SSL check results of mts.ru

NEW You can also bulk check multiple servers.

Discover if the mail servers for mts.ru can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 25 May 2020 07:25:19 +0000

The mailservers of mts.ru can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mts.ru addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx6.mts.ru
213.87.44.22
10
supported
mx6.mts.ru
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mx5.mts.ru
213.87.44.21
10
supported
mx5.mts.ru
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
cm-ural01.ural.mts.ru
213.87.75.67
20
supported
cm-ural01.ural.inside.mts.ru
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
16 s
cm-ural02.ural.mts.ru
213.87.72.41
20
supported
cm-ural02.ural.inside.mts.ru
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
16 s

Outgoing Mails

We have not received any emails from a @mts.ru address so far. Test mail delivery

Certificates

First seen at:

emailAddress=t.golitsyn@mts.ru,CN=cm-ural01.ural.inside.mts.ru,O=Mobile TeleSystems Public Joint Stock Company,C=RU

Certificate chain
  • cm-ural01.ural.inside.mts.ru
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Hostname Mismatch

      • winca
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
        • Unknown Authority

          MTS Root CA
Subject
Country (C)
  • RU
Organization (O)
  • Mobile TeleSystems Public Joint Stock Company
Common Name (CN)
  • cm-ural01.ural.inside.mts.ru
Email
  • t.golitsyn@mts.ru
Alternative Names
  • cm-ural01.ural.inside.mts.ru
Issuer
Domain Component (DC)
  • ru
  • mts
  • msk
Common Name (CN)
  • winca
validity period
Not valid before
2020-02-14
Not valid after
2021-08-31
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
D3:CC:07:3D:49:AD:63:1D:0C:0B:2A:A5:FB:BA:D4:C2:89:FE:D9:FB:DE:68:10:D9:12:4C:EF:74:65:F4:D6:78
SHA1
5C:F9:AF:34:1C:97:28:E2:C2:F7:DD:D5:38:7D:F1:2E:5A:AD:EE:08
X509v3 extensions
subjectKeyIdentifier
  • 50:3A:E4:73:4D:DF:3F:DA:78:A3:CE:E9:F4:96:58:70:DF:C7:67:B1
authorityKeyIdentifier
  • keyid:59:73:7E:DE:1F:1B:BF:43:FB:87:F9:43:38:C4:EF:61:46:A4:30:12
crlDistributionPoints
  • Full Name:
  • URI:ldap:///CN=winca,CN=0000pkiwinca01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?certificateRevocationList?base?objectClass=cRLDistributionPoint
  • URI:http://pki.mts.ru/status/winca.crl
  • URI:http://0000pkiwinca01.msk.mts.ru/CertEnroll/winca.crl
authorityInfoAccess
  • CA Issuers - URI:ldap:///CN=winca,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?cACertificate?base?objectClass=certificationAuthority
  • CA Issuers - URI:http://pki.mts.ru/cert/winca.crt
1_3_6_1_4_1_311_21_7
  • 0-.%+.....7.....d..,...'...w....5.......s..d...
1_3_6_1_4_1_311_21_10
  • 0.0
  • ..+.......0
  • ..+.......
First seen at:

emailAddress=t.golitsyn@mts.ru,CN=cm-ural02.ural.inside.mts.ru,O=Mobile TeleSystems Public Joint Stock Company,C=RU

Certificate chain
  • cm-ural02.ural.inside.mts.ru
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Hostname Mismatch

      • winca
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
        • Unknown Authority

          MTS Root CA
Subject
Country (C)
  • RU
Organization (O)
  • Mobile TeleSystems Public Joint Stock Company
Common Name (CN)
  • cm-ural02.ural.inside.mts.ru
Email
  • t.golitsyn@mts.ru
Alternative Names
  • cm-ural02.ural.inside.mts.ru
Issuer
Domain Component (DC)
  • ru
  • mts
  • msk
Common Name (CN)
  • winca
validity period
Not valid before
2020-02-14
Not valid after
2021-08-31
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
2F:F1:E3:F3:19:24:BF:20:A0:09:6E:BC:13:06:30:07:B3:A9:D3:B7:B3:83:A5:3D:B4:CD:D0:4B:A3:4C:15:B8
SHA1
AA:07:DC:64:BD:DD:FD:93:2D:24:C9:FE:C9:8D:87:FF:36:DA:3A:AD
X509v3 extensions
subjectKeyIdentifier
  • 0F:36:DF:66:45:5B:30:92:7A:9A:73:E3:A7:37:C3:AE:AC:99:A7:BB
authorityKeyIdentifier
  • keyid:59:73:7E:DE:1F:1B:BF:43:FB:87:F9:43:38:C4:EF:61:46:A4:30:12
crlDistributionPoints
  • Full Name:
  • URI:ldap:///CN=winca,CN=0000pkiwinca01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?certificateRevocationList?base?objectClass=cRLDistributionPoint
  • URI:http://pki.mts.ru/status/winca.crl
  • URI:http://0000pkiwinca01.msk.mts.ru/CertEnroll/winca.crl
authorityInfoAccess
  • CA Issuers - URI:ldap:///CN=winca,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?cACertificate?base?objectClass=certificationAuthority
  • CA Issuers - URI:http://pki.mts.ru/cert/winca.crt
1_3_6_1_4_1_311_21_7
  • 0-.%+.....7.....d..,...'...w....5.......s..d...
1_3_6_1_4_1_311_21_10
  • 0.0
  • ..+.......0
  • ..+.......
First seen at:

emailAddress=t.golitsyn@mts.ru,CN=mx6.mts.ru,O=Mobile TeleSystems Public Joint Stock Company,C=RU

Certificate chain
  • mx6.mts.ru
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption

      • winca
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
        • Unknown Authority

          MTS Root CA
Subject
Country (C)
  • RU
Organization (O)
  • Mobile TeleSystems Public Joint Stock Company
Common Name (CN)
  • mx6.mts.ru
Email
  • t.golitsyn@mts.ru
Alternative Names
  • mx6.mts.ru
Issuer
Domain Component (DC)
  • ru
  • mts
  • msk
Common Name (CN)
  • winca
validity period
Not valid before
2020-03-05
Not valid after
2021-08-31
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
8C:04:98:15:36:9B:69:FC:9C:CD:8C:F9:11:2A:8D:01:DB:30:4A:C2:1A:CC:4E:A3:51:D4:1B:A0:0F:63:55:D2
SHA1
91:6B:AB:00:E6:32:C9:66:DF:0F:1C:3B:26:0D:C3:42:C7:4D:7C:E9
X509v3 extensions
subjectKeyIdentifier
  • 27:ED:B1:15:33:CC:83:80:F5:66:48:61:3E:81:88:40:5C:07:0F:62
authorityKeyIdentifier
  • keyid:59:73:7E:DE:1F:1B:BF:43:FB:87:F9:43:38:C4:EF:61:46:A4:30:12
crlDistributionPoints
  • Full Name:
  • URI:ldap:///CN=winca,CN=0000pkiwinca01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?certificateRevocationList?base?objectClass=cRLDistributionPoint
  • URI:http://pki.mts.ru/status/winca.crl
  • URI:http://0000pkiwinca01.msk.mts.ru/CertEnroll/winca.crl
authorityInfoAccess
  • CA Issuers - URI:ldap:///CN=winca,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?cACertificate?base?objectClass=certificationAuthority
  • CA Issuers - URI:http://pki.mts.ru/cert/winca.crt
1_3_6_1_4_1_311_21_7
  • 0-.%+.....7.....d..,...'...w....5.......s..d...
1_3_6_1_4_1_311_21_10
  • 0.0
  • ..+.......0
  • ..+.......
First seen at:

emailAddress=t.golitsyn@mts.ru,CN=mx5.mts.ru,O=Mobile TeleSystems Public Joint Stock Company,C=RU

Certificate chain
  • mx5.mts.ru
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption

      • winca
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
        • Unknown Authority

          MTS Root CA
Subject
Country (C)
  • RU
Organization (O)
  • Mobile TeleSystems Public Joint Stock Company
Common Name (CN)
  • mx5.mts.ru
Email
  • t.golitsyn@mts.ru
Alternative Names
  • mx5.mts.ru
Issuer
Domain Component (DC)
  • ru
  • mts
  • msk
Common Name (CN)
  • winca
validity period
Not valid before
2020-03-05
Not valid after
2021-08-31
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
B1:91:4C:21:E8:87:77:BE:6E:BA:06:C1:04:A1:EA:67:3B:1C:4B:2B:14:64:50:51:4E:A8:25:1F:87:F6:F8:0B
SHA1
88:51:D4:DA:53:3F:42:E3:A8:9A:2E:88:9F:52:4E:56:C5:0E:77:93
X509v3 extensions
subjectKeyIdentifier
  • 30:A5:76:52:CD:CF:A9:C8:17:81:AB:1A:DE:E4:8D:30:FC:23:BC:63
authorityKeyIdentifier
  • keyid:59:73:7E:DE:1F:1B:BF:43:FB:87:F9:43:38:C4:EF:61:46:A4:30:12
crlDistributionPoints
  • Full Name:
  • URI:ldap:///CN=winca,CN=0000pkiwinca01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?certificateRevocationList?base?objectClass=cRLDistributionPoint
  • URI:http://pki.mts.ru/status/winca.crl
  • URI:http://0000pkiwinca01.msk.mts.ru/CertEnroll/winca.crl
authorityInfoAccess
  • CA Issuers - URI:ldap:///CN=winca,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mts,DC=ru?cACertificate?base?objectClass=certificationAuthority
  • CA Issuers - URI:http://pki.mts.ru/cert/winca.crt
1_3_6_1_4_1_311_21_7
  • 0-.%+.....7.....d..,...'...w....5.......s..d...
1_3_6_1_4_1_311_21_10
  • 0.0
  • ..+.......0
  • ..+.......