win.net - TLS / STARTTLS Test

Discover if the mail servers for win.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 28 Jul 2020 11:32:57 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Missing

The mailservers of win.net can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @win.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
filter1.win.net 64.191.128.26	100	supported	*.win.net	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers supported SSL_RSA_WITH_RC4_128_SHA	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2020-07-28 17 s
filter2.win.net 64.191.128.26	100	supported	*.win.net	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers supported SSL_RSA_WITH_RC4_128_SHA	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2020-07-28 16 s

Outgoing Mails

We have not received any emails from a @win.net address so far. Test mail delivery

Certificates

First seen at: 2020-07-28

CN=*.win.net

Certificate chain

*.win.net
- 2021-12-23 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

*.win.net

Alternative Names

*.win.net
win.net

Issuer

Country (C)

Organization (O)

DigiCert Inc

Organizational Unit (OU)

www.digicert.com

Common Name (CN)

GeoTrust RSA CA 2018

validity period

Not valid before: 2019-12-23
Not valid after: 2021-12-23

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: A1:3F:04:01:DE:29:62:D6:91:AE:2A:87:92:E2:3A:09:10:C7:AE:E9:F4:C1:BF:12:5F:4D:CA:6C:23:E1:DB:2B
SHA1: A5:20:80:8C:47:74:3F:64:8E:BE:2C:CF:17:AC:CD:DF:E4:99:BA:18

X509v3 extensions

authorityKeyIdentifier

keyid:90:58:FF:B0:9C:75:A8:51:54:77:B1:ED:F2:A3:43:16:38:9E:6C:C5

subjectKeyIdentifier

73:16:0C:76:5C:2F:6C:48:0F:90:F7:2B:61:DD:C2:58:4B:34:2D:3E

crlDistributionPoints

Full Name:
URI:http://cdp.geotrust.com/GeoTrustRSACA2018.crl

certificatePolicies

Policy: 2.16.840.1.114412.1.2
CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.1

authorityInfoAccess

OCSP - URI:http://status.geotrust.com
CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustRSACA2018.crt

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
Timestamp : Dec 23 19:52:01.409 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:4B:0A:5F:3A:D1:08:49:62:FB:BB:6C:4C:
7A:46:28:37:FC:C8:01:0F:82:FD:C8:E7:FB:F9:87:20:
51:0A:75:FD:02:21:00:EF:22:94:D9:E3:90:79:92:A3:
0F:8F:36:29:B2:0C:73:23:52:1C:06:B3:E1:48:8A:D2:
BC:9D:21:9C:C4:28:12
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
Timestamp : Dec 23 19:52:01.505 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:26:5D:F5:A4:B2:1D:43:8D:3C:A7:73:1E:
5B:6E:22:03:73:A0:E9:E4:7E:66:CB:11:EB:47:29:0F:
97:32:EA:96:02:21:00:C3:20:6B:54:5A:90:85:F6:2D:
24:1D:30:CC:C2:22:45:AF:AF:3D:84:34:02:2A:A3:F6:
34:EC:AC:CC:41:58:DD
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 44:94:65:2E:B0:EE:CE:AF:C4:40:07:D8:A8:FE:28:C0:
DA:E6:82:BE:D8:CB:31:B5:3F:D3:33:96:B5:B6:81:A8
Timestamp : Dec 23 19:52:01.256 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:36:39:85:D2:1C:BB:05:08:8C:76:FD:0A:
33:7B:DB:ED:D2:F5:66:FD:F0:CF:4F:72:8D:18:B2:3F:
F4:3F:FE:F9:02:20:2B:E8:47:D2:1D:C2:DA:7A:97:A9:
41:C1:D2:FA:E0:E2:DD:23:D1:43:36:13:86:10:12:AE:
4E:03:50:76:F2:C8

SSL check results of win.net