midoria.org - TLS / STARTTLS Test

Discover if the mail servers for midoria.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 05 Jul 2025 09:35:14 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of midoria.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @midoria.org addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mta-gw.infomaniak.ch 2001:1600:0:aaaa::1:3	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-07-05 3 s
mta-gw.infomaniak.ch 2001:1600:0:aaaa::1:4	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-07-05 2 s
mta-gw.infomaniak.ch 83.166.143.58	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-07-05 3 s
mta-gw.infomaniak.ch 83.166.143.57	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2025-07-05 2 s

Outgoing Mails

We have not received any emails from a @midoria.org address so far. Test mail delivery

Certificates

First seen at: 2025-07-05

CN=mta-gw.infomaniak.ch

Certificate chain

mta-gw.infomaniak.ch
- 2025-09-20 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mta-gw.infomaniak.ch

Alternative Names

mta-gw.infomaniak.ch
mx.infomaniak.com

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-06-22
Not valid after: 2025-09-20

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: C1:A5:EA:4C:77:18:56:EC:4A:09:19:2B:CB:95:7B:97:12:88:C9:65:98:81:4D:69:FC:CB:0A:0F:2B:4F:FE:6F
SHA1: 06:03:BF:EB:6C:8D:DB:31:AC:2F:5C:33:DA:64:4E:89:A6:D8:D7:57

X509v3 extensions

subjectKeyIdentifier

0B:CD:9E:34:44:88:F5:74:B5:23:4A:DE:2A:2B:C7:77:62:8B:5D:86

authorityKeyIdentifier

keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8

authorityInfoAccess

CA Issuers - URI:http://r10.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r10.c.lencr.org/80.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A4:42:C5:06:49:60:61:54:8F:0F:D4:EA:9C:FB:7A:2D:
26:45:4D:87:A9:7F:2F:DF:45:59:F6:27:4F:3A:84:54
Timestamp : Jun 22 22:41:17.604 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D0:AE:02:4E:55:53:D4:68:54:46:DF:
9A:FC:7B:47:57:CE:31:F5:EC:E1:5B:76:54:25:E5:08:
D5:E9:D6:40:62:02:21:00:F9:82:BB:9A:AA:F5:F1:5C:
98:68:5A:C5:00:73:17:C1:E0:ED:67:85:73:4A:8E:BD:
33:E7:7A:00:B7:90:00:C6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
Timestamp : Jun 22 22:41:21.607 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:AB:16:55:D8:EB:D2:47:F7:5A:34:9B:
CA:A8:07:3F:D7:0D:13:6A:DC:95:98:09:8F:A5:45:AA:
43:A9:FC:B0:05:02:20:13:6D:32:F5:2C:73:A1:7E:83:
9B:5C:B6:CC:39:7F:26:A7:B2:CF:2A:72:DE:06:9C:48:
CC:F2:3F:02:AE:94:64

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mta-gw.infomaniak.ch	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of midoria.org