eltrai.net - TLS / STARTTLS Test

Discover if the mail servers for eltrai.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 20 Jan 2025 12:05:01 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of eltrai.net!

Please contact the operator of eltrai.net and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/eltrai.net

Servers

Incoming Mails

These servers are responsible for incoming mails to @eltrai.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
kulu.eltrai.net 2a01:7e00::f03c:91ff:feae:dad7	0	supported	mail.eltrai.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-01-20 40 s
kulu.eltrai.net 176.58.101.79 Results incomplete	0	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2025-01-20 13 s

Outgoing Mails

We have not received any emails from a @eltrai.net address so far. Test mail delivery

Certificates

First seen at: 2025-01-20

CN=mail.eltrai.net

Certificate chain

mail.eltrai.net
- 2025-04-15 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.eltrai.net

Alternative Names

kulu.eltrai.net
mail.eltrai.net

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-01-15
Not valid after: 2025-04-15

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: F7:21:71:DC:6D:D9:DF:AF:01:4C:AA:46:DF:97:DA:4F:E6:20:6F:DD:21:00:20:7D:42:B7:8F:11:01:16:17:79
SHA1: 52:98:80:8A:B7:D8:25:E0:1E:38:F2:89:76:C9:86:D6:CE:0B:E6:A0

X509v3 extensions

subjectKeyIdentifier

0B:39:FB:BD:B8:75:D4:9A:66:9A:06:4B:9F:C6:87:70:38:19:5D:08

authorityKeyIdentifier

keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8

authorityInfoAccess

OCSP - URI:http://r10.o.lencr.org
CA Issuers - URI:http://r10.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Jan 15 02:03:16.539 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:15:47:3D:6D:91:E1:B0:AC:84:76:B7:16:
16:8A:10:DF:5D:24:9C:65:9B:87:9A:8F:C7:5B:F7:6A:
62:E1:5A:61:02:21:00:EC:E7:40:93:BC:DF:FE:C3:E4:
7F:27:9E:F6:2A:E4:C7:02:04:15:8E:CD:05:F7:20:98:
0F:53:1F:A1:4F:BC:96
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
Timestamp : Jan 15 02:03:16.541 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A6:6F:2F:B7:E3:1E:F9:C8:1A:B8:54:
A8:5E:84:99:B7:1E:59:8B:5A:DC:46:26:78:56:0E:C6:
13:C5:2E:A5:F9:02:21:00:B1:0C:2F:6C:11:3A:11:0E:
83:D2:03:46:30:BE:41:92:77:FC:58:56:87:0C:47:CC:
BB:8F:71:95:11:76:64:90

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.kulu.eltrai.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	—
_25._tcp.kulu.eltrai.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-512 Hash	valid	—

SSL check results of eltrai.net