kernel-error.de - TLS / STARTTLS Test

Discover if the mail servers for kernel-error.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 20 Sep 2024 13:55:49 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of kernel-error.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @kernel-error.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
smtp.kernel-error.de 2a01:4f8:262:4716::25	10	supported	*.kernel-error.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-09-20 1 s
smtp.kernel-error.de 148.251.30.205	10	supported	*.kernel-error.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-09-20 1 s

Outgoing Mails

We have received emails from these servers with @kernel-error.de sender addresses. Test mail delivery

Host	TLS Version & Cipher
smtp.kernel-error.de (IPv6:2a01:4f8:201:9027::25)	TLSv1.3 TLS_AES_256_GCM_SHA384	2020-04-01

Certificates

First seen at: 2024-04-08

CN=*.kernel-error.de

Certificate chain

*.kernel-error.de
- 2025-05-10 remaining
- 384 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

*.kernel-error.de

Alternative Names

*.kernel-error.de
kernel-error.de

Issuer

Country (C)

Organization (O)

GlobalSign nv-sa

Common Name (CN)

GlobalSign GCC R6 AlphaSSL CA 2023

validity period

Not valid before: 2024-04-08
Not valid after: 2025-05-10

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 3B:75:1E:43:48:61:89:45:01:B4:DF:51:7B:54:45:BB:7E:14:D1:DA:FF:DF:D8:95:F5:5D:FB:C5:17:19:4F:CB
SHA1: DF:EA:E8:D2:5A:44:5D:46:45:A6:2A:D1:FA:4A:1F:B9:89:BB:FB:6D

X509v3 extensions

authorityInfoAccess

CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr6alphasslca2023.crt
OCSP - URI:http://ocsp.globalsign.com/gsgccr6alphasslca2023

certificatePolicies

Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.4146.10.1.3
CPS: https://www.globalsign.com/repository/

crlDistributionPoints

Full Name:
URI:http://crl.globalsign.com/gsgccr6alphasslca2023.crl

authorityKeyIdentifier

keyid:BD:05:B7:F3:8A:93:3C:73:CB:79:FA:0F:85:12:A1:77:96:18:91:74

subjectKeyIdentifier

66:D4:DA:C8:58:FE:6F:E9:2B:D3:4B:62:C3:E5:74:03:6C:89:AE:48

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
Timestamp : Apr 8 12:38:13.681 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:4D:95:0F:09:47:04:38:0A:35:39:CF:81:
82:32:3C:9F:35:E3:89:B1:A0:6A:18:1A:8D:27:73:F8:
96:6A:18:C0:02:20:1D:39:6A:CD:7A:D1:2F:CA:0F:16:
2B:55:C4:5D:76:6A:72:71:F7:83:8B:D5:7C:07:A0:4D:
24:01:18:21:C5:C4
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
Timestamp : Apr 8 12:38:13.567 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:88:E0:FB:C7:B8:9C:C6:8E:03:33:64:
AE:B4:96:29:77:75:07:B5:AC:9B:0F:83:93:6C:8E:99:
78:57:DF:62:20:02:21:00:BB:CA:E1:36:3E:C0:9A:52:
A0:3F:FB:6B:5B:8D:77:F0:73:DF:14:EF:1D:AE:CF:5E:
24:3E:18:08:74:07:12:67
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
Timestamp : Apr 8 12:38:13.321 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:73:D6:7A:3C:5A:CE:0E:F1:CE:3E:69:4F:
07:CA:6D:70:F0:9D:BD:82:87:06:63:74:0C:33:71:78:
8C:15:AF:C3:02:20:69:10:94:07:F1:6E:EE:C2:EA:F8:
50:75:D4:76:6D:78:C5:48:5B:CD:E0:11:37:B4:63:FE:
0E:81:CD:BA:7D:99

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.smtp.kernel-error.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	—
_25._tcp.smtp.kernel-error.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of kernel-error.de