SSL-Tools

SSL check results of mail.twosteps.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for mail.twosteps.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 26 Sep 2023 11:40:37 +0000

The mailservers of mail.twosteps.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mail.twosteps.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.twosteps.net
168.119.65.195
 -
supported
*.twosteps.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mail.twosteps.net
2a01:4f8:242:27cf::2
 -
supported
*.twosteps.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @mail.twosteps.net address so far. Test mail delivery

Certificates

First seen at:

CN=*.twosteps.net

Certificate chain
Subject
Common Name (CN)
  • *.twosteps.net
Alternative Names
  • *.twosteps.net
  • twosteps.net
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • RapidSSL TLS RSA CA G1
validity period
Not valid before
2023-08-28
Not valid after
2024-09-01
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
0D:C4:07:38:A5:66:47:32:66:FB:85:41:1C:22:42:CA:1E:78:F0:68:E3:21:7D:31:95:84:1F:03:8A:93:4B:60
SHA1
73:2D:5C:B8:0C:2D:4A:82:C0:18:3E:94:8B:0F:32:EB:D7:FC:09:A9
X509v3 extensions
authorityKeyIdentifier
  • keyid:0C:DB:6C:82:49:0F:4A:67:0A:B8:14:EE:7A:C4:48:52:88:EB:56:38
subjectKeyIdentifier
  • 1F:4E:17:EC:F9:8A:52:3F:F4:2C:C6:74:38:29:50:F0:61:AC:AF:D7
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.rapidssl.com
  • CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Aug 28 14:24:12.357 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:1A:B7:EF:65:13:54:A9:34:E2:A7:A0:A0:
  • A9:E1:A5:9E:A5:3D:A8:A7:5B:BD:CB:73:31:52:8C:06:
  • B1:5E:53:1B:02:21:00:AA:39:3E:15:5B:B9:D2:6A:D5:
  • 14:A5:14:C7:39:8A:CA:BB:67:E8:53:D6:3B:78:FB:2A:
  • 44:11:BE:74:F2:89:19
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Aug 28 14:24:11.912 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:7A:87:C0:79:2D:3C:5D:DF:60:38:33:DA:
  • 65:24:93:5E:C4:35:CF:49:B8:DD:B2:66:27:F6:4B:78:
  • DC:28:5D:02:02:20:24:8B:91:76:D1:0A:9E:A8:7E:97:
  • 31:26:BD:BA:63:E3:77:7E:53:28:D8:A4:D7:40:BD:DA:
  • DC:8C:D9:4F:13:D7
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Aug 28 14:24:11.835 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:DE:38:26:1D:A9:C7:34:02:51:ED:CA:
  • C5:CD:1D:01:06:A9:40:CD:A2:83:B9:F5:CC:48:BE:2E:
  • 9A:65:F9:FD:73:02:21:00:9B:E9:E6:79:84:1B:BB:C1:
  • 54:89:06:D8:56:B5:1A:66:78:35:86:E5:8F:44:74:46:
  • 62:D6:39:E4:0F:05:C3:E9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.twosteps.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid