SSL-Tools

SSL check results of belski.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for belski.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 03 Dec 2020 19:38:03 +0000

The mailservers of belski.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @belski.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.klapt.com
2a01:4f8:c0c:92e8::1
 1
supported
mail.klapt.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s
mail.klapt.com
78.47.124.27
 1
supported
mail.klapt.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @belski.net sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.klapt.com (78.47.124.27)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail.klapt.com (IPv6:2a01:4f8:c0c:92e8::1)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mail.klapt.com

Certificate chain
Subject
Common Name (CN)
  • mail.klapt.com
Alternative Names
  • imap.klapt.com
  • mail.klapt.com
  • smtp.klapt.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • Let's Encrypt Authority X3
validity period
Not valid before
2020-11-28
Not valid after
2021-02-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
71:DA:5B:3D:BD:B0:1D:AE:8A:9A:34:46:65:FB:0D:33:26:4D:60:CC:E2:CE:5F:B3:39:E7:AA:AD:E4:46:1F:B9
SHA1
47:05:8F:66:B6:E2:CC:83:2E:60:77:86:03:49:88:A5:D6:AE:CA:19
X509v3 extensions
subjectKeyIdentifier
  • 4B:EB:C8:57:B2:16:EE:F2:A0:7E:2B:6A:89:8F:D9:75:8E:7D:23:81
authorityKeyIdentifier
  • keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
authorityInfoAccess
  • OCSP - URI:http://ocsp.int-x3.letsencrypt.org
  • CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Nov 28 12:03:43.923 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8F:0B:60:0B:33:F5:6B:82:9F:AE:CC:
  • BF:76:87:48:60:AF:52:3B:A6:16:65:C1:50:0C:0B:63:
  • 8B:AB:68:73:13:02:20:6E:3C:30:37:A5:F6:70:E4:33:
  • 08:E7:77:A1:E5:F1:84:67:AA:9C:D9:D7:67:38:3A:7C:
  • A4:E7:4B:DC:6C:51:3C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
  • E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
  • Timestamp : Nov 28 12:03:43.979 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A5:83:DC:83:0D:95:6E:73:B4:0D:1F:
  • 99:4D:0D:34:7D:B6:6E:21:AB:14:99:65:3E:8F:B3:55:
  • 98:92:71:C1:78:02:21:00:C6:6E:71:57:93:C1:AB:95:
  • 7E:51:94:BE:6E:AC:1A:10:C2:A6:76:C1:53:D6:24:FC:
  • B3:30:A1:2D:B1:3B:E3:7D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.klapt.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-512 Hash
valid
valid