SSL-Tools

SSL check results of sweetgood.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for sweetgood.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 23 Apr 2024 22:33:55 +0000

The mailservers of sweetgood.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @sweetgood.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.sweetgood.de
2001:1b60:3:267:909:102::1
 10
supported
mail.sweetgood.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s
mail.sweetgood.de
87.118.126.176
 10
supported
mail.sweetgood.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s

Outgoing Mails

We have received emails from these servers with @sweetgood.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.sweetgood.de (195.128.102.222)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mail.sweetgood.de

Certificate chain
  • mail.sweetgood.de
    • remaining
    • 3072 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.sweetgood.de
Alternative Names
  • mail.sweetgood.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-24
Not valid after
2024-06-22
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D6:EC:BF:D6:23:FC:94:42:A0:6D:3A:BF:51:3E:DB:FE:8F:5F:B6:63:8E:23:3D:E3:1F:D6:A4:88:C3:CC:75:3D
SHA1
AE:5C:FC:1D:7E:0B:B0:06:E9:0F:22:C6:06:BD:66:DF:DB:91:85:BB
X509v3 extensions
subjectKeyIdentifier
  • 16:18:FA:F7:A3:A9:FC:02:12:D6:14:03:18:D6:AD:1E:DE:18:AB:81
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Mar 24 17:11:50.846 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8B:09:BE:46:DA:C5:7C:E1:25:E2:E8:
  • 75:40:29:B2:BA:EB:E5:6A:6B:8F:B7:BA:60:AA:01:2B:
  • 9A:67:1E:8B:42:02:20:56:EE:A3:DB:31:5F:ED:B9:DD:
  • E8:E5:3A:9A:79:60:AC:20:52:90:08:FA:D3:F7:56:BE:
  • E3:14:CB:22:93:42:99
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
  • 65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
  • Timestamp : Mar 24 17:11:52.810 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:8A:BF:CF:05:3D:B2:0C:E4:3B:2D:3E:
  • 1A:94:38:B3:A2:7D:91:D3:B6:F6:AE:1D:8F:6A:75:67:
  • 45:61:CE:38:14:02:21:00:E9:67:EE:69:45:0D:7E:3E:
  • A1:1B:76:84:CA:D9:E3:13:D4:83:22:7B:DF:82:1B:02:
  • C1:A6:02:98:8F:11:ED:55

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.sweetgood.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid