SSL-Tools

SSL check results of defend2.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for defend2.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 13 Feb 2025 21:44:44 +0000

The mailservers of defend2.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @defend2.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-1.defend2.org
96.246.224.30
 10
supported
*.defend2.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s

Outgoing Mails

We have received emails from these servers with @defend2.org sender addresses. Test mail delivery

Host TLS Version & Cipher
mx-1.defend2.org (96.246.224.30)
TLSv1.3 TLS_AES_256_GCM_SHA384
mta7.srv.hcvlny.cv.net (167.206.4.202)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mta2.srv.hcvlny.cv.net (167.206.4.197)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

Certificates

First seen at:

CN=*.defend2.org

Certificate chain
  • *.defend2.org
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • *.defend2.org
Alternative Names
  • *.defend2.org
  • defend2.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-01-03
Not valid after
2025-04-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D5:08:65:20:29:66:FC:9D:76:4D:7B:3F:34:23:CE:D5:16:2E:11:F7:DE:74:CE:F5:25:CD:FB:AF:72:58:4C:AB
SHA1
47:11:0D:3E:86:C5:F9:3A:15:29:15:8C:9B:C7:54:75:E5:76:0C:23
X509v3 extensions
subjectKeyIdentifier
  • 7B:82:85:EE:F3:57:D6:61:15:F2:EB:CE:3D:5B:53:BC:4D:DC:3B:28
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • OCSP - URI:http://r11.o.lencr.org
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
  • D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
  • Timestamp : Jan 3 22:40:25.025 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6F:BF:0F:14:72:A6:EC:DA:68:1E:43:3F:
  • 3E:58:74:89:02:21:62:81:DC:97:6B:83:20:12:13:D1:
  • 8E:A8:E5:DB:02:21:00:C7:E7:5A:92:B4:5B:66:1E:CA:
  • A4:25:8A:92:3A:DD:9C:5C:5B:6D:6F:7D:C0:0B:6B:45:
  • 14:45:B7:87:DA:26:18
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E0:92:B3:FC:0C:1D:C8:E7:68:36:1F:DE:61:B9:96:4D:
  • 0A:52:78:19:8A:72:D6:72:C4:B0:4D:A5:6D:6F:54:04
  • Timestamp : Jan 3 22:40:25.038 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A6:2A:07:17:55:E7:CB:77:00:EA:11:
  • 5F:0D:A1:B2:EE:67:12:0F:C1:3C:0C:56:0C:60:C0:91:
  • C9:0C:B5:F1:D9:02:21:00:9F:FC:5D:9D:5C:B6:B9:EC:
  • B8:CB:CC:C1:D9:BF:14:7D:76:E2:77:D1:BA:CD:49:0F:
  • 12:46:62:2F:42:B3:79:2D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-1.defend2.org
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid