:55:8C:17:C1:7B:F2:50:78:35:91:18:D9:BB:5C:EE:7E

X509v3 extensions

subjectKeyIdentifier

9C:1F:E8:FB:FC:C8:DB:93:0A:F7:31:43:5A:8B:B9:9F:CE:7C:3C:FC

authorityKeyIdentifier

keyid:9C:1F:E8:FB:FC:C8:DB:93:0A:F7:31:43:5A:8B:B9:9F:CE:7C:3C:FC

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.bn-online.net	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	—
_25._tcp.blatz010.blatzheim.com	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	valid

SSL check results of bn-online.net