SSL-Tools

SSL check results of mifritscher.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for mifritscher.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 09 Sep 2025 10:00:16 +0000

The mailservers of mifritscher.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mifritscher.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.mifritscher.de
2a01:4f8:221:2e45:7ad5:1009::1
Results incomplete
10 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
mail.mifritscher.de
188.40.170.105
 10
supported
mail.mifritscher.de
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @mifritscher.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.mifritscher.de

Certificate chain
  • mail.mifritscher.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.mifritscher.de
Alternative Names
  • mail.mifritscher.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-08-16
Not valid after
2025-11-14
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
8B:75:A4:21:9A:67:14:48:14:C8:EC:3A:28:9E:7A:A5:49:AB:0A:95:B5:F4:AC:5A:6F:5A:62:DA:72:86:F0:67
SHA1
4B:8B:B8:A0:9B:F6:7A:07:59:66:15:7A:01:98:E4:CD:B3:AE:FA:94
X509v3 extensions
subjectKeyIdentifier
  • 1A:66:FA:4A:6C:AC:D8:24:5B:96:F7:1D:9D:03:F8:D9:07:B0:11:BD
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/80.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
  • 47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
  • Timestamp : Aug 16 22:18:28.986 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:DE:2E:A5:EC:48:A2:54:4E:1F:08:F2:
  • BB:78:E5:35:AB:0F:8C:4B:B1:B0:85:35:8E:08:1B:D3:
  • A5:4E:49:A7:79:02:20:23:48:36:FF:74:5D:64:A3:4F:
  • F7:A8:69:E1:06:DE:D8:E4:0B:B6:28:48:28:41:BC:1C:
  • 4C:DE:59:A7:20:FF:A9
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Aug 16 22:18:29.057 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:B5:FF:94:93:07:98:6A:38:73:91:A1:
  • 76:C4:63:93:1F:FF:B8:5F:2A:F8:4E:8A:2D:FC:E3:93:
  • 58:64:3F:A9:B7:02:20:54:FD:AF:A3:36:F3:12:B9:ED:
  • 36:50:66:F6:67:6D:9B:E4:FC:00:8C:55:DA:CC:FD:DE:
  • E3:07:24:83:10:47:3A

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.mifritscher.de
  • PKIX-TA: CA Constraint
  • Use subject public key
  • SHA-256 Hash
valid