SSL-Tools

SSL check results of protonmail.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for protonmail.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON

Checking

Servers

Incoming Mails

These servers are responsible for incoming mails to @protonmail.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.protonmail.ch
185.70.40.103
 5 ... protonmail.com
DANE
PFS
supported
Heartbleed
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
mailsec.protonmail.ch
185.70.40.102
 10 ... protonmail.com
DANE
PFS
supported
Heartbleed
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3

Outgoing Mails

We have received emails from these servers with @protonmail.ch sender addresses. Test mail delivery

Host TLS Version & Cipher
mail-40132.protonmail.ch (185.70.40.132)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=protonmail.com,O=Proton Technologies AG,L=Plan-les-Ouates,ST=GE,C=CH

Certificate chain
Subject
Country (C)
  • CH
State (ST)
  • GE
Locality (L)
  • Plan-les-Ouates
Organization (O)
  • Proton Technologies AG
Common Name (CN)
  • protonmail.com
Alternative Names
  • protonmail.com
  • *.protonmail.com
  • *.protonmail.ch
  • *.pm.me
  • *.protonvpn.com
  • *.protonvpn.ch
Issuer
Country (C)
  • CH
Organization (O)
  • SwissSign AG
Common Name (CN)
  • SwissSign Server Gold CA 2014 - G22
validity period
Not valid before
2019-08-09
Not valid after
2021-08-09
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
E7:24:EC:B1:9D:DD:98:A5:9A:0E:E6:1D:54:F6:58:17:5F:94:5D:6A:26:5C:50:C7:E5:98:BF:6B:A0:1A:1D:AD
SHA1
96:A1:D2:76:10:8D:03:A3:A5:7A:E9:F0:8D:40:1F:FB:21:AD:6B:DC
X509v3 extensions
subjectKeyIdentifier
  • 33:36:13:CB:1C:5C:7A:BD:79:9C:FB:E5:1D:DB:AB:5F:C6:66:41:06
authorityKeyIdentifier
  • keyid:E7:F1:E7:FD:2E:53:AD:11:E5:81:1A:57:A4:73:8F:12:7D:98:C8:AE
crlDistributionPoints
  • Full Name:
  • URI:http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
  • Full Name:
  • URI:ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint
certificatePolicies
  • Policy: 2.16.756.1.89.1.2.1.11
  • CPS: http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf
  • Policy: 0.4.0.2042.1.7
  • Policy: 2.23.140.1.2.2
authorityInfoAccess
  • CA Issuers - URI:http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
  • OCSP - URI:http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0:
  • DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8
  • Timestamp : Aug 9 18:14:09.550 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:2F:25:0D:63:31:42:C5:F5:CC:7D:75:DF:
  • 27:AD:98:D4:90:AE:ED:70:E3:AD:24:71:27:0D:EA:1F:
  • 4F:53:D4:16:02:20:2B:AC:EC:06:7D:52:AD:1E:A2:F5:
  • 23:BE:38:2A:81:9A:01:79:05:7B:F8:36:46:DC:88:BA:
  • CA:31:1E:E9:1E:DF
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Aug 9 18:14:09.707 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:3A:A0:44:90:57:72:B8:95:C3:E4:81:E2:
  • 4F:1E:EA:46:91:DB:AB:D0:40:5B:03:B3:F0:25:6C:66:
  • F0:6B:9C:A6:02:20:6C:7A:7F:85:36:3B:8B:BE:DA:C5:
  • A0:5A:20:77:68:0D:33:A9:14:A6:EE:66:FA:64:21:E0:
  • D0:27:8D:37:5F:E1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
  • 38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
  • Timestamp : Aug 9 18:14:09.469 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:3E:C0:C6:13:2A:32:33:52:BE:64:5F:71:
  • 4E:4A:F3:8C:AF:FF:82:86:7B:98:CD:77:99:F5:78:47:
  • 20:77:51:A1:02:21:00:E0:6B:40:BD:97:1E:9A:A0:17:
  • 3D:74:64:5B:73:A6:78:55:BC:65:5F:2C:F3:E1:2E:5C:
  • DE:1D:38:AF:7C:10:3B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Aug 9 18:14:09.254 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:CD:C0:9F:8D:F6:E3:6A:14:1D:AB:A8:
  • AE:96:D2:87:EE:D9:14:3A:37:9E:9F:E3:22:0F:39:15:
  • 30:57:20:F1:46:02:20:04:02:D1:94:BC:CA:0E:0B:1F:
  • 58:E2:BA:BA:35:BE:7D:76:63:61:1A:23:F4:37:8B:0C:
  • 59:33:C0:35:4C:8E:6B