SSL check results of oticasvisao.net.br

NEW You can also bulk check multiple servers.

Discover if the mail servers for oticasvisao.net.br can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Sun, 13 Nov 2016 11:15:29 +0000

We can not guarantee a secure connection to the mailservers of oticasvisao.net.br!

Please contact the operator of oticasvisao.net.br and ask him or her to solve this problem. This result stays accessible under the following address:

https://ssl-tools.net/mailservers/oticasvisao.net.br

Servers

Incoming Mails

These servers are responsible for incoming mails to @oticasvisao.net.br addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.oticasvisao.net.br
177.129.97.38
10
supported
mail.oticasvisao.net.br
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
20 s
mxbackup1.junkemailfilter.com
184.105.182.148
20
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
9 s
mxbackup2.junkemailfilter.com
184.105.182.229
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
25 s
mxbackup2.junkemailfilter.com
184.105.182.219
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mxbackup2.junkemailfilter.com
184.105.182.218
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
18 s
mxbackup2.junkemailfilter.com
69.50.231.178
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
31 s
mxbackup2.junkemailfilter.com
184.105.182.220
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
25 s
mxbackup2.junkemailfilter.com
184.105.182.210
Results incomplete
30 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
mxbackup2.junkemailfilter.com
69.50.231.179
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
29 s
mxbackup2.junkemailfilter.com
69.50.231.170
30
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
29 s
mxbackup2.junkemailfilter.com
184.105.182.228
Results incomplete
30 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
69.50.231.170
40
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
29 s
tarbaby.junkemailfilter.com
184.105.182.220
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
69.50.231.179
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
184.105.182.229
40
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
22 s
tarbaby.junkemailfilter.com
184.105.182.218
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
184.105.182.210
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
69.50.231.178
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
184.105.182.219
Results incomplete
40 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
tarbaby.junkemailfilter.com
184.105.182.228
40
supported
*.junkemailfilter.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
supported
  • ECDHE_RSA_WITH_RC4_128_SHA
  • TLSv1.2
  • TLSv1.1
  • SSLv3
16 s

Outgoing Mails

We have received emails from these servers with @oticasvisao.net.br sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.oticasvisao.net.br (177.129.97.38)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

Certificates

First seen at:

CN=mail.oticasvisao.net.br,C=BR

Certificate chain
  • mail.oticasvisao.net.br
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Unknown Authority

      StartCom Class 1 DV Server CA
Subject
Country (C)
  • BR
Common Name (CN)
  • mail.oticasvisao.net.br
Alternative Names
  • mail.oticasvisao.net.br
  • pop3.oticasvisao.net.br
  • oticasvisao.net.br
  • www.oticasvisao.net.br
  • imap.oticasvisao.net.br
  • smtp.oticasvisao.net.br
  • ntp.oticasvisao.net.br
  • sip.oticasvisao.net.br
  • rdp.oticasvisao.net.br
  • rfb.oticasvisao.net.br
Issuer
Country (C)
  • IL
Organization (O)
  • StartCom Ltd.
Organizational Unit (OU)
  • StartCom Certification Authority
Common Name (CN)
  • StartCom Class 1 DV Server CA
validity period
Not valid before
2016-09-25
Not valid after
2019-09-25
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
98:1C:5C:F1:3D:AD:D1:A8:E5:C3:60:C8:E2:15:CD:3F:8A:5C:08:AD:F5:04:89:EA:61:B4:4E:9A:55:C6:E4:16
SHA1
E4:C1:B7:63:F4:69:FE:49:34:5F:A6:84:1B:D2:0C:4F:28:1D:EE:E5
X509v3 extensions
subjectKeyIdentifier
  • EB:3B:A6:44:D4:DA:72:61:96:EC:34:C7:53:B6:26:23:9C:74:36:F8
authorityKeyIdentifier
  • keyid:D7:91:4E:01:C4:B0:BF:F8:C8:67:93:44:9C:E7:33:FA:AD:93:0C:AF
authorityInfoAccess
  • OCSP - URI:http://ocsp.startssl.com
  • CA Issuers - URI:http://aia.startssl.com/certs/sca.server1.crt
crlDistributionPoints
  • Full Name:
  • URI:http://crl.startssl.com/sca-server1.crl
issuerAltName
  • URI:http://www.startssl.com/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.23223.1.2.5
  • CPS: https://www.startssl.com/policy
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 34:BB:6A:D6:C3:DF:9C:03:EE:A8:A4:99:FF:78:91:48:
  • 6C:9D:5E:5C:AC:92:D0:1F:7B:FD:1B:CE:19:DB:48:EF
  • Timestamp : Sep 26 00:08:15.910 2016 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:97:04:DE:CB:E5:23:95:D3:DB:1F:DB:
  • 7F:F0:B9:8C:D0:73:28:38:8D:97:EB:7A:DB:3E:9D:F0:
  • 7D:AC:01:ED:C8:02:21:00:F5:8B:D7:2F:C7:A2:AA:90:
  • D0:94:C8:8D:3D:3D:13:EE:BD:B9:9D:16:F4:47:63:BF:
  • 05:00:CF:64:4A:D3:38:95
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : Sep 26 00:08:17.544 2016 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:0D:6C:48:B0:91:80:6F:12:1A:DA:BD:4D:
  • 75:28:B5:5C:31:7C:BA:16:8F:B3:15:92:3E:4B:99:D1:
  • 5C:20:AC:E8:02:21:00:A6:D2:47:F7:CA:F4:22:09:4F:
  • AA:46:0B:00:0A:12:31:3C:8F:CF:84:C9:1C:68:39:F1:
  • 5B:29:E7:ED:08:C7:D1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:
  • 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
  • Timestamp : Sep 26 00:08:17.307 2016 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:7E:3C:C1:46:76:38:67:EE:CE:B0:DA:D4:
  • D3:06:72:65:C0:CD:CF:48:A4:0E:23:AC:EB:DF:4A:8E:
  • E5:A7:8A:F2:02:21:00:8D:B3:63:82:51:65:46:0C:43:
  • 40:B3:72:90:35:7E:14:91:8D:E5:A0:1F:7D:A6:72:92:
  • 82:DA:03:BA:F4:E8:2F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Sep 26 00:08:17.887 2016 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:AB:F5:2F:7A:0A:15:5D:28:ED:ED:9E:
  • 41:86:81:D4:54:2F:1E:C0:98:E8:EC:37:C5:96:AA:F6:
  • A6:12:4D:36:2D:02:20:13:1C:74:5C:75:DD:7D:3F:F7:
  • 79:94:4C:C9:64:C5:A0:F4:EE:50:F4:65:24:0B:6C:A8:
  • 5E:F9:9A:F1:B1:B8:E8
First seen at:

CN=*.junkemailfilter.com,OU=EssentialSSL Wildcard,OU=Domain Control Validated

Certificate chain
Subject
Organizational Unit (OU)
  • Domain Control Validated
  • EssentialSSL Wildcard
Common Name (CN)
  • *.junkemailfilter.com
Alternative Names
  • *.junkemailfilter.com
  • junkemailfilter.com
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • COMODO CA Limited
Common Name (CN)
  • COMODO RSA Domain Validation Secure Server CA
validity period
Not valid before
2015-08-07
Not valid after
2018-09-05
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D3:2D:26:89:D3:F7:24:C2:B6:F0:69:50:1B:59:0A:D4:68:4F:66:44:4D:51:77:AB:29:F6:6C:06:16:13:BA:33
SHA1
44:E5:79:26:AB:E8:02:0B:7B:17:28:9D:00:BB:0D:09:EE:A5:38:05
X509v3 extensions
authorityKeyIdentifier
  • keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
subjectKeyIdentifier
  • 60:7D:EC:22:B2:1B:77:60:6D:D9:33:3D:46:E8:72:B5:D2:C3:2F:53
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://secure.comodo.com/CPS
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.comodoca.com

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.oticasvisao.net.br
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid