SSL-Tools

SSL check results of defend2.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for defend2.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 09 May 2024 14:14:28 +0000

The mailservers of defend2.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @defend2.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-1.defend2.org
96.246.224.30
 10
supported
*.defend2.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s

Outgoing Mails

We have received emails from these servers with @defend2.org sender addresses. Test mail delivery

Host TLS Version & Cipher
mx-1.defend2.org (96.246.224.30)
TLSv1.3 TLS_AES_256_GCM_SHA384
mta7.srv.hcvlny.cv.net (167.206.4.202)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mta2.srv.hcvlny.cv.net (167.206.4.197)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

Certificates

First seen at:

CN=*.defend2.org

Certificate chain
  • *.defend2.org
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • *.defend2.org
Alternative Names
  • *.defend2.org
  • defend2.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-05-08
Not valid after
2024-08-06
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
B7:CA:29:1D:CA:79:27:5A:FE:94:A8:44:85:06:F8:20:BF:88:2C:12:C7:90:AD:15:D4:33:12:8A:27:85:31:4B
SHA1
ED:51:84:80:3B:01:A2:3E:5E:48:68:2B:A0:40:60:26:70:0C:5A:0A
X509v3 extensions
subjectKeyIdentifier
  • 99:B7:00:59:08:52:CB:49:B7:04:09:79:E1:F1:24:BB:6C:93:D5:1D
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : May 8 23:40:46.213 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:60:39:87:07:BC:F1:F4:02:18:9E:D3:CD:
  • B3:07:8B:07:95:FE:A6:40:5B:E5:B0:6A:C7:DF:D4:79:
  • 2B:AA:DA:AA:02:20:58:45:C9:70:CB:63:78:AB:90:1B:
  • 7A:07:F9:8F:DD:91:B4:75:46:CC:A3:80:6C:45:CE:8E:
  • E3:6E:46:87:F5:C9
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DF:E1:56:EB:AA:05:AF:B5:9C:0F:86:71:8D:A8:C0:32:
  • 4E:AE:56:D9:6E:A7:F5:A5:6A:01:D1:C1:3B:BE:52:5C
  • Timestamp : May 8 23:40:46.396 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:BF:93:64:DA:9A:19:2E:B8:04:B6:B3:
  • 51:E2:94:18:D2:02:13:94:4C:00:70:A6:CE:E1:71:8C:
  • 3F:E6:8F:76:26:02:20:1B:EA:15:26:24:3D:39:7C:02:
  • 7F:56:6E:6B:6A:3D:0D:3D:D6:5B:68:2E:F6:22:FC:1B:
  • C5:6C:9B:E7:6A:F9:6E

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-1.defend2.org
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid