SSL-Tools

SSL check results of blb.nl

NEW You can also bulk check multiple servers.

Discover if the mail servers for blb.nl can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 10 Apr 2025 01:09:31 +0000

We can not guarantee a secure connection to the mailservers of blb.nl!

Please contact the operator of blb.nl and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/blb.nl

Servers

Incoming Mails

These servers are responsible for incoming mails to @blb.nl addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx.monshouwer.eu
2a00:7c80:31:10::25:0
Results incomplete
10
supported
not checked
DANE
errors
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx.monshouwer.eu
195.191.112.48
Results incomplete
10
supported
not checked
DANE
errors
PFS
unsupported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx1.monshouwer.com
2a01:4f9:c013:1028::1
 20
supported
ns2.monshouwer.eu
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx1.monshouwer.com
37.27.7.221
 20
supported
ns2.monshouwer.eu
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @blb.nl address so far. Test mail delivery

Certificates

First seen at:

CN=ns2.monshouwer.eu

Certificate chain
  • ns2.monshouwer.eu
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • ns2.monshouwer.eu
Alternative Names
  • mx1.monshouwer.com
  • ns2.monshouwer.com
  • ns2.monshouwer.eu
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-03-17
Not valid after
2025-06-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D1:7F:E4:13:E7:DE:9E:CA:72:EA:B2:B8:47:5B:69:15:C0:30:3E:C9:CB:DE:CC:BD:73:96:2C:8A:AF:1E:FA:9D
SHA1
E0:1D:13:7A:67:26:33:74:E7:87:E0:F4:C3:FB:0B:DB:B0:F4:7F:B8
X509v3 extensions
subjectKeyIdentifier
  • FA:DC:3D:7D:B3:3D:2E:2A:2D:5E:C0:FB:66:FF:EF:EE:33:F8:FD:02
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • OCSP - URI:http://r11.o.lencr.org
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/77.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
  • D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
  • Timestamp : Mar 17 09:51:34.393 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:07:69:31:97:CC:44:7F:81:1D:6F:12:5D:
  • E7:BD:FD:30:4A:F8:D2:8A:18:3A:93:FC:43:B6:4D:4A:
  • 04:A3:F0:C4:02:20:4A:85:C2:52:D0:FB:D3:3D:98:62:
  • 39:0F:9D:7F:64:E2:8A:A8:AC:16:DC:55:B9:15:A4:8D:
  • E9:10:40:04:B3:BA
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
  • 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
  • Timestamp : Mar 17 09:51:34.556 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:EA:A6:A3:C4:9B:58:FA:52:24:1E:F9:
  • ED:E1:7E:31:7F:34:5E:FA:9B:17:26:DE:34:2F:B6:15:
  • 24:CE:6D:A0:E5:02:20:61:97:D3:50:EB:B1:45:18:93:
  • 42:8C:ED:06:81:8F:12:41:F0:A7:C9:3F:38:C2:95:8A:
  • 9E:D5:FC:B9:D1:7C:B4

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.monshouwer.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx.monshouwer.eu
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid