SSL-Tools

SSL check results of dismail.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for dismail.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 13 Jun 2025 14:15:06 +0000

We can not guarantee a secure connection to the mailservers of dismail.de!

Please contact the operator of dismail.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/dismail.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @dismail.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx2.dismail.de
2a01:4f8:1c17:7be2::2
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
mx2.dismail.de
159.69.191.136
 10
supported
mx2.dismail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx1.dismail.de
2a01:4f8:c17:e5e::2
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
mx1.dismail.de
78.46.223.134
 10
supported
mx1.dismail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @dismail.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mx2.dismail.de (159.69.191.136)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx2.dismail.de

Certificate chain
  • mx2.dismail.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx2.dismail.de
Alternative Names
  • mx2.dismail.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-04-13
Not valid after
2025-07-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
14:F6:67:EF:AC:03:3B:FC:3E:F5:24:FC:C6:2D:15:08:0A:F0:81:29:7F:C9:78:9C:58:E1:6A:4C:51:ED:3A:E1
SHA1
59:D5:3A:9F:CA:44:1A:16:C0:4C:B5:2A:76:AC:76:07:59:C2:BA:63
X509v3 extensions
subjectKeyIdentifier
  • A0:C5:F1:AD:A0:FD:25:C5:33:5A:36:CE:DD:A4:16:11:38:47:46:8D
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • OCSP - URI:http://r11.o.lencr.org
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/12.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
  • 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
  • Timestamp : Apr 13 11:58:32.500 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:68:B4:74:44:B9:6B:FF:FB:6E:DC:F3:BD:
  • 1A:A8:92:F2:E1:64:57:44:BB:14:22:73:8B:52:FC:E1:
  • 3B:B8:08:37:02:20:1E:33:D1:40:8F:31:EC:E9:66:9B:
  • A4:6E:70:EE:94:ED:83:F3:50:11:E4:95:5A:11:47:C1:
  • 37:BB:36:AB:69:4C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AF:18:1A:28:D6:8C:A3:E0:A9:8A:4C:9C:67:AB:09:F8:
  • BB:BC:22:BA:AE:BC:B1:38:A3:A1:9D:D3:F9:B6:03:0D
  • Timestamp : Apr 13 11:58:32.878 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:7A:7B:75:56:C8:91:39:5E:DA:8C:44:71:
  • 69:F6:9F:D8:54:5B:A3:44:0C:C9:7F:F8:4A:25:A6:8B:
  • 0D:7E:FD:B3:02:20:15:2A:97:3F:1B:D6:BA:CD:9B:F8:
  • AC:09:E2:7F:D7:5D:48:52:B6:37:09:2A:55:71:C9:9E:
  • 98:06:02:CD:25:7A
First seen at:

CN=mx1.dismail.de

Certificate chain
  • mx1.dismail.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx1.dismail.de
Alternative Names
  • mx1.dismail.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-06-04
Not valid after
2025-09-02
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
79:CB:36:CC:30:FD:32:57:5F:E0:4E:C7:E7:58:B0:79:FA:1E:B4:7C:18:D1:AC:49:FD:5D:DD:AB:B6:A0:E7:A0
SHA1
0D:4A:0A:FB:00:38:4F:C4:29:58:66:6D:19:2E:47:85:49:7F:1C:28
X509v3 extensions
subjectKeyIdentifier
  • AB:53:8F:CC:A4:6F:E9:D2:4C:7C:00:4F:3F:C8:57:C5:E2:60:37:D5
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/122.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
  • 47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
  • Timestamp : Jun 4 09:52:13.672 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:74:6D:E0:D6:2D:FA:0B:D8:E1:89:5E:C8:
  • 75:33:E3:CA:68:7C:D3:4C:A3:53:1F:E6:EC:A5:02:24:
  • A6:CB:3C:FD:02:20:53:5F:44:B9:00:33:8E:36:F6:6F:
  • 73:7C:53:49:20:FC:3D:33:BA:67:FA:91:0D:17:69:13:
  • DF:11:D9:A6:A8:E8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
  • F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
  • Timestamp : Jun 4 09:52:13.682 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:58:3A:16:57:23:41:5C:BB:38:5C:C0:D6:
  • 58:7D:32:2A:1B:16:32:B3:FF:4B:FB:53:D2:EA:4A:C0:
  • 0C:CB:DD:9F:02:21:00:AB:17:6C:66:6F:5C:59:27:23:
  • FF:34:72:FD:76:CC:F1:E5:C3:6B:0E:E6:B8:0E:4D:5D:
  • DA:AF:B1:AD:40:9C:42

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx2.dismail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx1.dismail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid