nerilex.org - TLS / STARTTLS Test

Discover if the mail servers for nerilex.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 15 May 2024 23:01:12 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of nerilex.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @nerilex.org addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
nerilex.org 2a00:1828:2000:193:7c::1	10	supported	nerilex.org	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 ~~SSLv3~~	2024-05-15 2 s
nerilex.org 217.11.61.124	10	supported	nerilex.org	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 ~~SSLv3~~	2024-05-15 2 s

Outgoing Mails

We have not received any emails from a @nerilex.org address so far. Test mail delivery

Certificates

First seen at: 2024-05-15

CN=nerilex.org

Certificate chain

nerilex.org
- 2024-07-31 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

nerilex.org

Alternative Names

bg.nerilex.org
bin.nerilex.org
blog.nerilex.org
chat.nerilex.org
cld.nerilex.org
cloud-old.nerilex.org
cloud.nerilex.org
cloud2.nerilex.org
conference.nerilex.org
converse.nerilex.org
echo.nerilex.org
files.nerilex.org
icq.nerilex.org
id.nerilex.org
impressum.nerilex.org
irc.nerilex.org
jabber.nerilex.org
lists.nerilex.org
mail.nerilex.org
matrix.nerilex.org
meet.nerilex.org
money.nerilex.org
nerilex.org
proxy.nerilex.org
prr.nerilex.org
pubsub.nerilex.org
telegram.nerilex.org
upload.nerilex.org
xmpp.nerilex.org

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-05-02
Not valid after: 2024-07-31

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: E0:E9:61:C3:34:73:02:36:ED:D4:4E:A8:F8:F5:3D:15:45:A4:4E:A1:6C:FE:64:9E:56:55:0E:89:B4:15:C5:7A
SHA1: BC:CD:31:64:C1:E2:D4:7D:CD:BF:E7:3F:D5:A2:8A:BE:04:C9:F9:3D

X509v3 extensions

subjectKeyIdentifier

17:41:C0:2B:A8:F0:BF:ED:0E:EB:C2:F3:33:B6:FC:28:4B:34:69:42

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : May 3 00:47:51.254 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:0E:CA:02:3B:3D:DA:14:26:A9:60:CD:39:
9C:58:4C:D4:D3:37:46:97:19:AE:A4:88:38:E0:9F:01:
12:FB:5F:C0:02:20:59:FC:9F:CF:6A:D5:33:7A:4F:EA:
A6:5E:8F:5E:17:09:E5:65:50:1C:CF:CE:09:4B:B2:15:
4E:12:89:4B:03:94
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16:B4:CA
Timestamp : May 3 00:47:51.270 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:79:58:D2:05:F4:2B:EA:AC:A6:E4:4D:A1:
88:77:BB:9F:D8:3E:9F:78:74:AE:ED:B6:5A:29:23:42:
DD:BB:33:10:02:21:00:B7:79:5C:91:5C:77:03:99:9B:
7C:38:6F:7C:2B:68:D2:A0:61:33:E7:B6:1D:74:64:E5:
79:9E:BB:FB:00:B9:BA

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.nerilex.org	PKIX-TA: CA Constraint Use subject public key SHA-256 Hash	valid	valid

SSL check results of nerilex.org