SSL-Tools

SSL check results of dismail.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for dismail.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 19 Mar 2026 18:35:22 +0000

We can not guarantee a secure connection to the mailservers of dismail.de!

Please contact the operator of dismail.de and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/dismail.de

Servers

Incoming Mails

These servers are responsible for incoming mails to @dismail.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.dismail.de
2a01:4f8:c17:e5e::2
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
mx1.dismail.de
78.46.223.134
 10
supported
mx1.dismail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx2.dismail.de
2a01:4f8:1c17:7be2::2
Results incomplete
10
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
6 s
mx2.dismail.de
159.69.191.136
 10
supported
mx2.dismail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @dismail.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mx2.dismail.de (159.69.191.136)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx1.dismail.de

Certificate chain
  • mx1.dismail.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R12
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx1.dismail.de
Alternative Names
  • mx1.dismail.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R12
validity period
Not valid before
2026-01-04
Not valid after
2026-04-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
8D:61:0B:E0:FB:DA:64:31:60:1E:A5:0E:39:E7:9F:1F:36:CF:D0:28:14:D3:23:3C:DD:FD:26:DA:9B:BA:7E:3C
SHA1
B2:C2:4A:F3:AE:03:10:BB:13:62:1B:8D:B1:28:46:F3:B4:A6:EF:BC
X509v3 extensions
subjectKeyIdentifier
  • AB:53:8F:CC:A4:6F:E9:D2:4C:7C:00:4F:3F:C8:57:C5:E2:60:37:D5
authorityKeyIdentifier
  • keyid:00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2
authorityInfoAccess
  • CA Issuers - URI:http://r12.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r12.c.lencr.org/34.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E3:23:8D:F2:8D:A2:88:E0:AA:E0:AC:F0:FA:90:C9:85:
  • F0:B6:BF:F5:D2:A5:27:B0:01:FC:1C:44:58:C4:B6:E8
  • Timestamp : Jan 4 09:12:15.524 2026 GMT
  • Extensions: 00:00:05:00:2E:3B:1E:78
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:5A:30:67:0B:94:EC:CF:49:71:C3:56:71:
  • 39:50:5A:DA:63:34:91:4F:5B:7D:40:BA:E0:D9:3C:7D:
  • 1B:7F:34:80:02:21:00:9D:18:6D:B8:D3:D0:28:9D:A5:
  • 2C:DB:F1:DE:52:25:1A:83:17:6F:D8:1A:17:51:CB:66:
  • 20:97:F5:0F:E7:59:5B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : Jan 4 09:12:16.907 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:2E:65:25:41:18:3C:26:EC:D1:D1:D1:43:
  • 99:28:4E:68:10:99:CF:76:4F:6F:AB:60:C9:DE:6F:98:
  • 72:9C:1D:4E:02:20:38:4A:A9:6A:3A:AC:B6:C6:EE:EF:
  • 1F:2A:8A:58:BB:8F:7E:8B:83:78:ED:11:AE:5F:3A:C7:
  • A2:C4:59:67:CA:9A
First seen at:

CN=mx2.dismail.de

Certificate chain
  • mx2.dismail.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R12
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx2.dismail.de
Alternative Names
  • mx2.dismail.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R12
validity period
Not valid before
2026-03-08
Not valid after
2026-06-06
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
Fingerprints
SHA256
00:11:5D:C0:84:31:AA:71:A6:E4:C1:E0:D5:C2:69:65:74:2E:5B:3D:47:AD:2B:A9:CB:35:AB:27:F3:3B:47:A1
SHA1
FE:72:27:5C:9A:83:2A:66:39:F4:12:B7:E5:CF:AA:83:7A:C5:7C:4F
X509v3 extensions
subjectKeyIdentifier
  • A0:C5:F1:AD:A0:FD:25:C5:33:5A:36:CE:DD:A4:16:11:38:47:46:8D
authorityKeyIdentifier
  • keyid:00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2
authorityInfoAccess
  • CA Issuers - URI:http://r12.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r12.c.lencr.org/57.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : Mar 8 09:06:16.145 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:74:C7:BA:AD:18:DF:6C:0E:FD:AA:0A:E0:
  • FE:44:6C:15:72:CF:E2:4F:2E:D4:3D:A8:4F:39:D7:65:
  • F2:1A:63:EE:02:21:00:A0:FD:CD:E4:49:96:CB:76:AD:
  • CA:9E:29:F1:B4:55:6E:CA:85:79:D7:59:3A:1C:F5:86:
  • 16:C2:4E:FA:DC:A6:12
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:
  • E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6
  • Timestamp : Mar 8 09:06:16.221 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:73:2A:10:F7:F4:B6:99:3C:9B:82:8E:E4:
  • C5:B3:B7:18:9F:59:0E:68:D5:F4:30:53:47:E7:03:E0:
  • 0E:EE:49:78:02:20:5F:F6:2C:DA:96:12:3B:F9:69:47:
  • 99:0F:F2:23:F4:FC:D8:52:87:41:98:A2:7B:16:34:46:
  • 20:55:FE:E7:BD:A1

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.dismail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx2.dismail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid