SSL-Tools

SSL check results of protonmail.com

NEW You can also bulk check multiple servers.

Discover if the mail servers for protonmail.com can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 11 Apr 2024 14:42:19 +0000

The mailservers of protonmail.com can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @protonmail.com addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.protonmail.ch
176.119.200.128
 5
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
30 s
mail.protonmail.ch
185.70.42.128
 5
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
42 s
mail.protonmail.ch
185.205.70.128
 5
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
43 s
mailsec.protonmail.ch
176.119.200.129
 10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
14 s
mailsec.protonmail.ch
185.205.70.129
 10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
18 s
mailsec.protonmail.ch
185.70.42.129
 10
supported
protonmail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
19 s

Outgoing Mails

We have received emails from these servers with @protonmail.com sender addresses. Test mail delivery

Host TLS Version & Cipher
mail-40133.protonmail.ch (185.70.40.133)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail4.protonmail.ch (185.70.40.27)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-4325.protonmail.ch (185.70.43.25)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-4316.protonmail.ch (185.70.43.16)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40137.protonmail.ch (185.70.40.137)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40132.protonmail.ch (185.70.40.132)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40130.protonmail.ch (185.70.40.130)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40136.protonmail.ch (185.70.40.136)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40134.protonmail.ch (185.70.40.134)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail2.protonmail.ch (185.70.40.22)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40135.protonmail.ch (185.70.40.135)
TLSv1.3 TLS_AES_256_GCM_SHA384
mail-40141.protonmail.ch (185.70.40.141)
TLSv1.3 TLS_AES_256_GCM_SHA384
unknown (103.140.251.177)
Insecure - not encrypted!
unknown (103.151.122.176)
Insecure - not encrypted!
mail-40131.protonmail.ch (185.70.40.131)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
unknown (45.143.222.16)
Insecure - not encrypted!
mail1.protonmail.ch (185.70.40.18)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=protonmail.com

Certificate chain
  • protonmail.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • protonmail.com
Alternative Names
  • *.pm.me
  • *.protonmail.ch
  • *.protonmail.com
  • *.protonvpn.ch
  • *.protonvpn.com
  • protonmail.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-27
Not valid after
2024-06-25
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
AB:22:18:CF:E9:05:EA:14:06:E3:C8:11:C8:BA:0D:C6:3C:49:A6:14:08:84:12:C6:5F:74:3F:D2:D8:3B:DB:28
SHA1
B2:4E:FF:FA:B5:32:F1:BC:C4:78:7C:31:D2:0E:2E:F6:B8:1B:9A:B8
X509v3 extensions
subjectKeyIdentifier
  • F1:A2:0A:FF:29:EF:F8:78:84:E8:07:0C:E0:56:8A:76:64:D2:2B:A5
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Mar 27 14:20:09.710 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:80:73:3A:25:C2:1A:74:34:F8:3F:A7:
  • 09:BC:98:10:2A:6D:5F:1C:59:DA:A6:B6:39:F1:11:14:
  • 7A:5F:90:A9:BA:02:20:6D:0F:42:F9:07:05:13:A4:09:
  • 72:47:CE:51:F9:F5:DE:97:12:EE:2E:7C:EC:E9:B2:A9:
  • 70:78:F9:69:F4:D4:3E
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Mar 27 14:20:11.714 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:09:32:45:4D:26:6D:1F:84:D9:71:F4:0C:
  • 5F:8A:CA:FE:04:98:75:F4:13:2D:5E:34:CE:D3:C7:A5:
  • 73:55:44:79:02:21:00:E0:C3:66:C4:D2:2D:32:8C:2D:
  • 36:D0:63:3B:E3:59:9D:A9:5B:FF:A0:7F:2D:63:0A:40:
  • 0C:77:29:BC:FD:1B:C4

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mail.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mailsec.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mailsec.protonmail.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid