gerlings.org - TLS / STARTTLS Test

Discover if the mail servers for gerlings.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 31 May 2026 21:29:42 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of gerlings.org!

Please contact the operator of gerlings.org and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/gerlings.org

Servers

Incoming Mails

These servers are responsible for incoming mails to @gerlings.org addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.ffct.eu 2a0a:4cc0:c0:cc88:b441:17ff:fe5b:a26b Results incomplete	10	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2026-05-31 11 s
mail.ffct.eu 152.53.163.153	10	supported	mail.ffct.eu	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2026-05-31 9 s

Outgoing Mails

We have not received any emails from a @gerlings.org address so far. Test mail delivery

Certificates

First seen at: 2026-05-31

CN=mail.ffct.eu

Certificate chain

mail.ffct.eu
- 2026-08-11 remaining
- 256 bit
- ecdsa-with-SHA384

Subject

Common Name (CN)

mail.ffct.eu

Alternative Names

mail.ffct.eu

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2026-05-13
Not valid after: 2026-08-11

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication

Fingerprints

SHA256: 5B:13:BB:0A:94:20:F1:BF:C7:EB:1C:7F:0C:CA:E4:2F:94:B7:9B:96:34:6C:CB:4E:F8:ED:25:9F:91:AC:C8:47
SHA1: 1A:13:E1:CA:33:D8:A7:BC:6B:2B:28:88:0A:CE:63:B8:C8:95:DC:5E

X509v3 extensions

subjectKeyIdentifier

33:E4:9A:1A:AE:3C:23:CC:93:8E:0C:E0:9F:80:6B:A5:47:CF:57:E8

authorityKeyIdentifier

keyid:AE:48:9E:DC:87:1D:44:A0:6F:DA:A2:E5:60:74:04:78:C2:9C:00:80

authorityInfoAccess

CA Issuers - URI:http://e7.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://e7.c.lencr.org/56.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : C2:31:7E:57:45:19:A3:45:EE:7F:38:DE:B2:90:41:EB:
C7:C2:21:5A:22:BF:7F:D5:B5:AD:76:9A:D9:0E:52:CD
Timestamp : May 14 00:44:46.880 2026 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:92:BC:93:12:63:1B:35:34:F4:92:0A:
FD:8B:6F:DD:DB:20:05:0D:9D:08:D4:79:5C:3D:99:BF:
8E:C6:65:90:BC:02:21:00:88:1E:72:8F:DF:29:65:D0:
4F:3B:9B:25:FF:DB:2F:B6:89:F1:89:DB:CA:90:AE:37:
7D:D8:8B:4B:6E:8F:C7:8E
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6C:FE:50:19:43:A8:5E:A9:16:BC:52:D1:33:E4:DC:C9:
1E:F1:41:1C:7D:25:84:20:D1:73:80:9E:18:18:EB:3A
Timestamp : May 14 00:44:47.150 2026 GMT
Extensions: 00:00:05:00:0B:63:26:DE
Signature : ecdsa-with-SHA256
30:46:02:21:00:D1:5C:D1:68:B2:04:AB:35:DA:53:EF:
0C:1A:45:F1:9B:6C:47:0C:BA:CC:CD:CA:9A:1B:A2:6C:
FA:F1:26:A0:EF:02:21:00:80:01:0B:E2:2B:6E:5A:45:
B0:93:51:87:65:21:1A:0A:32:51:6D:AC:EA:3D:95:98:
E4:CB:AA:87:07:C4:A2:BA

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.ffct.eu	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mail.ffct.eu	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mail.ffct.eu	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mail.ffct.eu	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of gerlings.org