SSL check results of lto.ru

NEW You can also bulk check multiple servers.

Discover if the mail servers for lto.ru can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 04 Jul 2023 15:17:37 +0000

The mailservers of lto.ru can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @lto.ru addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
x.lto.ru
2a01:4f9:c011:90bd::1
0
supported
*.lto.ru
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
x.lto.ru
65.109.234.220
0
supported
*.lto.ru
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
y.lto.ru
2a01:4f8:1c1e:d1c6::1
2
supported
*.lto.ru
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
y.lto.ru
128.140.40.255
2
supported
*.lto.ru
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @lto.ru address so far. Test mail delivery

Certificates

First seen at:

CN=*.lto.ru

Certificate chain
Subject
Common Name (CN)
  • *.lto.ru
Alternative Names
  • *.lto.ru
  • lto.ru
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • AlphaSSL CA - SHA256 - G4
validity period
Not valid before
2023-05-24
Not valid after
2024-06-24
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
F9:F9:77:17:18:58:04:BA:2B:1C:07:97:B7:51:79:BB:87:11:54:C4:32:EF:43:72:D9:EA:63:A8:15:7C:73:41
SHA1
86:68:5D:57:D8:B9:58:FE:99:5A:67:0E:96:F9:BD:EF:BE:AF:71:AD
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/alphasslcasha256g4.crt
  • OCSP - URI:http://ocsp.globalsign.com/alphasslcasha256g4
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.4146.10.1.3
  • CPS: https://www.globalsign.com/repository/
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/alphasslcasha256g4.crl
authorityKeyIdentifier
  • keyid:4F:CB:AC:A8:C2:EF:AB:DD:83:6F:6B:BF:CE:98:3D:5C:58:25:76:15
subjectKeyIdentifier
  • A2:81:3F:C3:CF:33:2E:B0:A8:6E:A3:C6:7A:33:AC:31:F2:71:79:AF
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : May 24 14:14:11.684 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:ED:AD:71:7B:A8:E4:0A:7F:05:9A:4D:
  • BC:69:36:95:D1:8D:03:56:E1:29:F8:FA:0B:D5:77:93:
  • 00:25:F6:76:A8:02:20:0D:F4:E9:A2:97:7B:06:21:43:
  • 87:EE:59:DE:A9:67:FA:77:8D:05:5A:0B:4E:50:6A:1A:
  • C1:B0:4E:D7:9E:BD:0B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : May 24 14:14:11.664 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:EB:C6:2F:FD:55:7F:0C:70:09:77:9E:
  • C5:A0:6F:6D:5A:3A:8E:AA:C1:4F:3D:2D:BD:02:2B:6D:
  • 42:E6:7D:61:85:02:21:00:9B:A8:94:3A:E6:1A:E5:54:
  • FF:84:C3:F2:E9:D3:28:7C:2A:C7:BF:C3:35:32:20:12:
  • 40:8A:26:7A:FC:19:64:44
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : May 24 14:14:11.730 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:01:7B:A9:92:29:A1:AE:BB:B2:BE:B3:3C:
  • 14:D0:2E:30:32:E8:69:4A:B1:53:9D:27:FE:51:A2:4E:
  • 8B:8E:7C:47:02:21:00:97:40:3E:35:E2:8D:32:96:5A:
  • B9:CA:72:AA:DF:32:F0:21:0B:C7:0F:79:06:85:73:95:
  • 7C:F2:E9:55:FD:FA:1B

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.x.lto.ru
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.y.lto.ru
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid