SSL-Tools

SSL check results of ok.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ok.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 25 Mar 2021 13:33:43 +0000

The mailservers of ok.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ok.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx3-eu.spamexperts.com
2001:978:2:2c::137:100
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mx3-eu.spamexperts.com
130.117.53.188
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mx4-eu.spamexperts.com
2001:978:2:19::e:100
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s
mx4-eu.spamexperts.com
130.117.54.106
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s
mx1-eu.spamexperts.com
2001:978:2:7::162:100
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s
mx1-eu.spamexperts.com
130.117.53.188
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mx2-eu.spamexperts.com
2001:978:2:7::162:100
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s
mx2-eu.spamexperts.com
149.13.75.27
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s

Outgoing Mails

We have received emails from these servers with @ok.de sender addresses. Test mail delivery

Host TLS Version & Cipher
out2-2.antispamcloud.com (185.201.17.2)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mx12-out7.antispamcloud.com (46.165.232.177)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail1.ok.de (88.198.199.114)
TLSv1.2 AECDH-AES256-SHA

Certificates

First seen at:

CN=*.antispamcloud.com

Certificate chain
Subject
Common Name (CN)
  • *.antispamcloud.com
Alternative Names
  • *.antispamcloud.com
  • *.mtaroutes.com
  • *.smtp.antispamcloud.com
  • *.spamexperts.com
  • *.spamexperts.eu
  • *.spamexperts.net
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • Sectigo Limited
Common Name (CN)
  • Sectigo RSA Domain Validation Secure Server CA
validity period
Not valid before
2020-01-16
Not valid after
2022-01-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
85:BE:2C:66:7F:30:9D:67:90:1E:CC:6A:49:66:E6:B6:DE:70:AD:9A:DC:55:AD:C5:FB:9B:73:3F:9E:BC:47:D7
SHA1
CC:F8:06:F9:6C:66:7B:4C:12:52:95:61:84:03:CC:8D:9A:8C:6B:31
X509v3 extensions
authorityKeyIdentifier
  • keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
subjectKeyIdentifier
  • 55:A9:FF:78:C4:15:74:A2:05:8A:4E:5C:9E:CA:E6:BF:A9:21:B7:5A
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://sectigo.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.sectigo.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
  • 11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
  • Timestamp : Jan 16 12:26:38.752 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:53:00:D8:37:1E:38:E4:5B:27:10:69:7E:
  • 17:7D:2B:99:0A:BF:7D:7A:90:89:69:C6:BA:87:14:80:
  • 4D:8A:5D:4D:02:20:3A:34:7A:8F:0A:6A:DA:5D:04:B7:
  • D7:77:50:26:29:F6:FC:C6:EC:DC:3F:4E:E2:C2:A6:1E:
  • 7B:46:21:9A:E4:61
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jan 16 12:26:38.833 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6B:4B:C5:3E:B1:70:E3:C8:18:CB:CE:8A:
  • 1C:33:F0:29:18:6E:7D:DF:0B:79:39:E9:6C:B2:D3:A1:
  • 99:54:F0:42:02:21:00:98:5A:0F:AF:73:52:C2:00:27:
  • C3:7C:52:25:0F:61:DC:44:AA:92:72:DD:ED:39:F4:FF:
  • 01:82:9F:25:DC:56:AA
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : Jan 16 12:26:38.746 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:4A:B9:68:ED:9B:31:4B:98:80:3A:B0:AA:
  • 8F:1B:40:55:B5:AC:3A:8D:7E:B0:2C:A3:29:2C:58:E3:
  • 75:48:52:B5:02:20:34:7E:9C:7B:75:A4:70:D9:F0:78:
  • 12:A0:01:C3:15:FE:2F:2E:4E:F6:B4:4E:84:FE:E7:82:
  • DD:D8:AE:50:95:19