plskthx.de - TLS / STARTTLS Test

Discover if the mail servers for plskthx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 27 Aug 2024 11:27:48 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of plskthx.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @plskthx.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx01.plskthx.de 2a07:54c7:2002:2110::1	10	supported	mx01.plskthx.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-08-27 1 s
mx01.plskthx.de 144.76.188.91	10	supported	mx01.plskthx.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-08-27 1 s

Outgoing Mails

We have received emails from these servers with @plskthx.de sender addresses. Test mail delivery

Host	TLS Version & Cipher
mail.plskthx.de (144.76.188.91)	TLSv1.3 TLS_AES_256_GCM_SHA384	2020-08-11

Certificates

First seen at: 2024-08-27

CN=mx01.plskthx.de

Certificate chain

mx01.plskthx.de
- 2024-11-10 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mx01.plskthx.de

Alternative Names

mx01.plskthx.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-08-12
Not valid after: 2024-11-10

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: D6:BD:53:D0:EC:C7:15:F9:AA:48:F4:43:D9:A4:61:4D:20:FC:1E:CD:9B:EB:FD:0E:25:FE:90:10:AA:32:2B:BF
SHA1: CB:53:EA:24:8E:BB:1D:CB:CE:FA:D6:DE:75:01:9F:44:B2:FD:F3:45

X509v3 extensions

subjectKeyIdentifier

5B:03:0F:2C:AD:DB:27:D0:25:F3:A9:C5:12:1C:64:69:4D:0A:A5:B9

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : Aug 12 10:08:06.796 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F2:4F:A7:7A:45:E3:0E:DE:5F:FD:48:
81:E3:35:A6:9B:F4:27:BA:00:34:B9:60:16:47:3F:79:
67:FE:CB:89:36:02:21:00:AE:E1:BF:FE:0D:3C:0D:29:
76:67:CF:95:5F:07:77:79:35:C7:6D:27:FA:A1:6F:59:
A9:E6:DD:10:E6:1F:71:B0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
Timestamp : Aug 12 10:08:06.993 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:16:33:B4:F0:9E:DF:40:CB:A5:C2:77:76:
CD:FE:B3:3E:6D:81:E1:66:B0:D8:4E:D8:3A:CA:DF:A3:
54:D8:CF:1B:02:21:00:D0:69:BE:83:C3:D1:EA:E3:50:
5D:F3:4D:E3:65:20:E0:CD:36:40:E9:28:C4:85:7A:7A:
A1:41:C1:88:5F:B6:43

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx01.plskthx.de	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx01.plskthx.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx01.plskthx.de	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx01.plskthx.de	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of plskthx.de