SSL-Tools

SSL check results of hoh.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for hoh.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 28 Mar 2024 18:01:31 +0000

The mailservers of hoh.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @hoh.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
secure.hoh.ch
2001:1680:2:200::60
 10
supported
secure.hoh.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
8 s
secure.hoh.ch
195.8.113.10
 10
supported
secure.hoh.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s

Outgoing Mails

We have not received any emails from a @hoh.ch address so far. Test mail delivery

Certificates

First seen at:

CN=secure.hoh.ch

Certificate chain
  • secure.hoh.ch
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • secure.hoh.ch
Alternative Names
  • secure.hoh.ch
  • secure.ipv6.hoh.ch
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-23
Not valid after
2024-06-21
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
93:A5:FB:81:D1:42:DC:F5:4D:7D:E4:BD:48:41:9B:C3:2F:94:D0:79:AC:95:26:FC:FD:E0:63:FA:EC:E5:06:C6
SHA1
6E:4F:D8:1E:3B:F0:07:92:F0:09:27:66:80:AE:92:13:5B:5B:DA:F8
X509v3 extensions
subjectKeyIdentifier
  • 9A:D0:42:2B:7A:CA:04:25:AC:1A:A5:B5:0C:86:75:5F:AF:15:D7:72
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
  • ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
  • Timestamp : Mar 23 18:06:43.495 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:B0:1A:72:70:94:55:4C:0C:3E:0F:A2:
  • E5:8A:3D:DB:51:3C:71:95:A6:EB:FA:B8:2D:DC:57:4B:
  • AA:39:46:86:FC:02:20:1F:30:9A:EA:32:BE:3B:EB:8F:
  • CB:AF:5F:58:30:BE:E5:DD:4A:A4:E4:EE:69:E3:23:ED:
  • E8:60:83:93:E3:B9:7A
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
  • 65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
  • Timestamp : Mar 23 18:06:45.508 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:BD:AA:FA:69:06:5D:C0:EA:37:DF:98:
  • 75:81:97:73:16:A5:AF:1B:D4:55:E8:81:5B:74:57:93:
  • F5:23:DB:3A:C2:02:20:2D:8D:FB:15:84:46:FB:41:22:
  • 86:91:EF:61:E8:9B:79:11:BB:C1:DE:C8:E7:27:5F:BC:
  • 27:29:4D:2E:23:FA:B9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.secure.hoh.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid