dutt.ch - TLS / STARTTLS Test

Discover if the mail servers for dutt.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 25 May 2025 12:31:32 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of dutt.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @dutt.ch addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx.dutt.ch 2a01:4f8:262:3e4b:97::21	10	supported	*.beta.skyworkva.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-05-25 12 s
mx.dutt.ch 142.132.249.247	10	supported	*.beta.skyworkva.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-05-25 8 s

Outgoing Mails

We have received emails from these servers with @dutt.ch sender addresses. Test mail delivery

Host	TLS Version & Cipher
srv2.dutt.ch (185.66.109.200)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-05-15

Certificates

First seen at: 2025-05-25

CN=*.beta.skyworkva.ch

Certificate chain

*.beta.skyworkva.ch
- 2025-07-22 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

*.beta.skyworkva.ch

Alternative Names

*.beta.skyworkva.ch
*.cds.dutt.ch
*.dutt.ch
*.lab.dutt.ch
beta.skyworkva.ch
crew.skyworkva.ch
dutt.ch

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-04-23
Not valid after: 2025-07-22

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 87:09:B1:71:74:C1:23:72:15:44:F8:98:1E:EF:59:B1:96:85:41:38:ED:46:61:09:34:7E:5F:E6:EB:02:CE:64
SHA1: 93:DB:D6:2E:64:26:63:8F:1B:8F:20:C0:A9:23:B6:9C:E0:F5:01:9D

X509v3 extensions

subjectKeyIdentifier

99:78:B8:F6:77:56:CC:25:FB:67:93:ED:C8:88:65:7C:90:E1:55:55

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r11.c.lencr.org/96.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A4:42:C5:06:49:60:61:54:8F:0F:D4:EA:9C:FB:7A:2D:
26:45:4D:87:A9:7F:2F:DF:45:59:F6:27:4F:3A:84:54
Timestamp : Apr 23 10:57:43.626 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:B7:CF:A7:AF:44:82:30:2D:F8:75:09:
2E:81:3E:20:4F:70:ED:2B:82:65:78:ED:F6:87:53:E5:
88:1A:8E:C1:85:02:21:00:D3:AD:BF:78:E3:EC:BC:E6:
52:35:31:4B:D2:24:86:02:64:60:09:54:A2:23:5C:98:
C2:8C:55:C4:B3:2C:E0:E5
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
Timestamp : Apr 23 10:57:43.620 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:98:1F:26:85:90:A8:46:7D:2A:16:AC:
DD:C6:BB:99:5C:70:01:7A:21:B4:61:4D:01:CB:06:70:
EC:63:AD:29:8E:02:21:00:CF:9B:84:9B:40:CA:89:55:
53:F0:CD:B4:B8:40:FE:25:33:FC:00:E2:C0:03:B3:E1:
FA:40:0D:B8:F0:B0:A2:9B

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx.dutt.ch	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of dutt.ch