giessen.de - TLS / STARTTLS Test

Discover if the mail servers for giessen.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 10 Dec 2023 11:47:08 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of giessen.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @giessen.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx5skas.kgrz-ks.de 62.156.249.82	10	supported	*.kgrz-ks.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2023-12-10 2 s
mx3skas.kgrz-ks.de 80.69.201.82	10	supported	*.kgrz-ks.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2023-12-10 1 s
mx4skas.kgrz-ks.de 80.69.201.83	10	supported	*.kgrz-ks.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2023-12-10 1 s

Outgoing Mails

We have not received any emails from a @giessen.de address so far. Test mail delivery

Certificates

First seen at: 2023-11-03

CN=*.kgrz-ks.de,O=ekom21 - KGRZ Hessen K.d.oe.R.,L=Giessen,ST=Hessen,C=DE

Certificate chain

*.kgrz-ks.de
- 2024-12-02 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Country (C)

State (ST)

Hessen

Locality (L)

Giessen

Organization (O)

ekom21 - KGRZ Hessen K.d.oe.R.

Common Name (CN)

*.kgrz-ks.de

Alternative Names

*.kgrz-ks.de
kgrz-ks.de

Issuer

Country (C)

Organization (O)

GlobalSign nv-sa

Common Name (CN)

GlobalSign RSA OV SSL CA 2018

validity period

Not valid before: 2023-11-01
Not valid after: 2024-12-02

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 77:AB:57:B6:61:1C:1E:20:97:F3:65:C1:29:61:1E:BF:66:2B:8A:C6:52:03:A5:BA:C4:6A:53:20:E7:08:53:B3
SHA1: 8E:6D:51:D9:67:ED:46:6E:26:38:7D:AE:63:56:8A:E8:71:6B:6D:E0

X509v3 extensions

authorityInfoAccess

CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018

certificatePolicies

Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2

crlDistributionPoints

Full Name:
URI:http://crl.globalsign.com/gsrsaovsslca2018.crl

authorityKeyIdentifier

keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB

subjectKeyIdentifier

B7:18:8A:93:ED:82:82:EE:56:AF:2E:30:18:74:74:12:58:86:59:F2

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Nov 1 14:56:06.096 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:0B:9F:AD:53:E4:9C:3C:87:63:26:B3:27:
6E:BF:BD:7A:29:0C:31:D0:C7:76:68:43:09:38:E6:B4:
6E:00:34:A5:02:20:2A:EE:FB:FE:47:C1:77:2B:4B:FE:
FB:2E:60:9B:05:42:FF:D7:3C:9D:09:4E:19:33:C8:00:
0E:A9:29:1F:4B:80
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Nov 1 14:56:05.698 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:1D:7B:A2:27:6D:B7:86:98:76:34:1A:74:
1E:90:E8:4A:8B:39:DB:F9:2C:4B:30:BF:E0:19:FF:39:
8A:82:E7:E0:02:20:6B:45:24:02:ED:6D:CB:07:03:0F:
23:95:55:B9:CD:2F:7C:D2:88:1D:FB:23:1F:9E:0A:A5:
1D:18:AE:50:FB:28
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
Timestamp : Nov 1 14:56:06.046 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:33:17:86:72:67:B5:5F:25:D0:B3:C1:72:
61:01:45:5D:F0:9E:74:3E:06:63:21:BF:76:E2:C0:0B:
80:61:ED:35:02:20:11:8F:AF:CC:B9:05:01:22:4F:5D:
1D:B3:E7:BC:A5:14:3B:94:5A:B1:F7:B7:96:58:4F:A7:
2E:A7:69:B0:42:C3

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx5skas.kgrz-ks.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx3skas.kgrz-ks.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx4skas.kgrz-ks.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of giessen.de