freenet.de - TLS / STARTTLS Test

Discover if the mail servers for freenet.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 28 Mar 2024 08:54:30 +0000

Certificates

Not checked
Protocol

Not checked
DANE

Problems found
Bullshit made in Germany

Logo: CC-BY-SA MathiasM

No connection to the mailservers of freenet.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @freenet.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
emig.freenet.de 195.4.92.216 Results incomplete	1	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-03-28 1 s

Outgoing Mails

We have received emails from these servers with @freenet.de sender addresses. Test mail delivery

Host	TLS Version & Cipher
mout3.freenet.de (IPv6:2001:748:100:40::2:5)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2021-08-27
mout1.freenet.de (IPv6:2001:748:100:40::2:3)	TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305	2021-07-25
mout0.freenet.de (IPv6:2001:748:100:40::2:2)	TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305	2021-06-28
mout2.freenet.de (IPv6:2001:748:100:40::2:4)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-06-09

Certificates

No Certificates found

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.emig.freenet.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	—
_25._tcp.emig.freenet.de	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of freenet.de