SSL-Tools

SSL check results of ox.io

NEW You can also bulk check multiple servers.

Discover if the mail servers for ox.io can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 18 Aug 2020 17:17:48 +0000

The mailservers of ox.io can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ox.io addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.open-xchange.com
87.191.57.186
 10
supported
*.open-xchange.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
3 s
mx2.open-xchange.com
87.191.57.187
 20
supported
*.open-xchange.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @ox.io address so far. Test mail delivery

Certificates

First seen at:

CN=*.open-xchange.com

Certificate chain
Subject
Common Name (CN)
  • *.open-xchange.com
Alternative Names
  • *.open-xchange.com
  • open-xchange.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • RapidSSL RSA CA 2018
validity period
Not valid before
2020-01-16
Not valid after
2022-03-12
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
87:0E:2F:81:6A:E4:1C:26:78:1E:EB:6E:D8:24:64:B5:40:35:3B:4A:E6:D2:C4:4D:DB:AC:AC:82:81:4E:35:E4
SHA1
CB:1A:9E:8D:60:A0:EF:20:84:E5:5B:08:08:87:AB:3B:11:DB:BA:E3
X509v3 extensions
authorityKeyIdentifier
  • keyid:53:CA:17:59:FC:6B:C0:03:21:2F:1A:AE:E4:AA:A8:1C:82:56:DA:75
subjectKeyIdentifier
  • AD:9B:08:D6:B7:99:10:26:EF:C5:2B:AF:E9:3E:19:30:05:87:A0:20
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.rapidssl.com/RapidSSLRSACA2018.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.1.2
  • CPS: https://www.digicert.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • OCSP - URI:http://status.rapidssl.com
  • CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Jan 16 10:43:53.560 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:50:09:05:F0:B1:8D:AA:43:B3:2F:3C:DB:
  • 42:D0:1D:32:F3:2A:F0:B1:6C:25:53:A7:E7:33:59:D3:
  • 31:07:8D:C5:02:21:00:B2:89:7E:6A:D5:26:DD:F6:7A:
  • AA:0E:7C:91:49:1A:2C:77:29:C9:83:58:C9:09:16:57:
  • E6:94:16:0B:F4:3A:C5
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : Jan 16 10:43:53.623 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:15:F5:03:E2:DC:13:F5:55:11:27:EE:CD:
  • F4:DA:77:0C:7D:CF:08:91:E9:9A:C9:F9:04:8F:33:81:
  • 7E:C8:EF:5E:02:21:00:DB:D1:CC:E1:59:B0:6E:32:97:
  • 0B:34:98:E2:BB:F3:EF:A1:70:56:19:37:F2:CE:1A:7B:
  • 73:75:4A:0F:D8:D6:61
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
  • 7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
  • Timestamp : Jan 16 10:43:53.711 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:DD:EB:85:24:C1:ED:B1:8D:60:3D:52:
  • 2C:86:1F:3A:B5:40:ED:BC:F8:AE:DA:3D:16:4F:43:07:
  • 4B:AC:03:D9:22:02:20:2C:71:05:78:29:FB:8F:7D:F6:
  • F4:C6:C7:46:0D:50:11:EC:32:4A:CA:5A:EA:26:03:72:
  • 48:77:85:26:E6:DB:C9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.open-xchange.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx2.open-xchange.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid