webspell.fr - TLS / STARTTLS Test

Discover if the mail servers for webspell.fr can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 05 Dec 2024 01:32:12 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of webspell.fr can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @webspell.fr addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mta-gw.infomaniak.ch 2001:1600:0:aaaa::1:3	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-12-05 2 s
mta-gw.infomaniak.ch 2001:1600:0:aaaa::1:4	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-12-05 3 s
mta-gw.infomaniak.ch 83.166.143.57	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-12-05 2 s
mta-gw.infomaniak.ch 83.166.143.58	5	supported	mta-gw.infomaniak.ch	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-12-05 2 s

Outgoing Mails

We have not received any emails from a @webspell.fr address so far. Test mail delivery

Certificates

First seen at: 2024-10-28

CN=mta-gw.infomaniak.ch

Certificate chain

mta-gw.infomaniak.ch
- 2025-01-24 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mta-gw.infomaniak.ch

Alternative Names

mta-gw.infomaniak.ch
mx.infomaniak.com

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-10-26
Not valid after: 2025-01-24

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 5F:B3:EC:9C:6D:CC:E4:54:56:FC:8A:D9:66:32:3A:1A:EB:01:C0:72:F6:02:32:DB:BB:6A:A3:75:E9:55:88:0F
SHA1: BD:9F:EA:FF:57:83:03:EA:EC:CD:AC:A5:F4:6F:1A:E7:B6:7F:C3:40

X509v3 extensions

subjectKeyIdentifier

0B:CD:9E:34:44:88:F5:74:B5:23:4A:DE:2A:2B:C7:77:62:8B:5D:86

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Oct 26 22:42:20.775 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:0E:D3:2F:C0:CA:25:8A:35:CE:D0:B2:A8:
72:B2:D0:4F:DB:5C:C8:64:4E:F0:62:BA:C1:3A:DD:42:
C7:7E:94:D7:02:21:00:C4:6D:CA:0C:AF:D7:59:96:66:
90:3F:C9:B5:44:10:97:D3:64:2D:85:C4:82:9D:01:1C:
19:EC:4B:FE:E6:0F:D3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
Timestamp : Oct 26 22:42:20.726 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:26:AD:4A:71:BC:FA:6F:78:4C:4B:2B:EC:
6B:68:4B:BF:35:1E:CF:2E:4F:5F:1A:C0:EB:E8:28:14:
79:DF:43:E9:02:21:00:E1:E0:F8:B7:6E:BD:6B:B5:71:
3C:E0:75:2B:C6:84:CC:7F:85:8C:60:D8:59:1B:71:9F:
F0:C3:D6:A1:5D:7A:45

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mta-gw.infomaniak.ch	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of webspell.fr