SSL check results of protonmail.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for protonmail.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 05 Sep 2022 01:35:36 +0000

The mailservers of protonmail.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @protonmail.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.protonmail.ch
185.70.42.128
5
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
20 s
mail.protonmail.ch
176.119.200.128
5
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
20 s
mail.protonmail.ch
185.205.70.128
5
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
14 s
mailsec.protonmail.ch
185.70.42.129
10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
4 s
mailsec.protonmail.ch
185.205.70.129
10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mailsec.protonmail.ch
176.119.200.129
10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @protonmail.ch sender addresses. Test mail delivery

Host TLS Version & Cipher
mail-40138.protonmail.ch (185.70.40.138)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40132.protonmail.ch (185.70.40.132)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail-40131.protonmail.ch (185.70.40.131)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail-40130.protonmail.ch (185.70.40.130)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=protonmail.com

Certificate chain
  • protonmail.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • protonmail.com
Alternative Names
  • *.pm.me
  • *.protonmail.ch
  • *.protonmail.com
  • *.protonvpn.ch
  • *.protonvpn.com
  • protonmail.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2022-07-14
Not valid after
2022-10-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
1F:37:E5:E5:A1:0E:6D:A8:2C:F1:B2:F5:36:00:20:FF:C2:2C:9D:85:CD:B6:DE:08:62:66:92:3C:46:CC:BB:C7
SHA1
E1:7E:64:AA:0E:FC:B6:4F:00:49:27:38:BC:C9:AF:2B:F6:94:BD:02
X509v3 extensions
subjectKeyIdentifier
  • 33:36:13:CB:1C:5C:7A:BD:79:9C:FB:E5:1D:DB:AB:5F:C6:66:41:06
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Jul 14 16:12:41.389 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:62:94:EC:79:CF:93:2A:F8:39:44:AC:A2:
  • 57:86:B7:C3:AE:03:3C:00:68:E7:33:F0:D8:6E:49:C2:
  • 60:F2:63:F6:02:21:00:8A:39:28:3F:5B:05:B4:AE:F9:
  • 03:25:69:54:5F:55:D6:24:8F:45:5F:B9:14:DE:C0:C8:
  • 4F:C1:3D:E9:87:A0:12
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jul 14 16:12:41.749 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:60:3A:0D:FD:94:9E:13:A6:D4:3E:C0:ED:
  • 55:F0:B7:31:72:77:A9:B0:CE:72:1F:CD:C1:AA:AC:78:
  • 7B:27:4D:3C:02:20:08:AB:A7:F9:E9:1E:61:1D:1E:41:
  • 01:37:ED:A7:89:93:82:94:7B:33:B6:CA:3B:B6:C3:72:
  • 95:B4:24:AE:35:20

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mail.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mailsec.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mailsec.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid