SSL-Tools

SSL check results of kollof.nl

NEW You can also bulk check multiple servers.

Discover if the mail servers for kollof.nl can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 27 Jul 2024 00:30:12 +0000

We can not guarantee a secure connection to the mailservers of kollof.nl!

Please contact the operator of kollof.nl and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/kollof.nl

Servers

Incoming Mails

These servers are responsible for incoming mails to @kollof.nl addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail-ng.hackerheaven.org
2001:19f0:5001:3332:5400:2ff:fe69:87bd
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
mail-ng.hackerheaven.org
78.141.221.133
 10
supported
mail-ng.hackerheaven.org
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
16 s

Outgoing Mails

We have not received any emails from a @kollof.nl address so far. Test mail delivery

Certificates

First seen at:

CN=mail-ng.hackerheaven.org

Certificate chain
  • mail-ng.hackerheaven.org
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail-ng.hackerheaven.org
Alternative Names
  • mail-ng.hackerheaven.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2024-07-23
Not valid after
2024-10-21
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
CB:AC:E3:36:BD:D4:0B:0C:3E:DC:D5:F5:41:6B:16:81:41:B3:76:E7:76:AB:02:B6:4D:02:44:E3:19:8A:72:22
SHA1
82:5A:79:FF:2C:5E:DA:D6:B4:59:45:CC:27:8A:73:FE:D1:A9:D7:70
X509v3 extensions
subjectKeyIdentifier
  • D5:A8:F7:0F:30:06:9E:AE:8C:15:E2:55:D4:83:CC:EB:CE:9C:05:3C
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • OCSP - URI:http://r11.o.lencr.org
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Jul 23 08:22:48.084 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:21:DA:FE:CC:AE:54:E4:3C:88:CB:EF:D1:
  • D8:23:35:CF:23:AD:A0:20:40:7A:D3:21:D0:FE:C2:C0:
  • 7D:90:E3:41:02:21:00:C7:4B:D7:BE:DC:DF:8E:45:AB:
  • D8:4B:A4:37:53:56:1A:3D:59:14:01:94:B5:01:9E:93:
  • 1B:4D:B2:9D:E7:01:08
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
  • 4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
  • Timestamp : Jul 23 08:22:48.302 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:54:8A:E1:C9:6F:35:E1:7F:0F:DD:52:FD:
  • 89:75:09:33:0E:69:92:08:34:1F:BA:6D:86:FE:8C:2F:
  • 4B:22:AC:4D:02:21:00:F5:F9:1D:A1:AB:A9:9C:0D:45:
  • F6:E4:1C:64:81:D3:7C:98:C8:5E:3A:08:49:7C:63:2F:
  • 01:6D:5A:F6:09:62:BA

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail-ng.hackerheaven.org
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid