SSL-Tools

SSL check results of srvn.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for srvn.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 15 Aug 2025 16:55:15 +0000

The mailservers of srvn.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @srvn.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.sack.dev
2a01:4f8:162:1d06::babe
Results incomplete
10 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s
mx01.sack.dev
5.9.111.169
 10
supported
mx.sack.dev
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx02.sack.dev
2001:67c:864:1::babe
 10
supported
mx.sack.dev
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx02.sack.dev
195.110.20.3
 10
supported
mx.sack.dev
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @srvn.de address so far. Test mail delivery

Certificates

First seen at:

CN=mx.sack.dev

Certificate chain
  • mx.sack.dev
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R10
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx.sack.dev
Alternative Names
  • mx.sack.dev
  • mx01.sack.dev
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R10
validity period
Not valid before
2025-07-28
Not valid after
2025-10-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
FD:39:73:3C:77:00:46:72:EC:4F:7D:A3:9D:04:4E:77:14:61:AB:73:DA:F1:B3:1A:F3:7A:CC:B1:76:A7:5C:67
SHA1
64:9B:3B:E1:FF:E1:B4:1A:D3:22:AB:40:02:73:C9:E6:E3:51:34:63
X509v3 extensions
subjectKeyIdentifier
  • 78:4F:A5:DF:53:C8:D6:4C:6D:7F:28:38:E3:40:ED:45:A6:4C:28:2E
authorityKeyIdentifier
  • keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
authorityInfoAccess
  • CA Issuers - URI:http://r10.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r10.c.lencr.org/84.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:42:C5:06:49:60:61:54:8F:0F:D4:EA:9C:FB:7A:2D:
  • 26:45:4D:87:A9:7F:2F:DF:45:59:F6:27:4F:3A:84:54
  • Timestamp : Jul 28 15:31:21.627 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:66:E8:FD:1C:60:18:84:C9:33:84:BC:70:
  • 39:0E:47:DF:86:C9:DD:8B:98:40:56:22:A4:0F:E9:2E:
  • 00:B4:E5:E2:02:20:56:90:D7:77:B8:5F:C1:1B:EB:B5:
  • 43:4F:A9:8F:D7:68:29:00:06:21:50:FF:95:45:DD:51:
  • 8C:07:6F:97:61:C0
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
  • F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
  • Timestamp : Jul 28 15:31:23.628 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A7:91:43:6B:E4:A5:82:5B:40:DA:3F:
  • 21:05:D9:3B:F6:77:3E:38:3F:3B:12:BD:73:07:A0:14:
  • BF:AE:01:21:74:02:21:00:F5:55:C4:DE:62:81:1F:95:
  • 23:ED:96:58:34:7F:1A:04:84:0F:05:6D:1B:B3:97:BD:
  • 5E:6C:36:DA:17:D9:11:68
First seen at:

CN=mx.sack.dev

Certificate chain
  • mx.sack.dev
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx.sack.dev
Alternative Names
  • mx.sack.dev
  • mx02.sack.dev
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-07-30
Not valid after
2025-10-28
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
82:96:72:55:4C:28:9E:9F:0B:D5:4F:45:B2:3A:A3:00:A2:6F:B9:21:A5:43:CE:1A:68:0B:D4:62:7A:EA:DA:09
SHA1
DF:2C:CA:05:01:80:D2:95:BD:D3:E1:70:0E:9C:0D:54:C6:D2:72:23
X509v3 extensions
subjectKeyIdentifier
  • 44:A5:0A:F7:CA:40:FD:DB:FD:1D:60:FB:BD:65:EF:FC:B1:49:D3:3A
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/80.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : ED:3C:4B:D6:E8:06:C2:A4:A2:00:57:DB:CB:24:E2:38:
  • 01:DF:51:2F:ED:C4:86:C5:70:0F:20:DD:B7:3E:3F:E0
  • Timestamp : Jul 30 04:46:30.389 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:68:57:50:63:90:E8:74:B7:6F:84:87:01:
  • EE:50:F0:B5:DA:59:FD:43:2D:8A:DB:90:9E:5C:C3:58:
  • AC:3E:F3:26:02:21:00:AA:DB:5D:FE:D5:A0:98:61:8C:
  • 46:06:E3:4A:EB:C0:94:C9:A3:44:45:25:D2:B3:80:F5:
  • 01:CF:9F:2C:9F:F1:19
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Jul 30 04:46:30.460 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:CF:FF:17:04:F8:45:21:C0:7A:74:27:
  • 27:C2:55:CE:4E:7F:13:BA:02:56:7B:CC:C9:14:02:50:
  • 8B:73:03:AB:1D:02:20:08:9E:8F:6F:8D:EC:AE:68:27:
  • EA:6C:1B:97:56:CD:E4:09:12:CD:5F:C3:18:B8:B2:F9:
  • 2A:FE:C4:01:12:53:E6

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.sack.dev
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx02.sack.dev
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid