lwl.de - TLS / STARTTLS Test

Discover if the mail servers for lwl.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 18 Apr 2024 21:19:01 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of lwl.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @lwl.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail11.lwl.org 195.202.51.19	10	supported	mail11.lwl.org	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-04-18 2 s
mail12.lwl.org 89.27.164.139	20	supported	mail12.lwl.org	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-04-18 2 s

Outgoing Mails

We have not received any emails from a @lwl.de address so far. Test mail delivery

Certificates

First seen at: 2024-04-18

CN=mail12.lwl.org

Certificate chain

mail12.lwl.org
- 2024-06-24 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail12.lwl.org

Alternative Names

mail12.lwl.org

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-03-26
Not valid after: 2024-06-24

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: BA:A1:17:41:AD:14:39:D7:5B:5B:F1:0B:56:2F:98:23:56:2F:96:31:45:19:22:D4:FE:91:CB:F1:16:FE:76:BD
SHA1: AF:87:E4:E6:5F:0C:B4:88:13:D8:EB:BF:AB:5D:16:D3:67:36:14:76

X509v3 extensions

subjectKeyIdentifier

1C:B9:DF:A3:06:31:9C:80:5A:D4:AA:56:FC:E7:84:42:C3:0F:E6:74

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Mar 26 09:14:27.341 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:DF:19:BA:EE:7B:66:37:B2:8C:9A:43:
7B:0A:72:43:47:EA:21:5B:11:18:9A:4D:31:29:61:C1:
E0:53:63:59:1B:02:21:00:EA:91:1E:19:D3:8B:72:2C:
35:67:CB:4A:95:B2:61:13:2F:EB:7E:92:81:FD:BD:83:
86:D8:B6:50:5F:A2:61:D7
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
Timestamp : Mar 26 09:14:27.351 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:CD:56:31:78:DF:05:9A:F4:37:48:EE:
C5:2A:79:35:69:1D:12:6F:81:19:A1:EA:70:CB:1F:CD:
F5:EF:3A:7F:E5:02:20:25:02:56:15:AD:85:75:A8:E8:
49:32:F2:73:B1:91:1A:A0:2E:E1:16:5D:8D:D2:D1:83:
90:23:26:96:BE:40:EB

First seen at: 2024-04-18

CN=mail11.lwl.org

Certificate chain

mail11.lwl.org
- 2024-06-24 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail11.lwl.org

Alternative Names

mail11.lwl.org

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-03-26
Not valid after: 2024-06-24

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 0A:26:A9:3D:49:D5:A7:B8:E7:92:40:3C:EC:BB:F3:9A:F6:BF:82:3C:BF:58:8D:95:09:7D:95:1B:E7:71:58:01
SHA1: 32:E4:F4:BC:48:02:14:32:45:85:AB:5A:80:B0:18:A9:86:4A:AC:9F

X509v3 extensions

subjectKeyIdentifier

63:FA:24:F0:3E:72:BB:BB:79:7E:45:7B:58:29:D0:9C:43:75:7D:34

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Mar 26 09:12:49.462 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:FC:A3:77:0F:99:34:9A:3A:D6:8F:6D:
F9:C0:D9:D0:3C:4D:36:ED:66:C9:5C:32:49:7C:C5:38:
17:DC:93:A4:14:02:20:15:97:A0:B2:39:47:3F:F2:D8:
23:F7:5A:5C:8C:E3:B7:5D:3D:B8:BB:87:5B:AC:CF:E8:
BF:AB:80:56:0B:87:11
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Mar 26 09:12:49.471 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:24:3C:E3:7E:CB:D8:A7:73:08:64:D7:C4:
A3:6E:F2:D8:ED:A8:CF:4E:5A:4E:73:41:3B:EC:30:81:
76:9D:B9:6B:02:21:00:99:E5:94:FF:D3:C1:FD:FA:39:
85:3A:A3:11:85:37:8B:9D:7B:73:0E:30:49:47:70:C2:
2A:5C:90:11:CE:CA:DB

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail12.lwl.org	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mail11.lwl.org	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of lwl.de

Summary

The mailservers of lwl.de can be reached through a secure connection.

Servers

Incoming Mails

Outgoing Mails

Certificates

CN=mail12.lwl.org

CN=mail11.lwl.org

DANE