ky0.to - TLS / STARTTLS Test

Discover if the mail servers for ky0.to can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 04 Aug 2025 00:30:26 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of ky0.to can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ky0.to addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
0g.re 107.174.240.135	10	supported	*.0g.re	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-08-04 7 s

Outgoing Mails

We have not received any emails from a @ky0.to address so far. Test mail delivery

Certificates

First seen at: 2025-07-31

CN=*.0g.re

Certificate chain

*.0g.re
- 2025-10-29 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

*.0g.re

Alternative Names

*.0g.re
0g.re

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-07-31
Not valid after: 2025-10-29

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 91:E1:EF:66:CB:E5:E5:02:60:19:70:42:03:B8:45:70:94:66:34:DB:61:43:31:35:D0:C1:94:45:A1:EB:17:74
SHA1: DF:79:53:C7:BE:70:CA:3E:51:2B:DE:91:66:2F:F2:8F:8B:B7:05:68

X509v3 extensions

subjectKeyIdentifier

64:65:A3:14:C4:E1:64:74:B8:AF:3D:75:52:16:78:DD:EF:62:E3:D1

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r11.c.lencr.org/58.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A4:42:C5:06:49:60:61:54:8F:0F:D4:EA:9C:FB:7A:2D:
26:45:4D:87:A9:7F:2F:DF:45:59:F6:27:4F:3A:84:54
Timestamp : Jul 31 20:42:46.327 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D5:E2:3D:22:7E:04:D0:C8:53:61:69:
D3:FA:1B:D7:2B:3E:E9:82:67:EE:CA:40:FB:36:BC:A1:
9D:FB:6C:59:9A:02:21:00:F0:B1:D6:4F:90:80:F5:A4:
97:EC:18:96:6D:38:71:B9:F9:AD:F0:C1:B0:C1:8B:F7:
FD:0E:82:30:C5:AA:86:56
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
Timestamp : Jul 31 20:42:46.327 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:53:8E:F7:50:09:BE:76:6B:A7:9D:75:E0:
DF:58:F0:5B:3B:62:65:1D:33:B4:80:48:D5:2C:DE:9F:
A0:5B:D0:A2:02:21:00:D6:18:D1:86:62:4C:DA:EF:91:
AF:A9:56:F4:54:A9:00:B7:CC:14:BA:C1:50:DD:FD:DA:
A6:BB:8A:FF:8C:58:CE

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.0g.re	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.0g.re	DANE-EE: Domain Issued Certificate Use subject public key SHA-512 Hash	valid	valid
_25._tcp.0g.re	DANE-TA: Trust Anchor Assertion Use full certificate SHA-256 Hash	valid	—
_25._tcp.0g.re	DANE-EE: Domain Issued Certificate Use full certificate SHA-512 Hash	valid	—
_25._tcp.0g.re	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	—
_25._tcp.0g.re	DANE-TA: Trust Anchor Assertion Use subject public key SHA-512 Hash	valid	—
_25._tcp.0g.re	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.0g.re	DANE-TA: Trust Anchor Assertion Use full certificate SHA-512 Hash	valid	—

SSL check results of ky0.to