SSL-Tools

SSL check results of hanlian.asia

NEW You can also bulk check multiple servers.

Discover if the mail servers for hanlian.asia can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 01 May 2021 06:51:15 +0000

The mailservers of hanlian.asia can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @hanlian.asia addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
smx002.mao.systems
217.114.65.168
 10
supported
smx002.mao.systems
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
smx001.mao.systems
217.114.65.171
 20
supported
smx001.mao.systems
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s

Outgoing Mails

We have not received any emails from a @hanlian.asia address so far. Test mail delivery

Certificates

First seen at:

CN=smx001.mao.systems

Certificate chain
  • smx001.mao.systems
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption
Subject
Common Name (CN)
  • smx001.mao.systems
Alternative Names
  • smx001.mao.systems
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2021-03-04
Not valid after
2021-06-02
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
00:E1:AE:E4:6E:2A:BA:B3:C3:86:72:99:64:B7:9A:6A:49:36:75:76:4E:7B:EE:F0:1B:96:7C:F4:54:1F:80:5E
SHA1
E6:6D:49:37:D4:D8:89:FF:E8:B7:3D:AC:5B:5F:C3:AE:6A:E2:22:4D
X509v3 extensions
subjectKeyIdentifier
  • FD:84:EB:E3:4B:B5:05:11:F7:E9:DE:49:49:6F:B1:AE:2D:37:FE:70
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Mar 4 02:18:05.213 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:99:D8:9B:6C:BF:02:CF:8E:C2:5C:68:
  • BD:6F:72:F1:22:E2:5C:22:D6:37:A9:E5:46:38:D0:B8:
  • 02:9D:9D:47:7A:02:21:00:D0:78:90:C9:5C:E5:5F:EE:
  • 95:EB:F5:45:C2:17:BE:AD:56:0D:FF:63:35:E3:73:E9:
  • F2:FD:21:E1:73:18:96:DD
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
  • E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
  • Timestamp : Mar 4 02:18:05.137 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:A8:7E:C6:D7:90:88:52:87:56:6F:CD:
  • E2:A6:A6:A5:8F:35:35:CF:09:56:01:25:A2:6B:4E:91:
  • CB:F8:4E:01:28:02:20:61:39:B6:00:45:66:42:B9:39:
  • AD:9C:37:2A:F0:27:DB:71:96:B8:36:DB:70:3F:21:CC:
  • 18:16:BF:BA:95:47:10
First seen at:

CN=smx002.mao.systems

Certificate chain
  • smx002.mao.systems
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption
Subject
Common Name (CN)
  • smx002.mao.systems
Alternative Names
  • smx002.mao.systems
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2021-03-07
Not valid after
2021-06-05
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
AC:2F:06:7B:CD:25:C2:C8:3B:E4:7A:AD:CE:3D:3E:E1:FC:A6:20:69:00:4A:58:7F:D7:B5:2A:35:45:B2:81:5A
SHA1
86:22:4B:91:B8:B1:0B:C8:56:6A:55:18:B7:0C:2F:B6:28:8C:BF:39
X509v3 extensions
subjectKeyIdentifier
  • 3D:0E:2C:51:67:E1:38:14:92:0A:9F:1F:CA:00:BF:2E:44:FD:70:92
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Mar 7 17:41:51.040 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:50:47:95:A4:EA:35:33:C9:72:E2:B0:55:
  • A9:08:CA:BE:6E:BF:1A:9E:DE:0F:D7:65:47:06:47:52:
  • 8C:E3:7A:57:02:20:46:64:55:01:79:51:BF:65:D7:7D:
  • 47:7F:F8:C1:AF:D5:72:6A:F6:29:4B:E1:15:04:00:F9:
  • 71:60:F2:B5:1D:A1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Mar 7 17:41:51.054 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:10:B5:8F:18:AF:44:70:F3:50:AD:CF:19:
  • 70:52:CA:84:83:FC:D5:B3:F9:FA:CB:0F:1E:E9:F2:4E:
  • 85:1C:C6:0B:02:20:17:F3:A2:A1:3F:23:1F:91:23:5D:
  • A8:E9:54:9E:15:24:A3:0C:B5:44:94:A2:F7:A4:66:71:
  • 28:86:5E:F7:FC:71

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.smx001.mao.systems
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.smx001.mao.systems
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.smx002.mao.systems
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.smx002.mao.systems
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid