SSL-Tools

SSL check results of mthi.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for mthi.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 21 Dec 2024 10:11:29 +0000

The mailservers of mthi.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mthi.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx.mthi.de
2a03:4000:4e:9e4:787f:e8ff:fe28:25a7
 10
supported
mail.mthi.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
9 s
mx.mthi.de
185.232.69.12
 10
supported
mail.mthi.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s

Outgoing Mails

We have received emails from these servers with @mthi.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mx.mthi.de (62.171.139.33)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mail.mthi.de

Certificate chain
  • mail.mthi.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R10
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.mthi.de
Alternative Names
  • autoconfig.dd-gc.de
  • autoconfig.mthi.de
  • autodiscover.dd-gc.de
  • autodiscover.mthi.de
  • mail.mthi.de
  • mx.mthi.de
  • webmail.mthi.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R10
validity period
Not valid before
2024-11-11
Not valid after
2025-02-09
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
A6:D4:A6:BC:8A:B1:CF:49:AF:F1:5D:AB:44:69:70:6B:87:E7:10:EE:78:D4:FB:BD:E7:A5:0E:82:B4:B6:2E:40
SHA1
1F:43:A4:32:73:65:23:31:C8:A5:F7:F8:66:E4:E9:B5:7A:64:EB:A8
X509v3 extensions
subjectKeyIdentifier
  • 90:31:FB:EC:B3:4E:40:6E:3B:5B:14:E9:6A:29:A8:D3:46:E2:9F:09
authorityKeyIdentifier
  • keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
authorityInfoAccess
  • OCSP - URI:http://r10.o.lencr.org
  • CA Issuers - URI:http://r10.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
  • 1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
  • Timestamp : Nov 11 17:17:19.436 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:BA:17:4C:68:91:08:9C:5D:92:3C:A6:
  • 13:3F:37:5E:06:47:76:2D:79:95:ED:DF:33:E7:A3:12:
  • 77:80:54:E7:43:02:21:00:AF:96:C7:A9:CB:62:85:0E:
  • A3:AE:1E:80:9F:21:7A:11:60:0E:05:39:DC:57:76:2F:
  • 20:31:6F:02:3A:2A:54:5B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
  • 16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
  • Timestamp : Nov 11 17:17:19.589 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:53:A9:46:94:5B:89:07:EC:E3:5A:42:27:
  • 03:39:63:FA:51:D1:F9:AE:BE:F0:95:9D:E3:81:B6:06:
  • A8:F3:EF:0C:02:20:61:19:9B:59:81:75:1A:7C:BB:A0:
  • CB:99:73:F4:B3:C4:3C:2C:A9:E4:98:1B:26:AD:37:53:
  • FA:E5:D0:75:AF:37

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx.mthi.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid