SSL check results of protonmail.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for protonmail.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Sat, 08 Dec 2018 18:48:30 +0000

The mailservers of protonmail.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @protonmail.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.protonmail.ch
185.70.40.101
5
supported
*.protonmail.ch
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
17 s
mailsec.protonmail.ch
185.70.40.102
10
supported
*.protonmail.ch
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11 s

Outgoing Mails

We have received emails from these servers with @protonmail.ch sender addresses. Test mail delivery

Host TLS Version & Cipher
mail1.protonmail.ch (185.70.40.18)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail2.protonmail.ch (185.70.40.22)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail3.protonmail.ch (185.70.40.25)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail4.protonmail.ch (185.70.40.27)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

emailAddress=security@protonmail.ch,CN=*.protonmail.ch,OU=ProtonMail,O=Proton Technologies AG,L=Genève,ST=GE,C=CH

Certificate chain
Subject
Country (C)
  • CH
State (ST)
  • GE
Locality (L)
  • Gen?ve
Organization (O)
  • Proton Technologies AG
Organizational Unit (OU)
  • ProtonMail
Common Name (CN)
  • *.protonmail.ch
Email
  • security@protonmail.ch
Alternative Names
  • *.protonmail.ch
  • email:security@protonmail.ch
Issuer
Country (C)
  • BM
Organization (O)
  • QuoVadis Limited
Common Name (CN)
  • QuoVadis Global SSL ICA G2
validity period
Not valid before
2016-01-19
Not valid after
2019-01-19
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
F8:0B:28:7A:2F:DE:38:D9:F7:F9:20:6B:5A:7B:40:D5:05:DE:A6:B6:77:5E:28:A5:4E:A0:39:34:7F:96:88:84
SHA1
DF:E4:7E:6A:19:AF:FF:A7:45:BE:8D:AB:33:8E:08:16:D8:F4:08:53
X509v3 extensions
authorityInfoAccess
  • OCSP - URI:http://ocsp.quovadisglobal.com
  • CA Issuers - URI:http://trust.quovadisglobal.com/qvsslg2.crt
certificatePolicies
  • Policy: 1.3.6.1.4.1.8024.0.2.100.1.1
  • CPS: http://www.quovadisglobal.com/repository
authorityKeyIdentifier
  • keyid:91:19:62:AD:5B:17:A7:30:FB:F0:DE:39:25:B1:BD:8C:B9:B8:51:27
crlDistributionPoints
  • Full Name:
  • URI:http://crl.quovadisglobal.com/qvsslg2.crl
subjectKeyIdentifier
  • 3B:39:1E:AB:D0:75:6E:EF:78:E8:5D:ED:F0:66:0B:59:7E:8C:A1:E4