tazserver.xyz - TLS / STARTTLS Test

Discover if the mail servers for tazserver.xyz can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 05 Dec 2024 05:33:53 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of tazserver.xyz!

Please contact the operator of tazserver.xyz and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/tazserver.xyz

Servers

Incoming Mails

These servers are responsible for incoming mails to @tazserver.xyz addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
proxmail.tazserver.xyz 2001:470:4173:30:eeee:8ff:19d7:42c2 Results incomplete	5	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2024-12-05 11 s
proxmail.tazserver.xyz 69.162.253.198	5	supported	proxmail.tazserver.xyz	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-12-05 13 s

Outgoing Mails

We have not received any emails from a @tazserver.xyz address so far. Test mail delivery

Certificates

First seen at: 2024-11-08

CN=proxmail.tazserver.xyz

Certificate chain

proxmail.tazserver.xyz
- 2025-01-06 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

proxmail.tazserver.xyz

Alternative Names

proxmail.tazserver.xyz

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-10-08
Not valid after: 2025-01-06

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: A9:5C:26:E1:CD:EF:37:4D:6D:5F:C7:4A:A4:79:8F:17:3E:24:B0:8F:A1:16:92:B2:7A:8A:13:2F:D5:41:64:2A
SHA1: 8D:93:2A:63:F9:A8:58:08:97:B9:45:0C:C9:99:B4:C3:93:A3:52:40

X509v3 extensions

subjectKeyIdentifier

73:BA:C3:FE:B4:75:C8:28:D9:DE:08:09:BE:AA:E9:91:0D:13:31:E9

authorityKeyIdentifier

keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8

authorityInfoAccess

OCSP - URI:http://r10.o.lencr.org
CA Issuers - URI:http://r10.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
Timestamp : Oct 8 09:20:26.986 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:6E:8E:29:71:30:32:0B:FA:B3:0E:21:CB:
6C:1D:1D:7D:79:8C:06:E7:6E:A1:9F:D8:9A:F3:69:1F:
54:AA:EC:4B:02:20:07:4F:A8:9D:9A:34:EA:54:EF:0E:
F8:D8:24:35:9A:B7:A1:5A:AB:92:AC:72:AA:1F:0A:1A:
ED:38:5F:DA:D0:85
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Oct 8 09:20:27.052 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:03:FB:AA:D7:2D:E4:AB:C3:4D:E5:01:A9:
A4:C3:03:5C:89:88:65:61:B0:1F:3E:6D:39:FB:A8:88:
2E:EC:B7:C4:02:21:00:F2:1A:27:97:92:4B:C2:C6:32:
BE:73:94:9F:43:18:FC:F0:A9:A7:CB:8C:B5:58:1F:49:
C8:FE:86:FE:E0:54:F3

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.proxmail.tazserver.xyz	DANE-EE: Domain Issued Certificate Use full certificate SHA-256 Hash	valid	valid

SSL check results of tazserver.xyz