geminix.org - TLS / STARTTLS Test

Discover if the mail servers for geminix.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 28 Mar 2024 12:09:04 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of geminix.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @geminix.org addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
c01.escapebox.net 2a01:238:4318:6300:90b4:cc5:4214:dcaa	10	supported	escapebox.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-03-28 2 s
c01.escapebox.net 85.214.213.244	10	supported	escapebox.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-03-28 2 s

Outgoing Mails

We have not received any emails from a @geminix.org address so far. Test mail delivery

Certificates

First seen at: 2024-03-28

CN=escapebox.net

Certificate chain

escapebox.net
- 2024-06-12 remaining
- 256 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

escapebox.net

Alternative Names

*.anja-doering.com
*.anjadoering.com
*.escapebox.com
*.escapebox.de
*.escapebox.eu
*.escapebox.net
*.geminix.de
*.geminix.org
anja-doering.com
anjadoering.com
escapebox.com
escapebox.de
escapebox.eu
escapebox.net
geminix.de
geminix.org

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-03-14
Not valid after: 2024-06-12

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 89:53:DB:A4:FF:6C:80:B4:57:4F:76:94:47:EE:98:6A:1B:29:72:6F:3E:00:3E:37:A1:B2:FB:14:A6:E4:6E:01
SHA1: 1A:C2:BB:C4:98:A1:5F:E7:5D:6C:AB:2E:9E:44:AD:E0:28:24:53:D0

X509v3 extensions

subjectKeyIdentifier

DF:4A:98:5B:29:0E:6D:A0:79:6B:EB:14:2E:17:8F:97:A3:93:BD:B9

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Mar 14 02:21:57.138 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E8:87:24:4D:79:EB:7B:0E:D5:C1:B2:
C8:0C:E6:52:9F:2B:1F:DA:82:32:F2:69:17:1F:67:B4:
4E:E3:CB:D6:B2:02:21:00:EE:80:86:90:A8:1B:A6:3A:
F5:4C:50:DD:44:76:A9:FE:47:9A:76:C5:E8:6B:09:82:
30:3E:15:67:3A:00:80:46
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
Timestamp : Mar 14 02:21:57.175 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:E5:99:19:5A:6C:E4:10:F3:F1:6C:
E5:35:4D:B4:76:C0:4B:8E:28:49:50:91:BF:84:F3:1A:
53:01:91:22:4C:02:20:74:28:CA:56:AF:CE:5A:4B:23:
EB:C1:89:21:3D:32:10:A6:4A:A6:BA:B3:7D:53:00:23:
39:BB:C0:A1:15:38:CF

tlsfeature

status_request

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.c01.escapebox.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.c01.escapebox.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.c01.escapebox.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.c01.escapebox.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of geminix.org