SSL-Tools

SSL check results of kfz-sh.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for kfz-sh.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 29 Sep 2020 08:57:25 +0000

We can not guarantee a secure connection to the mailservers of kfz-sh.de!

Please contact the operator of kfz-sh.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/kfz-sh.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @kfz-sh.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mailgate.kfz-sh.de
80.153.1.217
 1
supported
mailgate.kfz-sh.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mail.kfz-sh.de
80.153.1.217
 200
supported
mailgate.kfz-sh.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s
mx01.ipberlin.com
2a02:f28:2:6::4
Results incomplete
300
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx01.ipberlin.com
194.29.232.68
Results incomplete
300
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx02.ipberlin.com
2a02:f28:2:6::5
Results incomplete
400
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
4 s
mx02.ipberlin.com
194.29.232.69
Results incomplete
400
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
4 s
mx03.ipberlin.com
2a02:f28:2::194:29:226:106
Results incomplete
500
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
4 s
mx03.ipberlin.com
194.29.226.106
Results incomplete
500
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
4 s

Outgoing Mails

We have received emails from these servers with @kfz-sh.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mailgate.kfz-sh.de (80.153.1.217)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mailgate.kfz-sh.de

Certificate chain
  • mailgate.kfz-sh.de
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Unknown Authority
      Sectigo RSA Domain Validation Secure Server CA
Subject
Common Name (CN)
  • mailgate.kfz-sh.de
Alternative Names
  • mailgate.kfz-sh.de
  • www.mailgate.kfz-sh.de
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • Sectigo Limited
Common Name (CN)
  • Sectigo RSA Domain Validation Secure Server CA
validity period
Not valid before
2020-09-29
Not valid after
2021-09-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
F1:60:C8:4A:E0:64:64:BD:61:9A:37:D3:91:18:0B:C1:D0:26:E1:4F:2C:03:D2:91:59:39:C7:29:D5:C6:04:F6
SHA1
E7:3F:C4:CC:7E:C9:EC:7C:9E:E3:B1:C9:E8:C5:89:59:C3:2B:C6:10
X509v3 extensions
authorityKeyIdentifier
  • keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
subjectKeyIdentifier
  • B1:33:41:D6:3F:1F:CB:32:7E:EC:37:29:14:68:6E:1C:CB:C1:B6:80
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://sectigo.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.sectigo.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Sep 29 07:42:43.510 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:53:20:DE:9A:67:70:31:CE:A1:DB:5B:59:
  • A9:ED:CE:75:86:E2:3A:76:93:E8:A1:44:6D:56:34:87:
  • 30:8F:9D:6D:02:20:22:40:8C:AF:07:DC:10:C1:58:C1:
  • 49:B1:63:D1:A3:8F:A5:AE:92:63:FA:E1:BF:C4:74:EF:
  • CA:C5:97:48:C8:99
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Sep 29 07:42:43.551 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E1:01:31:08:02:B8:D8:FE:6C:CA:7C:
  • 8C:7B:97:57:21:37:8E:E0:3E:84:1A:12:93:4C:2C:6D:
  • E5:BD:16:3F:A9:02:20:54:71:6A:21:CA:8A:FF:D2:93:
  • FA:C3:79:92:3D:6E:93:6D:B5:F7:DA:80:E3:B7:34:FB:
  • F8:14:9D:2E:E5:DA:54