SSL-Tools

SSL check results of sofsa.mil

NEW You can also bulk check multiple servers.

Discover if the mail servers for sofsa.mil can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 18 May 2022 19:32:12 +0000

We can not guarantee a secure connection to the mailservers of sofsa.mil!

Please contact the operator of sofsa.mil and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/sofsa.mil

Servers

Incoming Mails

These servers are responsible for incoming mails to @sofsa.mil addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
pri-jeemsg.eemsg.mail.mil
156.112.250.4
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
31 s
pri-jeemsg.eemsg.mail.mil
156.112.250.2
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
21 s
pri-jeemsg.eemsg.mail.mil
156.112.250.7
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
21 s
pri-jeemsg.eemsg.mail.mil
156.112.250.0
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
24 s
pri-jeemsg.eemsg.mail.mil
156.112.250.3
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
17 s
pri-jeemsg.eemsg.mail.mil
156.112.250.1
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
18 s
pri-jeemsg.eemsg.mail.mil
156.112.250.8
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
18 s
pri-jeemsg.eemsg.mail.mil
156.112.250.15
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
27 s
pri-jeemsg.eemsg.mail.mil
156.112.250.6
 10
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
21 s
sec-jeemsg.eemsg.mail.mil
156.112.250.14
 20
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
22 s
sec-jeemsg.eemsg.mail.mil
156.112.250.5
 20
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
20 s
sec-jeemsg.eemsg.mail.mil
156.112.250.12
 20
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
17 s
sec-jeemsg.eemsg.mail.mil
156.112.250.10
 20
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
23 s
sec-jeemsg.eemsg.mail.mil
156.112.250.9
Results incomplete
20
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s
sec-jeemsg.eemsg.mail.mil
156.112.250.11
 20
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
19 s
sec-jeemsg.eemsg.mail.mil
156.112.250.13
 20
supported
*.eemsg.mail.mil
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
23 s
bgs-v-ppa01z.sofsa.mil
192.203.150.48
Results incomplete
30 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
12 s
bgs-v-ppa02z.sofsa.mil
192.203.150.49
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
13 s

Outgoing Mails

We have not received any emails from a @sofsa.mil address so far. Test mail delivery

Certificates

First seen at:

CN=*.eemsg.mail.mil,O=Defense Digital Service,L=Washington,ST=District of Columbia,C=US

Certificate chain
Subject
Country (C)
  • US
State (ST)
  • District of Columbia
Locality (L)
  • Washington
Organization (O)
  • Defense Digital Service
Common Name (CN)
  • *.eemsg.mail.mil
Alternative Names
  • *.eemsg.mail.mil
Issuer
Country (C)
  • US
Organization (O)
  • Entrust, Inc.
Organizational Unit (OU)
  • See www.entrust.net/legal-terms
  • (c) 2012 Entrust, Inc. - for authorized use only
Common Name (CN)
  • Entrust Certification Authority - L1K
validity period
Not valid before
2020-07-22
Not valid after
2022-07-17
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
10:D6:12:F9:28:9D:73:A8:BC:1C:58:73:14:AB:78:B2:B1:0D:0D:36:49:F5:4E:D1:5F:BD:B1:8E:EB:04:50:A0
SHA1
5B:7A:87:54:51:3E:B0:22:6B:14:56:9C:D8:57:D5:56:EE:0C:2C:32
X509v3 extensions
subjectKeyIdentifier
  • 82:F3:C2:2B:E8:27:A8:07:E8:3D:8F:CB:B6:2D:B2:1D:65:9A:7C:07
authorityKeyIdentifier
  • keyid:82:A2:70:74:DD:BC:53:3F:CF:7B:D4:F7:CD:7F:A7:60:C6:0A:4C:BF
authorityInfoAccess
  • OCSP - URI:http://ocsp.entrust.net
  • CA Issuers - URI:http://aia.entrust.net/l1k-chain256.cer
crlDistributionPoints
  • Full Name:
  • URI:http://crl.entrust.net/level1k.crl
certificatePolicies
  • Policy: 2.16.840.1.114028.10.1.5
  • CPS: https://www.entrust.net/rpa
  • Policy: 2.23.140.1.2.2
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Jul 22 15:16:43.617 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C6:E7:E1:CA:E2:17:BB:8C:6D:8C:C0:
  • 09:6A:69:18:FE:11:D7:45:74:8F:AC:8D:87:89:B1:57:
  • AE:4E:9C:DD:CB:02:21:00:A7:1C:82:9C:20:F5:69:84:
  • 3C:27:DE:D1:69:6E:B8:DA:1C:1B:EB:C3:A4:38:04:FE:
  • F1:FC:79:71:01:F4:C4:9F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
  • 46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
  • Timestamp : Jul 22 15:16:43.653 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:F0:66:4A:C2:5C:48:83:34:42:99:52:
  • 08:ED:F9:88:DD:BD:52:C5:4F:93:E9:0D:08:79:38:6A:
  • EE:09:A7:A0:02:02:21:00:D0:76:2F:33:91:50:6E:73:
  • 84:1E:7B:D0:35:0C:96:62:D4:43:39:31:7B:69:E6:95:
  • 90:FA:9C:A1:82:98:4F:A3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
  • 7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
  • Timestamp : Jul 22 15:16:43.668 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:71:57:D0:E2:1D:08:F5:0D:ED:02:1C:89:
  • 7B:4D:21:E1:67:2A:A5:F2:5A:65:61:DF:75:51:A3:03:
  • 75:F3:EC:39:02:21:00:8A:E3:41:A0:7F:F4:A3:90:D8:
  • BD:24:33:D2:A4:F2:8C:77:72:CA:71:5C:2F:6A:7D:80:
  • 8B:CE:F3:10:36:DA:DC
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
  • 11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
  • Timestamp : Jul 22 15:16:43.728 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A2:43:B7:23:70:8E:9A:E9:1E:98:D3:
  • 1E:82:8C:99:CA:88:BB:CC:37:C1:7D:4C:C5:88:5F:17:
  • B1:5E:5F:B7:35:02:21:00:DD:75:6D:EC:0F:66:EA:47:
  • 00:4F:1E:4E:50:D5:0F:C9:A4:98:E8:91:18:22:71:48:
  • AF:8F:14:59:02:31:CA:B3

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.sec-jeemsg.eemsg.mail.mil
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.sec-jeemsg.eemsg.mail.mil
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.pri-jeemsg.eemsg.mail.mil
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.pri-jeemsg.eemsg.mail.mil
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid