weg-wupperauen.de - TLS / STARTTLS Test

Discover if the mail servers for weg-wupperauen.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 16 Apr 2024 21:23:34 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of weg-wupperauen.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @weg-wupperauen.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.hirt.koeln 2a01:4f8:c012:c1eb::1	10	supported	mail.hirt.koeln	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-04-16 6 s
mail.hirt.koeln 168.119.241.107	10	supported	mail.hirt.koeln	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-04-16 6 s

Outgoing Mails

We have not received any emails from a @weg-wupperauen.de address so far. Test mail delivery

Certificates

First seen at: 2024-04-16

CN=mail.hirt.koeln

Certificate chain

mail.hirt.koeln
- 2024-07-03 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.hirt.koeln

Alternative Names

autoconfig.hirt.koeln
autoconfig.hirtlab.de
autoconfig.weg-wupperauen.de
autodiscover.hirt.koeln
autodiscover.hirtlab.de
autodiscover.weg-wupperauen.de
mail.hirt.koeln
mta-sts.hirt.koeln
mta-sts.hirtlab.de
mta-sts.weg-wupperauen.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-04-04
Not valid after: 2024-07-03

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 0B:3C:C4:99:25:08:3E:2D:15:D1:41:EA:42:AF:2C:37:91:09:F2:26:D9:BC:77:14:C2:CF:8C:B2:5A:DF:95:7F
SHA1: 25:85:DD:ED:18:85:6D:CF:CC:91:60:C0:DD:BB:36:93:31:A7:E3:07

X509v3 extensions

subjectKeyIdentifier

4B:F0:C5:21:92:36:6C:3E:81:04:93:12:68:9B:F9:10:B6:49:3E:49

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Apr 4 07:50:28.419 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:58:36:31:C2:C6:86:48:A4:8E:8B:4C:20:
FB:46:FD:36:63:75:9A:27:22:59:D5:E5:9D:AA:58:85:
3D:B1:15:5F:02:20:04:4E:CD:06:69:CB:B7:F5:35:33:
1A:85:E2:8B:2C:C8:0C:55:76:72:B5:A6:70:BE:B0:02:
8E:1F:5D:FE:87:29
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
Timestamp : Apr 4 07:50:28.605 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:F1:77:04:72:30:A4:D0:F6:76:E1:19:
43:F5:E9:70:C1:01:50:89:CF:5F:07:9A:5C:0C:45:1F:
39:99:34:3E:E4:02:20:55:D7:D0:68:EA:68:79:2B:5A:
7E:E6:BE:B8:6C:01:0E:4B:77:5A:00:EE:BE:D0:2A:A3:
8C:E2:3D:5E:3C:37:18

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.hirt.koeln	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	error Debug	valid

SSL check results of weg-wupperauen.de