SSL check results of safe-mail.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for safe-mail.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 25 May 2020 11:35:37 +0000

The mailservers of safe-mail.net can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @safe-mail.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
tamar.safe-mail.net
212.29.227.86
10
supported
*.safe-mail.net
DANE
missing
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
23 s
dekel.safe-mail.net
212.29.227.84
10
supported
*.safe-mail.net
DANE
missing
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
24 s
pitango.safe-mail.net
212.29.227.82
40
supported
*.safe-mail.net
DANE
missing
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • SSLv3
18 s
mango.safe-mail.net
212.29.227.83
40
supported
*.safe-mail.net
DANE
missing
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.0
  • SSLv3
18 s
orange.safe-mail.net
212.29.227.81
40
supported
*.safe-mail.net
DANE
missing
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • SSLv3
16 s

Outgoing Mails

We have received emails from these servers with @safe-mail.net sender addresses. Test mail delivery

Host TLS Version & Cipher
pitango.safe-mail.net (212.29.227.82)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=*.safe-mail.net,OU=Domain Control Validated

Certificate chain
  • *.safe-mail.net
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Unknown Authority

      Go Daddy Secure Certificate Authority - G2
Subject
Organizational Unit (OU)
  • Domain Control Validated
Common Name (CN)
  • *.safe-mail.net
Alternative Names
  • *.safe-mail.net
  • safe-mail.net
Issuer
Country (C)
  • US
State (ST)
  • Arizona
Locality (L)
  • Scottsdale
Organization (O)
  • GoDaddy.com, Inc.
Organizational Unit (OU)
  • http://certs.godaddy.com/repository/
Common Name (CN)
  • Go Daddy Secure Certificate Authority - G2
validity period
Not valid before
2020-05-06
Not valid after
2021-06-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
2D:52:24:60:DE:36:AF:C1:88:A2:DD:0B:62:CA:5C:DA:B7:18:E5:4E:52:BD:5A:15:3C:41:D4:EF:56:5D:6F:90
SHA1
AC:A7:32:07:5A:2E:3A:E5:BA:F3:F4:00:39:F1:55:D0:27:78:6A:4C
X509v3 extensions
crlDistributionPoints
  • Full Name:
  • URI:http://crl.godaddy.com/gdig2s1-1938.crl
certificatePolicies
  • Policy: 2.16.840.1.114413.1.7.23.1
  • CPS: http://certificates.godaddy.com/repository/
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • OCSP - URI:http://ocsp.godaddy.com/
  • CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
authorityKeyIdentifier
  • keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
subjectKeyIdentifier
  • E6:8A:9D:2B:33:FE:94:5B:96:4B:99:C5:B3:68:B1:73:E2:1C:8D:71
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : May 6 22:05:06.292 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C4:91:78:90:A7:C1:52:20:92:2E:62:
  • 2F:81:05:B4:B4:BC:EB:8E:00:53:A6:2D:6B:B1:27:D3:
  • 1F:8B:95:A7:08:02:21:00:9C:EE:BF:0C:DB:C0:2C:F2:
  • C3:C3:B3:0B:FF:7B:29:EA:D7:23:40:86:64:C4:23:ED:
  • AF:AB:3D:BE:D0:01:5B:4D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0:
  • DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8
  • Timestamp : May 6 22:05:06.738 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:91:EB:5F:E8:D1:DC:BD:86:20:7A:19:
  • B4:65:3B:E9:00:58:59:FC:6B:79:3A:39:96:5C:27:0B:
  • E7:5C:E3:5A:68:02:21:00:C6:BB:46:DC:01:82:E0:91:
  • 2C:5A:07:E7:D2:A6:25:51:18:CB:ED:51:30:9B:C6:B0:
  • EB:A7:3C:1F:C4:3D:25:5D