semark.dk - TLS / STARTTLS Test

Discover if the mail servers for semark.dk can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 27 Jan 2021 07:29:17 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Missing

The mailservers of semark.dk can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @semark.dk addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.semark.dk 2001:470:27:419::2	10	supported	imap.semark.dk	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2021-01-27 3 s
mail.semark.dk 5.103.136.165	10	supported	imap.semark.dk	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2021-01-27 3 s
adsl.semark.dk 2.110.34.219 Results incomplete	20		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2021-01-27 11 s

Outgoing Mails

We have received emails from these servers with @semark.dk sender addresses. Test mail delivery

Host	TLS Version & Cipher
5.103.136.165.static.fibianet.dk (5.103.136.165)	TLSv1.2 ADH-AES256-GCM-SHA384	2021-01-27

Certificates

First seen at: 2021-01-26

CN=imap.semark.dk

Certificate chain

imap.semark.dk
- 2021-03-30 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

imap.semark.dk

Alternative Names

imap.semark.dk
mail.semark.dk
smtp.semark.dk

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2020-12-30
Not valid after: 2021-03-30

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: B7:12:C1:6E:77:92:85:39:E6:B3:7D:BE:45:2C:26:9A:5F:1C:73:9C:95:B5:FF:24:CF:92:15:81:98:61:55:BB
SHA1: 3B:5F:40:EB:80:BF:A7:C1:46:57:6A:25:C5:B8:6E:8A:A3:67:67:77

X509v3 extensions

subjectKeyIdentifier

C7:62:66:D6:AF:9B:A2:24:AA:3C:F6:FA:21:20:C9:7C:53:CB:7F:07

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0:
DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8
Timestamp : Dec 30 22:01:23.321 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:29:46:AB:5B:2D:0A:46:14:97:C7:EE:2F:
CF:BE:C1:94:9C:B3:C2:1A:CD:F4:51:EC:72:A5:82:B9:
BB:6F:55:F2:02:20:28:E9:44:B9:20:DC:15:F2:37:1F:
86:0F:A6:5A:55:48:A8:17:23:15:E3:B4:7B:51:C5:4F:
7C:7E:D7:EF:A8:67
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
Timestamp : Dec 30 22:01:23.353 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:6D:F6:CB:CD:B1:F7:02:0E:EE:A5:38:57:
B4:11:F9:61:A6:77:03:51:23:F9:F3:BA:E4:52:9D:7E:
1D:BF:20:7D:02:21:00:E3:00:9A:CE:29:D3:BC:F9:2F:
4F:9A:3B:2E:DC:62:F5:2C:EB:FF:9D:C3:5F:C5:EC:D9:
9B:D0:5F:E2:D7:63:50

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.semark.dk	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid

SSL check results of semark.dk