dev-urandom.net - TLS / STARTTLS Test

Discover if the mail servers for dev-urandom.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 24 Jul 2024 02:36:48 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of dev-urandom.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @dev-urandom.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx.dev-urandom.net 2a01:4f8:c17:6953::10	10	supported	dev-urandom.net	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-07-24 1 s
mx.dev-urandom.net 88.99.39.123	10	supported	dev-urandom.net	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-07-24 1 s

Outgoing Mails

We have received emails from these servers with @dev-urandom.net sender addresses. Test mail delivery

Host	TLS Version & Cipher
mx.dev-urandom.net (88.99.39.123)	TLSv1.3 TLS_AES_256_GCM_SHA384	2020-10-09
mx.dev-urandom.net (IPv6:2a01:4f8:c17:6953::10)	TLSv1.3 TLS_AES_256_GCM_SHA384	2020-03-04

Certificates

First seen at: 2024-07-24

CN=dev-urandom.net

Certificate chain

dev-urandom.net
- 2024-10-15 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

dev-urandom.net

Alternative Names

*.dev-urandom.net
dev-urandom.net

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-07-17
Not valid after: 2024-10-15

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 03:09:C9:5E:6A:4F:FD:37:7F:17:2E:A5:C5:47:2F:DF:9D:77:2D:93:2C:B8:DC:78:B6:8D:68:69:58:7E:C6:63
SHA1: D2:F3:5A:4E:C6:EC:D1:44:02:C2:B8:68:E2:4C:28:E8:A6:CC:EC:37

X509v3 extensions

subjectKeyIdentifier

84:0D:F7:3B:D8:09:9D:3F:96:5B:4C:11:E2:30:57:65:62:4A:F1:42

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Jul 18 00:45:06.673 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:76:C3:BA:43:2D:BB:0A:4F:8F:1B:C0:15:
C1:E2:46:95:76:FB:47:6C:11:6F:47:EC:99:CA:D6:2B:
FB:A5:44:76:02:20:7D:FB:4D:ED:31:BE:78:08:EF:A1:
5A:30:7A:D6:AF:BD:2D:8B:FD:0D:64:78:07:BB:9F:EA:
8A:7D:9A:09:AF:A4
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Jul 18 00:45:06.688 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:78:BD:7E:DF:30:E1:44:FC:30:00:A9:3E:
9C:19:4D:BA:D5:7B:E2:1D:E4:E5:04:5C:D7:9B:CF:E0:
99:CF:CA:53:02:20:1B:FE:64:F9:3D:C7:FF:A5:46:61:
C4:D5:84:0F:94:DE:ED:9F:A4:DE:79:8F:0C:D7:99:FE:
9B:60:24:71:BF:00

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx.dev-urandom.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of dev-urandom.net