SSL-Tools

SSL check results of ksan.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ksan.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 01 May 2026 00:30:42 +0000

We can not guarantee a secure connection to the mailservers of ksan.de!

Please contact the operator of ksan.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/ksan.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @ksan.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail1.ksan.de
45.138.59.200
 10
supported
mail1.ksan.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s
mail2.ksan.de
45.138.59.201
Results incomplete
20
unsupported
not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
17 s

Outgoing Mails

We have not received any emails from a @ksan.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail1.ksan.de

Certificate chain
  • mail1.ksan.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R13
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail1.ksan.de
Alternative Names
  • mail1.ksan.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R13
validity period
Not valid before
2026-04-23
Not valid after
2026-07-22
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
Fingerprints
SHA256
24:57:30:41:3B:6E:14:14:28:75:19:16:37:24:DE:AB:85:49:CB:1C:5C:33:22:C0:4D:17:98:8B:13:56:A9:E7
SHA1
59:A1:9E:BA:13:78:E6:EE:C4:A7:46:4D:14:EE:7E:E4:5F:88:B4:AC
X509v3 extensions
subjectKeyIdentifier
  • 36:44:E1:37:7A:0E:C1:57:AC:A5:A1:43:65:86:7B:30:81:35:77:BE
authorityKeyIdentifier
  • keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33
authorityInfoAccess
  • CA Issuers - URI:http://r13.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r13.c.lencr.org/74.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
  • F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
  • Timestamp : Apr 23 12:57:51.435 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:0F:0E:E9:B1:87:76:78:C9:17:CA:C7:99:
  • C1:B8:CB:34:7D:D3:56:0C:33:D6:CA:BC:80:16:0F:BA:
  • F9:ED:9D:19:02:21:00:80:72:A9:66:5E:F2:7D:2A:8B:
  • 3D:D7:E6:1C:E0:96:44:1C:A0:84:F7:8D:1B:2A:D9:5A:
  • 61:82:9F:94:7B:79:4F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A8:26:CB:E3:0A:C6:35:12:46:53:3F:E0:65:F1:4F:19:
  • D9:6E:19:08:13:C4:1D:D9:6D:79:00:B3:12:3C:55:27
  • Timestamp : Apr 23 12:57:51.497 2026 GMT
  • Extensions: 00:00:05:00:08:03:22:6B
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:D7:83:B2:19:1E:A1:70:CB:25:17:E1:
  • 7F:B5:BA:0E:D5:DF:5C:65:B5:82:F5:24:BA:0C:90:BF:
  • A4:D0:B0:AB:82:02:21:00:AB:4A:9C:E3:85:C2:F8:25:
  • BF:9E:AB:2C:D0:3A:8B:D2:3F:D6:91:8C:36:7B:9D:20:
  • BE:01:80:60:AE:5B:60:E6