SSL check results of ewetel.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for ewetel.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 27 Nov 2024 09:06:10 +0000

No connection to the mailservers of ewetel.net could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ewetel.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.ewetel.de
212.6.122.250
Results incomplete
10
supported
*.ewetel.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @ewetel.net sender addresses. Test mail delivery

Host TLS Version & Cipher
mail-out23.ewetel.de (212.6.122.23)
TLSv1.2 AECDH-AES256-SHA
mail-out27.ewetel.de (212.6.122.27)
TLSv1.2 AECDH-AES256-SHA

Certificates

First seen at:

CN=*.ewetel.de

Certificate chain
Subject
Common Name (CN)
  • *.ewetel.de
Alternative Names
  • *.ewetel.de
  • ewetel.de
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • Sectigo Limited
Common Name (CN)
  • Sectigo RSA Domain Validation Secure Server CA
validity period
Not valid before
2024-03-27
Not valid after
2025-04-27
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
03:66:B5:1C:3E:0D:BE:67:87:70:C4:25:B8:A9:17:C2:ED:49:A5:CE:DA:B3:C3:79:0F:8B:60:D2:24:35:F9:20
SHA1
70:35:17:17:22:1D:A0:99:1F:71:FB:8B:EA:01:F5:9E:9C:BB:7D:85
X509v3 extensions
authorityKeyIdentifier
  • keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
subjectKeyIdentifier
  • 09:94:37:5A:20:03:90:7C:EE:5E:3E:C8:13:EC:E4:E0:57:CD:9F:1E
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://sectigo.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.sectigo.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
  • 1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
  • Timestamp : Mar 27 07:52:11.590 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:49:C5:55:6E:09:66:F4:F0:A1:CF:70:BA:
  • E1:E0:83:F2:EE:EB:E2:A2:A3:03:06:A1:70:C8:12:3C:
  • 0C:52:CD:B9:02:21:00:FC:78:4C:27:D4:8F:17:1D:0B:
  • D5:06:34:52:68:A7:E7:48:EA:36:2D:38:19:DE:D9:AD:
  • D1:77:3E:48:D9:0D:6F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
  • D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
  • Timestamp : Mar 27 07:52:11.498 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:9E:CE:41:5D:22:FB:81:54:9E:5E:6F:
  • 6A:B3:95:E2:0A:63:C5:0B:EE:19:EE:80:E6:38:98:76:
  • CE:85:00:E4:D2:02:21:00:D2:0F:51:EA:59:AD:98:3A:
  • 69:A6:49:19:0E:D9:52:9C:43:82:E1:74:9A:C3:D9:30:
  • C9:0F:49:0A:39:83:4D:CD
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
  • 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
  • Timestamp : Mar 27 07:52:11.471 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:5F:4E:1E:33:E0:C5:21:99:6A:BE:2E:48:
  • 36:C3:07:37:C9:15:2A:41:32:4B:A8:12:38:E0:5C:9D:
  • AF:58:E0:FB:02:20:56:B9:83:C2:1F:5F:65:EC:F5:52:
  • F2:7F:B4:2D:13:32:84:EE:8E:64:8A:39:0B:20:9A:20:
  • F2:C5:FE:C7:EF:BE

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.ewetel.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-512 Hash
valid
valid