SSL check results of dismail.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for dismail.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 07 May 2021 19:08:02 +0000

We can not guarantee a secure connection to the mailservers of dismail.de!

Please contact the operator of dismail.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/dismail.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @dismail.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx2.dismail.de
2a01:4f8:1c17:7be2::2
10
supported
mx2.dismail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
4 s
mx2.dismail.de
159.69.191.136
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
12 s
mx1.dismail.de
2a01:4f8:c17:e5e::2
10
supported
mx1.dismail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
4 s
mx1.dismail.de
78.46.223.134
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
12 s

Outgoing Mails

We have received emails from these servers with @dismail.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mx2.dismail.de (159.69.191.136)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx2.dismail.de

Certificate chain
  • mx2.dismail.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption

Subject
Common Name (CN)
  • mx2.dismail.de
Alternative Names
  • mx2.dismail.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2021-03-11
Not valid after
2021-06-09
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
0A:89:DD:99:8B:2B:5C:AB:7D:4A:D8:64:84:04:4A:08:FD:EC:0C:C5:70:01:23:31:17:25:46:48:C0:C0:73:45
SHA1
A9:02:D8:45:DA:73:B9:F2:95:59:D3:37:23:37:35:5F:36:4E:0C:07
X509v3 extensions
subjectKeyIdentifier
  • 8A:23:31:6D:FA:8D:86:55:1C:68:17:1D:CC:8E:81:00:E5:4B:78:3E
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0:
  • DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8
  • Timestamp : Mar 11 10:42:53.679 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:B3:72:7D:B1:BB:BF:05:D8:5D:DE:8F:
  • 2D:A4:93:AE:86:0E:69:CD:B1:8B:7E:63:96:28:7A:BE:
  • 60:A0:C7:5E:9B:02:20:11:EC:E7:7F:B4:01:63:DD:63:
  • F4:CB:37:5C:87:58:6A:6D:18:44:36:A8:55:A8:02:2A:
  • 63:D3:C9:FB:73:A6:08
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Mar 11 10:42:53.728 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C8:E1:AF:A3:DE:37:E2:84:9B:4B:D4:
  • 0A:26:CB:BA:60:AF:1D:9F:BF:84:FB:41:B1:BC:5F:C5:
  • 4F:B6:AB:6B:97:02:21:00:AB:4B:03:AD:62:F2:23:31:
  • EA:B8:F5:4F:8F:F6:A3:36:33:82:0A:BE:48:46:6E:DB:
  • 6F:59:FE:7B:84:AD:C6:E7
First seen at:

CN=mx1.dismail.de

Certificate chain
  • mx1.dismail.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption

Subject
Common Name (CN)
  • mx1.dismail.de
Alternative Names
  • mx1.dismail.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2021-03-11
Not valid after
2021-06-09
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
BA:E6:FA:EA:8F:CB:A9:0D:69:84:5A:56:5D:9C:D6:E3:94:94:F2:20:F2:31:C3:27:37:41:CD:E1:0D:EA:48:0E
SHA1
AC:7E:47:32:4D:D5:16:64:EB:61:26:5E:18:1D:EF:C1:26:06:D4:6B
X509v3 extensions
subjectKeyIdentifier
  • A3:A6:1D:40:0F:BD:46:96:D0:86:59:F3:47:A3:AF:0C:95:B7:50:D4
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Mar 11 10:41:52.391 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:9A:CA:F5:0C:89:4E:84:B3:9F:20:B7:
  • D4:99:31:A1:05:4B:F3:2D:DE:48:43:44:16:2D:9A:F5:
  • C9:69:C5:6F:D6:02:20:70:19:FD:70:85:B6:E8:66:CE:
  • 11:2F:C4:45:F9:9E:1A:0C:D6:B3:CA:89:45:AA:B3:51:
  • 3E:EE:98:7A:06:C0:4E
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
  • E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
  • Timestamp : Mar 11 10:41:52.381 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:0E:D2:4F:36:0E:FE:5D:82:DC:DB:90:D9:
  • 3A:C0:EA:01:15:8D:83:2B:A5:F5:E3:F5:AA:6C:3F:E9:
  • CD:96:40:44:02:20:2B:A7:9B:E4:F1:76:70:CB:A2:1D:
  • A0:91:F2:30:9C:C8:25:F9:76:B6:C0:3E:6E:8F:B0:EA:
  • EA:71:5F:E7:C0:B2

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx2.dismail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx1.dismail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid