inflection.nl - TLS / STARTTLS Test

Discover if the mail servers for inflection.nl can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 19 Jun 2024 00:31:12 +0000

Certificates

Problems found
Protocol

Secure
DANE

Problems found

The mailservers of inflection.nl can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @inflection.nl addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx1.vevida.com 2a00:f60::3:45	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx1.vevida.com 77.94.251.45	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx3.vevida.com 2a00:f60::3:47	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx3.vevida.com 77.94.251.47	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx2.vevida.com 2a00:f60::3:46	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx2.vevida.com 77.94.251.46	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx4.vevida.com 2a00:f60::3:48	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
mx4.vevida.com 77.94.251.48	10	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 2a00:f60::3:48	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 2a00:f60::3:45	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 2a00:f60::3:46	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 2a00:f60::3:47	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 77.94.251.46	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 77.94.251.45	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 77.94.251.47	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s
backup-mx.vevida.com 77.94.251.48	20	supported	mx1.vevida.com	DANE errors PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-19 2 s

Outgoing Mails

We have not received any emails from a @inflection.nl address so far. Test mail delivery

Certificates

First seen at: 2024-06-18

CN=mx1.vevida.com

Certificate chain

mx1.vevida.com
- 2024-09-15 remaining
- 2048 bit
- sha256WithRSAEncryption
- Unknown Authority

Subject

Common Name (CN)

mx1.vevida.com

Alternative Names

backup-mx.vevida.com
mx1.vevida.com
mx2.vevida.com
mx3.vevida.com
mx4.vevida.com

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-06-17
Not valid after: 2024-09-15

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: A5:39:43:28:A6:CB:8A:98:B9:0B:EC:05:7E:9E:57:89:79:52:64:19:AE:D3:BB:AF:EB:0A:D4:A7:67:AC:E2:72
SHA1: 1D:04:D9:F1:64:98:9C:1E:76:E4:05:9C:75:B6:7F:6D:7B:5E:29:2E

X509v3 extensions

subjectKeyIdentifier

A4:A4:4F:EB:FC:90:B2:B5:9E:E3:C9:EF:29:4A:2B:4E:71:F0:81:66

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : Jun 17 07:31:51.423 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:11:5A:65:EB:52:1C:CF:67:E2:52:44:06:
20:BA:4F:DD:15:02:28:4F:42:45:50:DF:01:7F:08:00:
26:92:FA:96:02:20:27:AE:08:14:F6:AC:09:F6:DB:76:
BB:67:DD:77:FC:B3:49:30:29:B5:89:B0:02:FB:1D:F1:
A2:EC:A3:8E:5F:86
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Jun 17 07:31:51.421 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:31:49:4C:A6:29:00:E4:0F:3C:AC:90:86:
AF:1B:B9:BC:3C:69:21:1E:1E:15:7A:BB:84:86:C5:55:
05:68:A1:CE:02:20:25:48:ED:A5:39:EF:10:F5:2E:4C:
62:AE:89:3D:A9:C7:E1:DA:8C:78:D1:D7:66:C0:46:D4:
F1:EF:83:AB:DC:4A

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx1.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx3.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx3.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx3.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx3.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx2.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx2.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx2.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx2.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.backup-mx.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.backup-mx.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.backup-mx.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.backup-mx.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx4.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx4.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx4.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx4.vevida.com	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—

SSL check results of inflection.nl