dpgarage.ch - TLS / STARTTLS Test

Discover if the mail servers for dpgarage.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 28 Mar 2024 09:00:00 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of dpgarage.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @dpgarage.ch addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mta-gw.infomaniak.ch 2001:1600:0:aaaa::1:3	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-03-28 3 s
mta-gw.infomaniak.ch 2001:1600:0:aaaa::1:4	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-03-28 2 s
mta-gw.infomaniak.ch 83.166.143.58	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-03-28 2 s
mta-gw.infomaniak.ch 83.166.143.57	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-03-28 2 s

Outgoing Mails

We have not received any emails from a @dpgarage.ch address so far. Test mail delivery

Certificates

First seen at: 2024-03-01

CN=mta-gw.infomaniak.ch

Certificate chain

mta-gw.infomaniak.ch
- 2024-05-29 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mta-gw.infomaniak.ch

Alternative Names

mta-gw.infomaniak.ch
mx.infomaniak.com

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-02-29
Not valid after: 2024-05-29

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 54:51:3B:FA:EF:65:BC:5E:CC:D1:45:BC:97:74:D1:B4:5C:DD:8E:3E:4F:87:2B:F2:4A:1F:56:9C:86:64:88:D2
SHA1: E6:99:C4:5C:05:97:EF:55:D5:CC:28:98:9C:7A:15:5B:4A:D7:5D:BE

X509v3 extensions

subjectKeyIdentifier

0B:CD:9E:34:44:88:F5:74:B5:23:4A:DE:2A:2B:C7:77:62:8B:5D:86

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Feb 29 23:39:08.565 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B9:A6:38:21:30:BA:94:11:A8:F0:A2:
81:FD:C0:C7:6D:49:96:F3:6A:F0:29:A8:89:18:37:C0:
64:EC:52:BE:21:02:20:5C:92:1B:73:0C:D3:BF:E9:DE:
46:0D:41:41:55:9E:81:24:9D:6C:67:1A:59:BB:19:CD:
DC:87:F7:BB:BB:CB:54
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
Timestamp : Feb 29 23:39:08.565 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D9:47:84:16:24:1C:EC:EC:74:CE:A1:
D3:D6:3F:A6:AE:19:AD:51:B5:9D:E0:DF:69:FB:5A:C6:
A0:4E:F4:88:75:02:20:44:F0:BF:DB:29:6D:69:F7:B8:
7A:C4:E7:50:6E:E8:72:A9:78:D4:90:8F:68:52:6B:D0:
7A:15:FB:16:17:24:FF

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mta-gw.infomaniak.ch	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of dpgarage.ch