u8s.de - TLS / STARTTLS Test

Discover if the mail servers for u8s.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 29 Apr 2025 12:30:35 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of u8s.de!

Please contact the operator of u8s.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/u8s.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @u8s.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mc.ulischaefer.de 2a03:4000:4e:f4::1 Results incomplete	10	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2025-04-29 1 s
mc.ulischaefer.de 185.232.68.209	10	supported	mc.ulischaefer.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-04-29 8 s

Outgoing Mails

We have not received any emails from a @u8s.de address so far. Test mail delivery

Certificates

First seen at: 2025-04-29

CN=mc.ulischaefer.de

Certificate chain

mc.ulischaefer.de
- 2025-06-15 remaining
- 256 bit
- ecdsa-with-SHA384

Subject

Common Name (CN)

mc.ulischaefer.de

Alternative Names

mc.ulischaefer.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-03-17
Not valid after: 2025-06-15

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 94:88:C5:6F:DA:B1:C8:B7:9B:97:BC:0E:50:78:58:A0:C4:38:CC:D8:18:4E:E7:94:6F:7F:22:80:C2:EC:9D:DA
SHA1: CF:A3:16:48:3F:19:7D:BD:D5:04:72:E9:B3:D3:C0:FA:F7:D1:9A:70

X509v3 extensions

subjectKeyIdentifier

B8:91:FC:EF:40:E3:B7:BA:24:AA:35:D9:77:AC:DB:94:A9:E2:51:6A

authorityKeyIdentifier

keyid:93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2

authorityInfoAccess

OCSP - URI:http://e6.o.lencr.org
CA Issuers - URI:http://e6.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://e6.c.lencr.org/57.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Mar 17 01:13:52.932 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E6:6B:F1:3F:D0:3B:72:60:E0:67:9B:
E7:DF:4E:2A:B8:DF:97:8A:62:07:04:02:14:4D:58:72:
09:F6:7D:65:DB:02:21:00:DD:51:C0:46:E8:84:62:A2:
82:C0:A9:56:9E:C5:38:7A:BA:0A:F1:DD:D2:E1:C1:6C:
2E:BB:5B:5F:55:1F:6E:4D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
Timestamp : Mar 17 01:13:54.890 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F7:10:C7:70:12:FE:A5:E9:75:6A:65:
E6:4B:9C:38:FB:C3:89:99:08:82:40:1E:40:E2:58:77:
57:88:5F:36:DC:02:21:00:D7:87:BE:9F:46:14:AF:47:
A6:D8:AD:62:4C:D9:30:B1:3D:04:B5:BB:78:17:94:A3:
9C:2E:87:32:63:0E:2C:97

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mc.ulischaefer.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mc.ulischaefer.de	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of u8s.de