SSL check results of der-flo.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for der-flo.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 27 Dec 2023 10:42:15 +0000

No connection to the mailservers of der-flo.net could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @der-flo.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx.der-flo.net
2001:67c:26f4:224::236
Results incomplete
10
supported
mx.der-flo.net
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx.der-flo.net
193.160.39.236
Results incomplete
10
supported
mx.der-flo.net
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx2.der-flo.net
2a02:2770:15::28f2:0:1
Results incomplete
40
supported
mx2.der-flo.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @der-flo.net sender addresses. Test mail delivery

Host TLS Version & Cipher
mx.der-flo.net (IPv6:2001:67c:26f4:224::236)
TLSv1.2 ADH-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx.der-flo.net

Certificate chain
  • mx.der-flo.net
    • remaining
    • 384 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • mx.der-flo.net
Alternative Names
  • mx.der-flo.net
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2023-12-27
Not valid after
2024-03-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
62:AE:A3:92:0A:53:09:C2:28:2D:90:23:34:7D:1A:BF:05:CB:6C:4C:7F:27:64:84:FD:96:11:0F:BD:F6:CB:BC
SHA1
B3:87:30:02:E6:BE:9E:F2:AC:B0:5B:A4:88:65:26:6E:98:11:98:BD
X509v3 extensions
subjectKeyIdentifier
  • FD:3D:9D:75:0C:9A:4B:52:45:4F:F3:2B:F3:DC:BA:A8:75:19:9D:9F
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Dec 27 10:39:26.175 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:11:EF:45:1C:A2:89:E9:C0:B3:1F:91:26:
  • DD:76:B4:41:8A:78:92:DF:46:5C:FA:15:7F:4C:F2:B2:
  • 0F:E6:3F:9C:02:21:00:E2:8C:89:70:50:2D:97:02:4A:
  • D0:8C:AC:81:1A:53:6A:FA:E3:04:44:F8:F4:7B:02:C3:
  • 13:45:C8:DB:9D:51:F8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
  • 65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
  • Timestamp : Dec 27 10:39:26.196 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:31:E8:74:17:16:27:33:11:B8:06:B9:7A:
  • 24:06:11:B3:13:DD:DC:E4:F3:4E:F6:ED:3E:F8:31:BF:
  • 85:33:1B:8C:02:20:08:EA:68:67:D7:A7:81:87:32:AA:
  • 53:BE:D4:D5:1B:AF:0B:9E:CB:FF:04:AE:43:03:9E:48:
  • DA:0A:FA:8F:78:FE
First seen at:

CN=mx2.der-flo.net

Certificate chain
  • mx2.der-flo.net
    • remaining
    • 256 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • mx2.der-flo.net
Alternative Names
  • mx2.der-flo.net
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2023-12-02
Not valid after
2024-03-01
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
A1:FA:54:ED:93:C4:E0:B8:84:CC:F1:72:3B:0B:AC:8E:47:FD:34:E3:4B:92:55:0B:AF:92:18:21:4D:17:9E:15
SHA1
93:A5:2B:2E:BC:BA:B7:44:B9:9C:AD:C0:CE:D5:6E:CF:26:6E:ED:FF
X509v3 extensions
subjectKeyIdentifier
  • 44:57:1A:DC:8A:A1:7F:8F:B0:36:59:09:80:DF:6D:E1:B6:D9:B2:48
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Dec 3 00:08:02.437 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:6E:D9:93:9F:C1:82:CB:5A:87:9D:FD:AF:
  • 0A:9D:66:83:87:C9:50:D4:51:22:84:52:93:CF:12:C2:
  • 2E:3B:51:ED:02:20:5C:E3:00:2A:52:53:00:E8:66:32:
  • A1:17:AC:5B:2C:98:D5:95:B7:50:0F:41:FD:BC:F0:60:
  • 38:24:CA:1F:AA:86
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:D0:3A:1B:B6:74:AA:71:1C:D3:03:5B:65:57:C1:4F:
  • 8A:A7:8B:4F:E8:38:94:49:EC:A4:53:F9:44:BD:24:68
  • Timestamp : Dec 3 00:08:02.561 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:9A:88:08:E4:B7:ED:A7:33:E1:51:8F:
  • FF:59:1C:2C:84:2A:E9:0A:B2:4E:D7:F7:42:28:23:C9:
  • 56:A7:F2:AD:09:02:21:00:A9:1A:92:F9:7C:2E:89:12:
  • AC:86:10:47:15:B4:E3:4B:2B:2D:6A:C9:11:A1:E5:E9:
  • 82:CD:30:F8:07:B7:10:96

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx.der-flo.net
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.mx2.der-flo.net
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid