kupschke.net - TLS / STARTTLS Test

Discover if the mail servers for kupschke.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 14 Feb 2026 12:26:51 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of kupschke.net!

Please contact the operator of kupschke.net and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/kupschke.net

Servers

Incoming Mails

These servers are responsible for incoming mails to @kupschke.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.kupschke.net 2a03:4000:66:c8a::1	10	supported	mail.kupschke.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2026-02-14 2 s
mail.kupschke.net 89.58.43.163 Results incomplete	10	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2026-02-14 11 s

Outgoing Mails

We have received emails from these servers with @kupschke.net sender addresses. Test mail delivery

Host	TLS Version & Cipher
unknown (IPv6:2a03:4000:1c:9f::1)	TLSv1.3 TLS_AES_256_GCM_SHA384	2020-06-07

Certificates

First seen at: 2026-02-08

CN=mail.kupschke.net

Certificate chain

mail.kupschke.net
- 2026-04-15 remaining
- 384 bit
- ecdsa-with-SHA384

Subject

Common Name (CN)

mail.kupschke.net

Alternative Names

mail.kupschke.net

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2026-01-15
Not valid after: 2026-04-15

This certifcate has been verified for the following usages:

Digital Signature
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: FA:5A:44:7D:78:6F:2D:05:11:5C:B4:2B:A2:07:0E:EB:E8:83:96:3C:47:F9:EC:D5:64:B8:16:C1:39:08:60:A4
SHA1: A3:C9:4E:88:26:17:7E:28:35:FD:48:69:A3:81:72:13:BF:09:C5:E1

X509v3 extensions

subjectKeyIdentifier

83:96:B5:F4:FB:E8:3D:F0:44:C6:5A:F3:56:60:B7:1B:A4:62:33:64

authorityKeyIdentifier

keyid:8F:0D:13:A2:F6:2E:7E:D1:50:6C:33:18:38:5D:59:8E:23:72:91:CA

authorityInfoAccess

CA Issuers - URI:http://e8.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://e8.c.lencr.org/8.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
Timestamp : Jan 15 02:06:14.974 2026 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:CE:F0:79:1A:93:86:03:42:66:29:2D:
FA:96:FE:73:7B:91:9B:EC:2A:7F:A2:48:B6:D7:3E:CB:
BD:D7:4A:09:F8:02:20:24:B4:C8:5C:9A:EA:54:CC:F6:
11:4F:16:15:A0:10:C6:42:52:2A:0E:2D:38:B6:3D:AA:
90:79:10:AC:50:C8:E6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 71:7E:95:F3:C2:38:8A:6D:B1:E3:84:49:3D:31:E1:5A:
A9:62:08:76:2D:42:00:E0:05:0C:D0:67:B5:A6:61:E2
Timestamp : Jan 15 02:06:15.142 2026 GMT
Extensions: 00:00:05:00:06:F8:EE:C4
Signature : ecdsa-with-SHA256
30:45:02:21:00:FC:30:A1:F4:83:E6:A0:7E:23:BF:46:
34:0C:8E:F5:23:14:AA:DD:26:71:94:C9:0B:BF:14:64:
68:7A:CF:F2:B9:02:20:4C:FC:08:E6:03:A3:91:33:87:
CC:6A:06:25:5F:6E:09:89:B1:93:6A:0E:C6:79:83:CD:
65:25:95:BB:34:34:C4

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.kupschke.net	DANE-TA: Trust Anchor Assertion Use full certificate SHA-512 Hash	valid	—
_25._tcp.mail.kupschke.net	DANE-TA: Trust Anchor Assertion Use full certificate SHA-512 Hash	valid	—

SSL check results of kupschke.net