SSL check results of iol.cz

NEW You can also bulk check multiple servers.

Discover if the mail servers for iol.cz can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 07 Feb 2024 17:30:41 +0000

The mailservers of iol.cz can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @iol.cz addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
smtp-in.iol.cz
90.176.151.96
10
supported
smtp-in.iol.cz
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @iol.cz sender addresses. Test mail delivery

Host TLS Version & Cipher
210.150.broadband14.iol.cz (90.181.150.210)
Insecure - not encrypted!
178.152.broadband16.iol.cz (90.183.152.178)
Insecure - not encrypted!
50.158.broadband16.iol.cz (90.183.158.50)
Insecure - not encrypted!

Certificates

First seen at:

CN=smtp-in.iol.cz,O=O2 Czech Republic a.s.,L=Praha,C=CZ

Certificate chain
Subject
Country (C)
  • CZ
Locality (L)
  • Praha
Organization (O)
  • O2 Czech Republic a.s.
Common Name (CN)
  • smtp-in.iol.cz
Alternative Names
  • smtp-in.iol.cz
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • Thawte TLS RSA CA G1
validity period
Not valid before
2023-11-29
Not valid after
2024-12-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
12:25:8D:E6:AD:FE:B8:B5:87:7F:51:EF:61:7E:09:9E:E7:8B:F7:30:02:8A:5A:93:B1:0C:35:96:5C:E8:24:57
SHA1
3A:DA:4D:70:B4:24:42:24:63:BC:82:92:58:0F:D7:8B:F4:BB:F0:AC
X509v3 extensions
authorityKeyIdentifier
  • keyid:A5:8C:FE:32:CC:EB:0F:2C:D4:19:C6:08:B8:00:24:88:5D:C3:C5:B7
subjectKeyIdentifier
  • 61:BA:5E:0F:69:F8:5B:C0:3A:88:9B:1E:A5:75:47:C4:33:22:75:30
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.thawte.com/ThawteTLSRSACAG1.crl
authorityInfoAccess
  • OCSP - URI:http://status.thawte.com
  • CA Issuers - URI:http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Nov 29 08:22:14.928 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:AB:E1:A6:7D:DE:F9:01:8A:15:B1:18:
  • 18:0F:B7:8C:E2:41:83:DD:FE:42:B0:43:8C:95:97:F0:
  • 2A:04:D3:C5:31:02:20:3F:35:F6:5E:5F:D7:ED:D0:F8:
  • F4:9C:44:78:D9:1F:70:49:8A:79:BD:DD:13:3D:FF:AF:
  • 4B:B9:D0:A8:96:FE:92
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Nov 29 08:22:14.975 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:40:00:3B:37:8C:57:87:D5:E8:EA:60:FD:
  • 17:5B:EC:7B:B4:7E:C4:F9:CC:B0:F1:CF:31:B3:43:11:
  • F1:10:23:2F:02:21:00:8F:CA:FD:53:BF:9E:60:6F:94:
  • C6:94:A3:E0:DE:E5:52:F9:27:3D:8E:56:3A:F2:9F:90:
  • 50:F2:4E:0C:9C:B1:C4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Nov 29 08:22:14.942 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:6B:BF:A5:0D:78:01:4C:D4:91:3C:C1:0F:
  • 19:B2:35:47:DF:40:D5:BC:92:67:1D:78:3F:D7:4D:F8:
  • 8C:BE:77:E2:02:20:11:0F:1A:A7:11:38:E9:D1:41:7B:
  • 81:C9:32:FB:44:F3:47:C1:C3:2D:D6:CE:71:5C:2D:AC:
  • 00:A6:7C:1F:35:75

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.smtp-in.iol.cz
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid