SSL-Tools

SSL check results of bloom.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for bloom.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 16 Feb 2026 14:10:54 +0000

The mailservers of bloom.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @bloom.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
carlisle.daserver.org
108.20.134.189
 10
supported
carlisle.daserver.org
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
20 s
sf.daserver.org
108.215.213.143
 40
supported
sf.daserver.org
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
22 s

Outgoing Mails

We have not received any emails from a @bloom.org address so far. Test mail delivery

Certificates

First seen at:

CN=carlisle.daserver.org

Certificate chain
  • carlisle.daserver.org
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R13
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • carlisle.daserver.org
Alternative Names
  • carlisle.daserver.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R13
validity period
Not valid before
2026-02-11
Not valid after
2026-05-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
52:A3:9B:60:04:CE:DD:EA:5B:61:8E:90:DC:78:A0:6F:03:ED:9D:80:93:A1:34:E2:F0:82:EC:EF:5B:51:20:1C
SHA1
24:5A:61:14:05:18:60:E2:75:0A:F2:F7:9B:92:DB:21:D4:61:BA:62
X509v3 extensions
subjectKeyIdentifier
  • 7A:26:9A:42:B7:B2:C4:0A:26:DD:2E:F4:FB:96:75:F0:E0:02:54:C2
authorityKeyIdentifier
  • keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33
authorityInfoAccess
  • CA Issuers - URI:http://r13.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r13.c.lencr.org/114.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 16:83:2D:AB:F0:A9:25:0F:0F:F0:3A:A5:45:FF:C8:BF:
  • C8:23:D0:87:4B:F6:04:29:27:F8:E7:1F:33:13:F5:FA
  • Timestamp : Feb 11 05:40:44.268 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:CC:16:BC:9C:46:F4:8A:A0:0E:11:7B:
  • 55:A4:74:5B:A2:83:ED:10:8F:CC:DE:C7:FD:FE:8C:83:
  • DC:43:DD:D0:B2:02:21:00:FE:66:D2:3A:6E:F0:21:DE:
  • CE:9E:DA:BA:E1:40:66:13:89:88:94:00:E9:3A:C9:CE:
  • 02:75:81:6A:C8:02:12:14
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 71:7E:95:F3:C2:38:8A:6D:B1:E3:84:49:3D:31:E1:5A:
  • A9:62:08:76:2D:42:00:E0:05:0C:D0:67:B5:A6:61:E2
  • Timestamp : Feb 11 05:40:44.408 2026 GMT
  • Extensions: 00:00:05:00:09:26:A8:90
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:2C:65:41:85:F0:A4:C6:BC:E6:18:46:B0:
  • 8D:91:78:16:4E:82:79:75:D1:EC:09:1F:13:7F:78:69:
  • 7C:F7:51:67:02:20:26:6C:53:C5:AB:3C:67:2B:0E:80:
  • 81:4C:75:99:E4:76:57:FE:65:56:75:21:FC:A0:28:D9:
  • BA:AD:65:F5:59:81
First seen at:

CN=sf.daserver.org

Certificate chain
  • sf.daserver.org
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R12
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • sf.daserver.org
Alternative Names
  • sf.daserver.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R12
validity period
Not valid before
2026-02-11
Not valid after
2026-05-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
F9:75:05:E2:0A:C3:E4:A2:6A:53:3B:C9:72:2D:9E:7E:29:48:E0:81:2E:B5:A5:12:AC:67:D5:2D:C4:B4:FE:1C
SHA1
12:0B:1C:11:FC:F9:B6:8A:86:33:4C:40:58:74:44:90:D7:08:58:9F
X509v3 extensions
subjectKeyIdentifier
  • 6E:93:51:8F:E3:FD:48:8F:97:0E:25:B8:EA:BA:3F:32:F3:42:CD:16
authorityKeyIdentifier
  • keyid:00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2
authorityInfoAccess
  • CA Issuers - URI:http://r12.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r12.c.lencr.org/90.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
  • F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
  • Timestamp : Feb 11 08:41:32.096 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:70:03:AC:CC:37:F2:27:6D:62:DF:07:23:
  • B3:10:0C:D9:8F:92:A9:3D:02:0B:9D:83:96:3A:E5:7D:
  • 7C:8B:1D:9E:02:20:55:63:ED:36:DB:73:64:BF:B9:4A:
  • B8:7D:27:02:BF:46:C1:66:A7:70:B6:3C:02:02:5C:43:
  • 87:38:BD:2F:66:D6
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
  • 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
  • Timestamp : Feb 11 08:41:32.082 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:40:4A:4D:42:EB:A3:49:04:02:5A:AB:16:
  • F4:90:91:91:2A:2A:C7:5A:C1:D5:3E:F4:93:CA:F8:8B:
  • EE:53:D6:CA:02:20:77:DB:07:F4:2D:EC:BE:36:66:13:
  • 02:2F:20:D4:CC:D5:BD:C4:B1:91:33:CE:2F:02:71:9E:
  • 1F:8A:32:0F:90:74