SSL check results of dns.nao.sh

NEW You can also bulk check multiple servers.

Discover if the mail servers for dns.nao.sh can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 13 Jan 2021 21:01:00 +0000

The mailservers of dns.nao.sh can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @dns.nao.sh addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
dns.nao.sh
2a01:4f8:c0c:4b8f::1
10
supported
dns.nao.sh
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
dns.nao.sh
78.47.185.137
10
supported
dns.nao.sh
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @dns.nao.sh address so far. Test mail delivery

Certificates

First seen at:

CN=dns.nao.sh

Certificate chain
  • dns.nao.sh
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption

Subject
Common Name (CN)
  • dns.nao.sh
Alternative Names
  • dns.nao.sh
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2020-12-06
Not valid after
2021-03-06
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
BA:D2:20:CE:BF:50:A1:64:DB:66:6D:2F:53:2C:C1:1E:F6:7E:9D:A7:EF:D8:29:F0:5B:80:6B:53:3D:65:7C:BD
SHA1
5C:E8:C2:AD:6E:82:6A:7E:8C:CB:55:91:B0:69:B3:72:9B:EE:23:44
X509v3 extensions
subjectKeyIdentifier
  • AB:FD:19:A3:04:7C:C8:91:01:BE:B4:D8:B5:7B:47:DD:18:0A:47:AF
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Dec 6 02:51:45.555 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:D5:B6:23:AA:E0:4E:24:97:69:59:62:
  • 1C:15:28:15:B6:DD:FA:17:08:C2:CD:13:F4:33:10:F3:
  • A4:78:F4:01:52:02:21:00:D0:50:B3:19:EA:29:DC:C6:
  • 42:DA:02:98:89:65:75:FB:8D:72:EB:76:A7:73:83:BE:
  • 1D:93:2C:BB:32:B4:CC:5B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
  • E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
  • Timestamp : Dec 6 02:51:45.559 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:79:A6:D8:E1:0B:8A:9A:D0:E4:BD:4E:D6:
  • E7:F0:2C:EE:2B:0E:E6:AE:3F:85:39:28:1F:83:0B:D3:
  • DF:A5:47:34:02:20:02:88:D7:7E:5D:5B:B2:25:51:20:
  • FC:24:1F:B2:B9:69:80:F5:06:FC:2B:D7:84:86:65:CA:
  • A7:2C:C8:20:3D:C8

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.dns.nao.sh
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid