SSL check results of t-2.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for t-2.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 09 Oct 2020 18:41:31 +0000

No connection to the mailservers of t-2.net could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @t-2.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
smtp-good-in-1.t-2.net
2a01:260:1:4::23
Results incomplete
0
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
smtp-good-in-1.t-2.net
84.255.208.35
Results incomplete
0
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
smtp-bad-in-1.t-2.net
2a01:260:1:4::27
Results incomplete
1
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
smtp-bad-in-1.t-2.net
84.255.208.39
Results incomplete
1
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @t-2.net address so far. Test mail delivery

Certificates

First seen at:

CN=*.t-2.net,O=T-2 d.o.o.,street=Verovskova ulica 64 A,L=Ljubljana,postalCode=1000,C=SI

Certificate chain
Subject
Country (C)
  • SI
Postal code
  • 1000
Locality (L)
  • Ljubljana
Street
  • Verovskova ulica 64 A
Organization (O)
  • T-2 d.o.o.
Common Name (CN)
  • *.t-2.net
Alternative Names
  • *.t-2.net
  • t-2.net
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • Sectigo Limited
Common Name (CN)
  • Sectigo RSA Organization Validation Secure Server CA
validity period
Not valid before
2020-02-18
Not valid after
2021-03-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
99:94:55:44:E2:33:62:B6:DC:10:02:A0:64:67:90:6B:0D:D9:E2:AF:00:FB:2B:3D:9F:2D:02:06:F4:65:8C:40
SHA1
24:62:D7:8A:29:DB:8D:AC:14:24:37:C9:EA:C9:84:9B:16:0C:B1:A1
X509v3 extensions
authorityKeyIdentifier
  • keyid:17:D9:D6:25:27:67:F9:31:C2:49:43:D9:30:36:44:8C:6C:A9:4F:EB
subjectKeyIdentifier
  • 6A:CC:C8:CF:53:AB:DE:99:A0:AB:41:51:5D:25:BA:69:C9:A2:B4:EE
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
  • CPS: https://sectigo.com/CPS
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.sectigo.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Feb 18 13:53:14.449 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:CA:5C:9C:C7:E2:59:D1:75:A6:2E:D3:
  • 0D:33:B0:CE:85:00:CB:A6:28:04:96:8C:62:A7:AA:2D:
  • 63:08:FC:35:85:02:21:00:F6:3E:BC:72:C8:E8:CC:50:
  • 74:FE:0A:41:C6:60:01:F1:82:EC:11:80:4E:3F:3F:30:
  • 6C:0F:71:30:30:72:C5:39
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Feb 18 13:53:14.395 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8F:1F:FD:B0:98:24:52:1C:3E:98:7D:
  • CA:E4:24:26:7F:51:A9:17:48:BD:08:39:2A:FF:A8:EA:
  • 6A:A7:A0:72:01:02:20:16:2F:28:48:A9:AD:22:9F:59:
  • FE:36:0B:2F:E7:A6:D8:7E:D4:87:05:D8:8C:77:A6:82:
  • D0:8A:30:20:FB:15:29

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.smtp-bad-in-1.t-2.net
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.smtp-good-in-1.t-2.net
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid