SSL-Tools

SSL check results of cs523.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for cs523.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 03 Mar 2024 11:46:52 +0000

The mailservers of cs523.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @cs523.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.cs523.de
2a01:4f8:c2c:9fa6::1
 10
supported
mail.cs523.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
6 s
mail.cs523.de
167.235.67.221
 10
supported
mail.cs523.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
4 s

Outgoing Mails

We have not received any emails from a @cs523.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.cs523.de

Certificate chain
  • mail.cs523.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.cs523.de
Alternative Names
  • cs523.de
  • mail.cs523.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-02-19
Not valid after
2024-05-19
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
28:97:9C:C6:E1:70:4A:26:DA:40:7C:4E:98:94:99:64:FE:90:D0:C0:59:30:F8:63:E4:44:87:1D:DE:96:B3:AE
SHA1
72:33:DB:48:7D:E0:F4:08:68:0E:7C:DD:E2:35:A3:B6:FE:8E:8C:40
X509v3 extensions
subjectKeyIdentifier
  • ED:74:52:7A:C5:D6:FB:37:7D:C9:AD:1C:BF:D7:AD:13:AE:0F:B9:9F
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Feb 19 19:50:46.941 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:19:45:6F:6B:5F:14:1A:B2:DE:C4:DB:2E:
  • 2C:0E:B1:1A:4C:93:AA:3D:88:00:D7:59:87:E8:CC:B7:
  • 51:D7:93:3C:02:20:63:56:F6:43:9D:BC:76:6A:57:28:
  • 37:08:ED:BA:3C:F6:3D:B9:07:E8:4A:5E:DA:2A:2A:02:
  • 94:C6:67:08:E3:05
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Feb 19 19:50:47.538 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:82:54:69:4A:50:1D:25:93:00:CF:75:
  • AD:9F:C4:4F:EB:E5:11:62:B7:D3:E1:6A:80:16:F1:46:
  • BC:00:B9:6A:DB:02:21:00:82:C6:98:31:DE:82:3C:5F:
  • FC:DA:8A:93:C7:43:45:4B:EB:03:7C:1A:F7:71:2B:81:
  • 82:27:AB:C3:B9:56:E6:88

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.cs523.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid