SSL check results of dressen.nrw

NEW You can also bulk check multiple servers.

Discover if the mail servers for dressen.nrw can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 12 Oct 2018 15:22:16 +0000

The mailservers of dressen.nrw can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @dressen.nrw addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mxext1.mailbox.org
2001:67c:2050:104::1:25:1
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11.0 s
mxext1.mailbox.org
80.241.60.212
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11.0 s
mxext2.mailbox.org
2001:67c:2050:104::2:25:1
Results incomplete
10 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1.0 s
mxext2.mailbox.org
80.241.60.215
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2.0 s
mxext3.mailbox.org
80.241.60.216
20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2.0 s

Outgoing Mails

We have not received any emails from a @dressen.nrw address so far. Test mail delivery

Certificates

First seen at:

*.mailbox.org

Certificate chain
Subject
Organizational Unit (OU)
  • Domain Validated Only
Common Name (CN)
  • *.mailbox.org
Alternative Names
  • *.mailbox.org
  • mailbox.org
Issuer
Country (C)
  • CH
Organization (O)
  • SwissSign AG
Common Name (CN)
  • SwissSign Server Silver CA 2014 - G22
validity period
Not valid before
2014-12-04
Not valid after
2019-12-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
3D:81:9D:C9:CC:31:19:46:BF:D8:EE:9D:27:72:35:06:8B:3E:B4:75:99:A5:04:73:41:30:2E:34:04:96:32:CD
SHA1
BC:A2:F2:6F:7C:82:FA:E9:F4:D0:FD:46:BB:3D:E8:75:0B:CA:21:6B
X509v3 extensions
subjectKeyIdentifier
  • 66:1F:40:23:C3:E3:99:5C:D1:A3:0E:A4:AE:AD:90:FE:00:79:D7:19
authorityKeyIdentifier
  • keyid:DB:BC:BF:82:18:59:DC:69:FA:F8:AB:AA:83:4D:77:1D:0B:B0:8B:D8
crlDistributionPoints
  • Full Name:
  • URI:http://crl.swisssign.net/DBBCBF821859DC69FAF8ABAA834D771D0BB08BD8
  • Full Name:
  • URI:ldap://directory.swisssign.net/CN=DBBCBF821859DC69FAF8ABAA834D771D0BB08BD8%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint
certificatePolicies
  • Policy: 2.16.756.1.89.1.3.1.6
  • CPS: http://repository.swisssign.com/SwissSign-Silver-CP-CPS.pdf
authorityInfoAccess
  • CA Issuers - URI:http://swisssign.net/cgi-bin/authority/download/DBBCBF821859DC69FAF8ABAA834D771D0BB08BD8
  • OCSP - URI:http://silver-server-g2.ocsp.swisssign.net/DBBCBF821859DC69FAF8ABAA834D771D0BB08BD8

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mxext2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mxext3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mxext3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mxext1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mxext1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid