SSL check results of 5x2.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for 5x2.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 07 Jul 2020 21:20:31 +0000

No connection to the mailservers of 5x2.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @5x2.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-srv03.5x2.de
195.201.73.52
Results incomplete
5
supported
*.5x2.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx-srv01.5x2.de
195.201.73.50
Results incomplete
10
supported
*.5x2.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx-srv02.5x2.de
195.201.73.51
Results incomplete
20
supported
*.5x2.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @5x2.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mailout.5x2.de (94.130.189.67)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=*.5x2.de

Certificate chain
Subject
Common Name (CN)
  • *.5x2.de
Alternative Names
  • *.5x2.de
  • 5x2.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • Thawte TLS RSA CA G1
validity period
Not valid before
2019-01-27
Not valid after
2021-02-25
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
87:E3:74:EC:8F:B2:AA:56:6D:54:9A:6F:39:F3:C4:E0:90:4F:2A:E0:B0:53:1D:03:2B:7D:46:93:23:AA:EB:84
SHA1
BF:3C:4E:29:8A:97:88:8E:0C:A4:AA:79:66:27:75:54:46:62:19:E9
X509v3 extensions
authorityKeyIdentifier
  • keyid:A5:8C:FE:32:CC:EB:0F:2C:D4:19:C6:08:B8:00:24:88:5D:C3:C5:B7
subjectKeyIdentifier
  • 24:BE:1A:4C:0C:74:53:76:69:DE:18:EF:59:2B:75:0D:DE:AC:BF:D2
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.thawte.com/ThawteTLSRSACAG1.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.1.2
  • CPS: https://www.digicert.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • OCSP - URI:http://status.thawte.com
  • CA Issuers - URI:http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
  • 38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
  • Timestamp : Jan 27 16:10:06.267 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:DE:4D:61:9A:FB:CA:E6:41:38:CC:25:
  • 2F:07:A8:D7:A8:5A:18:EA:4A:56:9B:48:54:CD:66:BF:
  • 30:27:4F:8A:91:02:21:00:EC:66:7A:2C:65:EA:CD:78:
  • 14:AE:54:1D:9F:8D:C2:5F:46:91:23:3A:BE:D0:53:37:
  • D7:11:4A:FC:C8:13:F1:16
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
  • 8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
  • Timestamp : Jan 27 16:10:06.486 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8C:C2:5D:2C:B2:26:07:B9:B2:67:58:
  • 43:84:40:2E:81:BF:AC:A5:6F:11:FF:0E:43:FD:F2:DF:
  • FC:9B:E7:53:E8:02:20:06:10:A0:9E:50:50:E3:E8:BD:
  • DC:61:ED:0C:6A:92:7C:7F:D1:13:82:8D:62:44:78:FC:
  • 0D:9D:8B:5A:78:86:5E
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jan 27 16:10:06.620 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:48:45:15:EB:D8:18:79:9A:B8:90:A5:8D:
  • BB:2B:06:D3:EB:EE:80:77:FF:1B:74:84:44:17:17:A9:
  • C1:D3:BF:E1:02:21:00:EB:51:63:A9:BB:FD:4C:21:9F:
  • 01:5C:15:76:0F:9C:3A:16:81:7E:BB:E1:1C:0A:AA:48:
  • 3A:58:29:80:EE:8A:A9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-srv03.5x2.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv03.5x2.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv02.5x2.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv02.5x2.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv01.5x2.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv01.5x2.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid
valid