SSL check results of 5x2.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for 5x2.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 20 Jul 2021 06:58:22 +0000

The mailservers of 5x2.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @5x2.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-srv03.5x2.de
136.243.126.148
5
supported
*.5x2.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx-srv01.5x2.de
136.243.126.146
10
supported
*.5x2.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx-srv02.5x2.de
136.243.126.147
20
supported
*.5x2.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s

Outgoing Mails

We have received emails from these servers with @5x2.de sender addresses. Test mail delivery

Host TLS Version & Cipher
bu.mout75.5x2.de (188.40.173.75)
TLSv1.2 ADH-AES256-GCM-SHA384
bu.mout73.5x2.de (188.40.173.73)
TLSv1.2 ADH-AES256-GCM-SHA384
bu.mout71.5x2.de (188.40.173.71)
TLSv1.2 ADH-AES256-GCM-SHA384
bu.mout78.5x2.de (188.40.173.78)
TLSv1.2 ADH-AES256-GCM-SHA384
bu.mout68.5x2.de (188.40.173.68)
TLSv1.2 ADH-AES256-GCM-SHA384
mout154.5x2.de (136.243.126.154)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout150.5x2.de (136.243.126.150)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout139.5x2.de (136.243.126.139)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout138.5x2.de (136.243.126.138)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout151.5x2.de (136.243.126.151)
TLSv1.3 TLS_AES_256_GCM_SHA384
mailout.5x2.de (94.130.189.67)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=*.5x2.de

Certificate chain
Subject
Common Name (CN)
  • *.5x2.de
Alternative Names
  • *.5x2.de
  • 5x2.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • Thawte RSA CA 2018
validity period
Not valid before
2021-02-25
Not valid after
2022-03-28
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
4D:15:86:A2:EE:5A:5A:AB:CA:EE:88:02:27:E0:7C:8F:6E:C4:C8:DD:C0:B3:65:A0:D9:D5:7E:F3:B5:EA:A0:4C
SHA1
5A:D4:6A:A9:18:26:8E:AD:A0:5A:7F:56:CD:D2:07:75:89:32:2D:E3
X509v3 extensions
authorityKeyIdentifier
  • keyid:A3:C8:5E:65:54:E5:30:78:C1:05:EA:07:0A:6A:59:CC:B9:FE:DE:5A
subjectKeyIdentifier
  • 24:BE:1A:4C:0C:74:53:76:69:DE:18:EF:59:2B:75:0D:DE:AC:BF:D2
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.thawte.com/ThawteRSACA2018.crl
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.thawte.com
  • CA Issuers - URI:http://cacerts.thawte.com/ThawteRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
  • 11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
  • Timestamp : Feb 25 12:45:56.188 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:06:E8:D7:F0:50:EA:B6:80:62:FF:C7:5C:
  • 52:67:2C:F5:CD:09:B7:13:5A:DE:FA:26:4C:BA:65:EF:
  • 58:BD:55:63:02:21:00:FF:48:F0:6A:40:27:F2:4A:AB:
  • 2A:DB:0B:EB:98:38:BF:8B:FE:0F:45:4E:8E:F3:86:66:
  • 32:C0:4B:E9:22:EF:41
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : Feb 25 12:45:56.198 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F4:A3:CD:F5:D8:D3:3F:64:46:9F:14:
  • FB:FC:27:8F:21:59:D7:38:7A:4D:8B:27:0F:CC:6B:F1:
  • 8C:32:C5:0E:DE:02:20:09:60:67:49:22:7C:B8:A2:ED:
  • 5B:68:ED:E2:71:37:C0:EE:D6:45:A5:4B:D4:ED:07:A5:
  • C3:59:E5:4A:DC:57:26

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-srv03.5x2.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv03.5x2.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv02.5x2.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv02.5x2.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv01.5x2.de
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx-srv01.5x2.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid
valid