SSL-Tools

SSL check results of cs537.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for cs537.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 03 Mar 2024 11:50:13 +0000

The mailservers of cs537.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @cs537.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.cs537.de
2a01:4f8:c0c:85f5::1
 10
supported
mail.cs537.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
6 s
mail.cs537.de
167.235.133.95
 10
supported
mail.cs537.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
5 s

Outgoing Mails

We have not received any emails from a @cs537.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.cs537.de

Certificate chain
  • mail.cs537.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.cs537.de
Alternative Names
  • cs537.de
  • mail.cs537.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-02-22
Not valid after
2024-05-22
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
9E:12:C8:89:4C:14:AD:0D:B7:47:6B:13:07:5C:A4:1A:C8:21:1E:58:A6:38:D9:97:59:C3:5D:A9:7A:83:D9:29
SHA1
BF:1E:BF:58:CE:5A:B4:B4:49:94:D5:C9:A7:D6:34:23:31:BB:1E:4B
X509v3 extensions
subjectKeyIdentifier
  • 06:D3:07:D2:3A:F4:ED:00:3A:E3:AB:C1:EE:45:39:43:4C:46:11:2C
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Feb 22 12:27:27.393 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A8:A5:C5:B6:FA:C5:3E:13:ED:F5:67:
  • 78:4F:46:5D:BC:27:75:93:B9:DC:4C:E2:E1:20:07:9A:
  • 34:E0:02:54:EE:02:21:00:C8:38:44:E1:B1:E2:E1:CA:
  • 55:3B:C9:69:EC:C5:17:96:8B:9D:A3:16:A5:DB:23:C2:
  • 6D:E7:9B:67:70:36:D5:81
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
  • 65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
  • Timestamp : Feb 22 12:27:27.392 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:F5:DE:71:7E:48:50:CE:9C:59:CE:4E:
  • AE:92:0B:4A:FC:6D:51:9D:83:6E:B1:2B:E2:5F:5E:A8:
  • 64:24:A8:F4:5A:02:21:00:97:94:34:5D:5D:96:9C:6E:
  • 62:8C:18:DE:8E:7C:07:E0:F4:2F:F7:C9:1D:86:87:45:
  • F5:5C:44:4F:31:1D:85:CC

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.cs537.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid