srv4all.net - TLS / STARTTLS Test

Discover if the mail servers for srv4all.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 22 Feb 2025 01:31:42 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of srv4all.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @srv4all.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
delta.srv4all.net 2001:678:cc8:2:8000::	10	supported	*.srv4all.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-02-22 10 s
delta.srv4all.net 193.164.138.70	10	supported	*.srv4all.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-02-22 7 s
delta-ipv4.srv4all.net 193.164.138.70	20	supported	*.srv4all.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-02-21 2 s

Outgoing Mails

We have not received any emails from a @srv4all.net address so far. Test mail delivery

Certificates

First seen at: 2025-02-20

CN=*.srv4all.net

Certificate chain

*.srv4all.net
- 2025-04-12 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

*.srv4all.net

Alternative Names

*.srv4all.net
srv4all.net

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-01-12
Not valid after: 2025-04-12

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 2E:90:84:03:23:25:98:9E:C6:2E:FD:9C:E4:98:FD:A5:52:F1:B8:EA:1C:43:F8:58:A5:7B:0E:E5:1F:BA:83:A7
SHA1: C1:9C:5C:E0:65:DE:21:DE:B9:2D:12:86:4C:3A:77:F3:F3:9A:BA:FD

X509v3 extensions

subjectKeyIdentifier

39:D2:88:7D:FF:19:CB:E0:96:6A:55:82:08:B0:C5:A6:88:1E:4D:D7

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
Timestamp : Jan 12 20:47:31.481 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D1:CA:D7:BC:08:C9:75:EF:58:A3:8A:
A8:C8:DE:08:BE:13:CF:CC:F7:55:47:A1:55:3D:10:02:
66:D4:04:11:33:02:20:34:92:81:42:97:5B:48:2E:21:
08:C3:85:52:6B:19:67:D1:AD:5E:05:46:27:D3:CB:43:
8B:32:2D:08:E4:19:94
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Jan 12 20:47:31.480 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:6B:CC:53:89:C3:7A:8F:54:69:63:76:AE:
AC:A4:3B:12:5F:0F:18:AE:33:31:C1:32:C3:88:1A:A4:
72:3F:C8:6F:02:20:02:A0:E7:86:A1:E6:DD:A0:A3:99:
EA:E2:BA:3A:B5:F0:71:5C:03:DD:B9:C7:07:12:3F:2B:
E7:35:72:5E:05:22

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.delta-ipv4.srv4all.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.delta.srv4all.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of srv4all.net