SSL-Tools

SSL check results of rozhlas.cz

NEW You can also bulk check multiple servers.

Discover if the mail servers for rozhlas.cz can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 05 Aug 2022 13:31:52 +0000

We can not guarantee a secure connection to the mailservers of rozhlas.cz!

Please contact the operator of rozhlas.cz and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/rozhlas.cz

Servers

Incoming Mails

These servers are responsible for incoming mails to @rozhlas.cz addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
ns1.cro.cz
195.113.180.18
 10
supported
ns.cro.cz
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
ns2.cro.cz
195.113.180.19
 20
supported
ns2.cro.cz
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
rs.cesnet.cz
2001:718:1:1::144:199
Results incomplete
30
supported
not checked
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
rs.cesnet.cz
195.113.144.199
Results incomplete
30
supported
not checked
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @rozhlas.cz address so far. Test mail delivery

Certificates

First seen at:

CN=ns.cro.cz,O=Cesky rozhlas,L=Prague,ST=Czech republic,C=CZ

Certificate chain
  • ns.cro.cz (Certificate is self-signed.)
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Hostname Mismatch
    • Unknown Authority
Subject
Country (C)
  • CZ
State (ST)
  • Czech republic
Locality (L)
  • Prague
Organization (O)
  • Cesky rozhlas
Common Name (CN)
  • ns.cro.cz
Issuer

Certificate is self-signed.

validity period
Not valid before
2018-10-31
Not valid after
2028-10-28
Fingerprints
SHA256
CC:89:D6:16:57:3D:A0:6E:50:4C:3A:57:6A:36:95:17:B1:88:B9:C6:DF:4E:B7:33:C3:81:03:4C:DC:46:26:B7
SHA1
B7:89:FA:E0:17:69:4C:6C:AA:B3:29:C7:B2:F3:5F:32:97:DF:59:4B
X509v3 extensions
subjectKeyIdentifier
  • 75:86:93:0B:C3:0F:C1:7D:8A:15:E2:F5:DF:CD:EC:6E:0C:04:70:43
authorityKeyIdentifier
  • keyid:75:86:93:0B:C3:0F:C1:7D:8A:15:E2:F5:DF:CD:EC:6E:0C:04:70:43
First seen at:

CN=ns2.cro.cz,O=Cesky rozhlas,L=Prague,ST=Czech republic,C=CZ

Certificate chain
  • ns2.cro.cz (Certificate is self-signed.)
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Unknown Authority
Subject
Country (C)
  • CZ
State (ST)
  • Czech republic
Locality (L)
  • Prague
Organization (O)
  • Cesky rozhlas
Common Name (CN)
  • ns2.cro.cz
Issuer

Certificate is self-signed.

validity period
Not valid before
2018-10-31
Not valid after
2028-10-28
Fingerprints
SHA256
18:32:DC:F9:75:5A:8D:95:80:43:83:53:06:2F:EA:3E:D5:82:7B:03:7D:A4:C2:E7:D3:82:1D:DC:88:79:EF:60
SHA1
C4:BE:4B:20:CB:D0:66:85:90:F7:8F:4B:56:45:F6:C3:66:4B:C4:A1
X509v3 extensions
subjectKeyIdentifier
  • 05:42:2D:23:DB:3D:30:71:59:05:7C:57:91:51:E4:62:8C:BB:42:B8
authorityKeyIdentifier
  • keyid:05:42:2D:23:DB:3D:30:71:59:05:7C:57:91:51:E4:62:8C:BB:42:B8

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.rs.cesnet.cz
  • DANE-TA: Trust Anchor Assertion
  • Use full certificate
  • SHA-256 Hash
valid