SSL check results of t-2.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for t-2.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 21 Jun 2016 12:56:11 +0000

The mailservers of t-2.net can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @t-2.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
smtp-good-in-1.t-2.net
2a01:260:1:4::23
0
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • TLSv1.0
  • SSLv3
2 s
smtp-good-in-1.t-2.net
84.255.208.35
0
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • TLSv1.0
  • SSLv3
2 s
smtp-bad-in-1.t-2.net
2a01:260:1:4::27
1
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • TLSv1.0
  • SSLv3
2 s
smtp-bad-in-1.t-2.net
84.255.208.39
1
supported
*.t-2.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_EXPORT_WITH_RC4_40_MD5
  • TLSv1.0
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @t-2.net sender addresses. Test mail delivery

Host TLS Version & Cipher
84-255-202-74.static.t-2.net (84.255.202.74)
Insecure - not encrypted!
89-212-90-179.static.t-2.net (89.212.90.179)
Insecure - not encrypted!
84-255-202-249.static.t-2.net (84.255.202.249)
Insecure - not encrypted!
93-103-6-14.static.t-2.net (93.103.6.14)
Insecure - not encrypted!
193-138-50-7.static.t-2.net (193.138.50.7)
Insecure - not encrypted!

Certificates

First seen at:

CN=*.t-2.net,O=T-2 d.o.o.,L=Ljubljana,C=SI

Certificate chain
Subject
Country (C)
  • SI
Locality (L)
  • Ljubljana
Organization (O)
  • T-2 d.o.o.
Common Name (CN)
  • *.t-2.net
Alternative Names
  • *.t-2.net
  • t-2.net
Issuer
Country (C)
  • US
State (ST)
  • Arizona
Locality (L)
  • Scottsdale
Organization (O)
  • GoDaddy.com, Inc.
Organizational Unit (OU)
  • http://certs.godaddy.com/repository/
Common Name (CN)
  • Go Daddy Secure Certificate Authority - G2
validity period
Not valid before
2016-02-05
Not valid after
2017-02-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
39:4A:8B:50:EB:4E:E1:04:20:17:C7:E8:D0:2A:C2:01:BD:7E:FD:D0:17:84:E9:E5:75:6A:4C:52:89:D3:3E:2E
SHA1
C9:3B:1E:36:CE:72:4D:2A:7D:B1:2A:74:05:85:FA:40:25:B9:E4:59
X509v3 extensions
crlDistributionPoints
  • Full Name:
  • URI:http://crl.godaddy.com/gdig2s2-2.crl
certificatePolicies
  • Policy: 2.16.840.1.114413.1.7.23.2
  • CPS: http://certificates.godaddy.com/repository/
authorityInfoAccess
  • OCSP - URI:http://ocsp.godaddy.com/
  • CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
authorityKeyIdentifier
  • keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
subjectKeyIdentifier
  • 41:2D:A6:7E:45:6B:B8:FA:84:F1:BB:AC:8B:67:F3:E7:CA:69:2A:92

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.smtp-good-in-1.t-2.net
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.smtp-bad-in-1.t-2.net
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid