SSL-Tools

SSL check results of tuta.io

NEW You can also bulk check multiple servers.

Discover if the mail servers for tuta.io can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 10 Jan 2025 12:00:56 +0000

The mailservers of tuta.io can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @tuta.io addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.tutanota.de
185.205.69.213
 0
supported
mail.tutanota.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mail.tutanota.de
185.205.69.214
 0
supported
mail.tutanota.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mail.tutanota.de
185.205.69.211
 0
supported
mail.tutanota.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @tuta.io sender addresses. Test mail delivery

Host TLS Version & Cipher
w1.tutanota.de (81.3.6.162)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mail.tutanota.de

Certificate chain
Subject
Common Name (CN)
  • mail.tutanota.de
Alternative Names
  • mail.tutanota.de
  • www.mail.tutanota.de
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • Sectigo Limited
Common Name (CN)
  • Sectigo ECC Domain Validation Secure Server CA
validity period
Not valid before
2024-07-15
Not valid after
2025-08-10
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
AE:20:39:6B:84:98:EA:C3:2A:CE:CF:DA:D6:3D:A6:55:ED:BD:6D:6D:79:F7:E1:E0:93:18:52:C8:B7:38:30:6D
SHA1
02:FC:23:E3:EC:02:02:FC:E8:63:36:B4:9F:82:3C:BD:82:F6:88:53
X509v3 extensions
authorityKeyIdentifier
  • keyid:F6:85:0A:3B:11:86:E1:04:7D:0E:AA:0B:2C:D2:EE:CC:64:7B:7B:AE
subjectKeyIdentifier
  • 7F:5E:68:32:48:61:5E:CE:F6:02:61:6D:6E:EA:73:A7:C7:0F:F7:6C
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://sectigo.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • CA Issuers - URI:http://crt.sectigo.com/SectigoECCDomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.sectigo.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Jul 15 10:13:38.592 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:11:00:E2:0E:72:A1:E0:45:3D:85:07:0A:
  • 25:81:AD:2E:C9:EE:A6:A0:A1:98:89:B3:C8:BE:19:69:
  • 27:3F:B8:55:02:20:60:07:DB:DA:BE:D5:9F:94:A4:5D:
  • BC:B2:B3:40:E8:1A:FF:6E:C6:D8:5C:E1:B1:3D:14:BB:
  • 45:A5:93:26:7C:99
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
  • 47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
  • Timestamp : Jul 15 10:13:38.534 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F7:1B:0E:60:09:7D:30:B2:04:3E:7C:
  • 87:48:E0:66:51:83:A0:3B:C5:A8:B7:1A:4D:DB:CA:88:
  • AB:9C:4B:B4:6B:02:20:5A:7B:7C:9B:CA:3E:75:E4:83:
  • CD:4C:F9:8B:28:FB:0C:A8:44:81:8E:DF:A5:88:21:40:
  • 00:90:38:FB:B9:DD:B5
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
  • F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
  • Timestamp : Jul 15 10:13:38.496 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:96:DA:98:B5:B0:37:6A:94:05:10:4C:
  • 8D:BC:6F:41:B4:CD:88:6A:C5:6E:7D:45:B5:93:9D:B1:
  • 91:AF:7B:68:0B:02:21:00:B0:1F:8F:13:7F:39:A1:32:
  • 50:4D:B9:95:17:11:CD:B3:D6:E6:81:EC:A8:88:5F:0A:
  • 9C:20:07:CD:02:61:38:33

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.tutanota.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.mail.tutanota.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mail.tutanota.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.mail.tutanota.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid