jbechtel.de - TLS / STARTTLS Test

Discover if the mail servers for jbechtel.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 13 Nov 2025 11:39:10 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of jbechtel.de!

Please contact the operator of jbechtel.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/jbechtel.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @jbechtel.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
gt.jbechtel.de 83.171.237.161	5	supported	jbechtel.de	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers supported SSL_RSA_WITH_RC4_128_SHA	TLSv1.2 ~~SSLv3~~	2025-11-13 2 s
mx.runbox.com 185.226.149.25 Results incomplete	444	supported	not checked	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-11-13 1 s

Outgoing Mails

We have not received any emails from a @jbechtel.de address so far. Test mail delivery

Certificates

First seen at: 2025-11-13

CN=jbechtel.de

Certificate chain

jbechtel.de
- 2025-12-10 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

jbechtel.de

Alternative Names

gt.jbechtel.de
gteethunberg.gt.jbechtel.de
jbechtel.de
test.jbechtel.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-09-11
Not valid after: 2025-12-10

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: EC:B3:D4:33:7A:BC:AA:78:9F:AF:D5:93:6D:8E:A3:DB:5B:96:49:80:D8:C5:28:DB:F7:87:A2:D1:8C:7F:91:45
SHA1: EF:D7:D3:B6:7B:86:6D:1D:C9:4E:F7:E8:DB:59:12:EF:C5:33:9E:C3

X509v3 extensions

subjectKeyIdentifier

0B:EF:98:75:EC:A2:B3:89:5D:D6:AD:9C:4D:23:1A:3B:23:7D:53:38

authorityKeyIdentifier

keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33

authorityInfoAccess

CA Issuers - URI:http://r13.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r13.c.lencr.org/53.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : ED:3C:4B:D6:E8:06:C2:A4:A2:00:57:DB:CB:24:E2:38:
01:DF:51:2F:ED:C4:86:C5:70:0F:20:DD:B7:3E:3F:E0
Timestamp : Sep 11 19:03:16.294 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C0:61:3C:FF:DA:6A:62:3E:1A:36:8E:
6D:7D:2B:83:3F:0A:9E:D6:C1:AE:31:08:E5:A5:0D:2F:
73:D5:67:62:22:02:21:00:AE:90:BE:E7:71:B6:23:AD:
C1:9C:77:3C:CD:02:5A:E4:9F:E0:CE:66:73:DF:8C:3B:
4F:1F:B5:6D:43:65:C1:D6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
Timestamp : Sep 11 19:03:16.272 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F8:72:CC:0C:FD:4D:BF:99:54:D5:3E:
A5:20:78:CA:21:38:FD:F2:7C:D2:20:1E:E7:84:54:77:
6F:AE:44:B2:CB:02:21:00:FA:4C:AF:FE:5D:9C:63:9A:
43:4C:C0:4C:01:F7:85:A6:9C:4C:0B:1E:28:46:43:E1:
3B:D1:F0:52:2A:F8:A7:11

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx.runbox.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of jbechtel.de