SSL check results of mail24.vip

NEW You can also bulk check multiple servers.

Discover if the mail servers for mail24.vip can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 12 Apr 2021 17:06:04 +0000

The mailservers of mail24.vip can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mail24.vip addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
server.ist-immer-online.de
2003:cc:f707:8b00:211:32ff:fe9e:c477
10
supported
server.ist-immer-online.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
10 s
server.ist-immer-online.de
79.196.242.252
10
supported
server.ist-immer-online.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @mail24.vip sender addresses. Test mail delivery

Host TLS Version & Cipher
mout01.posteo.de (185.67.36.141)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout02.posteo.de (185.67.36.142)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=server.ist-immer-online.de

Certificate chain
  • server.ist-immer-online.de
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption

Subject
Common Name (CN)
  • server.ist-immer-online.de
Alternative Names
  • server.ist-immer-online.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2021-02-12
Not valid after
2021-05-13
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
34:54:37:B8:9B:EC:8C:09:0B:5E:EB:70:24:57:A1:90:A3:A7:11:DC:C2:03:8A:68:6E:24:6E:FC:9C:7E:ED:8E
SHA1
31:4F:B7:DB:65:27:04:2F:91:3D:BB:F1:F3:ED:8F:42:48:82:B2:E1
X509v3 extensions
subjectKeyIdentifier
  • EA:54:7C:C7:34:53:B2:F2:D4:C6:C4:F1:88:71:27:68:67:7C:9C:A2
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Feb 12 09:58:38.240 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:E8:55:5B:26:B4:EE:8A:33:11:A1:BA:
  • 4F:AC:F7:63:7A:6C:14:ED:34:69:F4:D1:D1:07:4D:31:
  • 48:24:8D:76:42:02:21:00:C2:61:78:76:6D:A3:3D:45:
  • FF:6A:45:F6:A2:23:D9:E2:BA:F8:12:A5:CB:F3:4C:AC:
  • FC:97:C9:CE:67:3B:A7:A2
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Feb 12 09:58:38.294 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:88:F0:1D:1A:28:18:64:E7:7D:05:9E:
  • CD:31:EF:4E:D2:29:C5:CB:79:9A:E1:E3:41:33:8E:79:
  • 11:0F:0F:3D:1C:02:21:00:83:CE:55:D1:38:7B:CD:22:
  • 05:0A:B5:69:AB:DD:79:D2:CD:A8:6B:D1:38:C0:3D:5A:
  • FF:62:A0:0F:8C:52:F8:FF

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.server.ist-immer-online.de
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-512 Hash
valid
valid