SSL-Tools

SSL check results of recom.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for recom.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 14 Apr 2025 15:19:16 +0000

The mailservers of recom.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @recom.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.vonaffenfels.de
2a02:c98:1000:40:94:186:144:146
 10
supported
mail.vonaffenfels.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mail.vonaffenfels.de
94.186.144.146
 10
supported
mail.vonaffenfels.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @recom.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.vonaffenfels.de

Certificate chain
  • mail.vonaffenfels.de
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R10
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.vonaffenfels.de
Alternative Names
  • imap.vonaffenfels.de
  • mail.hj-plan.de
  • mail.vonaffenfels.de
  • smtp.vonaffenfels.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R10
validity period
Not valid before
2025-04-14
Not valid after
2025-07-13
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
41:D9:93:E4:D2:56:AB:35:A7:7E:33:5D:DA:B2:38:5E:CA:F8:DE:B7:D0:38:F6:66:05:D1:29:AC:5E:94:55:4F
SHA1
E7:AA:A4:DF:19:03:EE:A5:AD:34:14:C6:AF:D7:34:16:A2:C4:6C:2A
X509v3 extensions
subjectKeyIdentifier
  • 80:83:85:18:55:9C:24:0D:BD:04:64:AF:4A:B6:0E:AE:AD:B6:4C:48
authorityKeyIdentifier
  • keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
authorityInfoAccess
  • OCSP - URI:http://r10.o.lencr.org
  • CA Issuers - URI:http://r10.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r10.c.lencr.org/121.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
  • 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
  • Timestamp : Apr 14 15:13:39.332 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:3D:3B:35:11:B9:EF:EF:43:B0:47:B7:AF:
  • 7B:24:97:F9:C3:F9:3D:46:96:73:84:A4:00:FE:6D:C7:
  • BE:2A:30:5B:02:21:00:FF:64:22:18:F4:11:45:C1:02:
  • 01:9A:99:AD:D7:AC:48:3A:36:84:F2:C5:E8:8F:5C:85:
  • 28:9B:51:CC:A3:CA:F8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 1A:04:FF:49:D0:54:1D:40:AF:F6:A0:C3:BF:F1:D8:C4:
  • 67:2F:4E:EC:EE:23:40:68:98:6B:17:40:2E:DC:89:7D
  • Timestamp : Apr 14 15:13:40.004 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:06:B9:A9:0A:91:58:88:F0:63:7A:54:F6:
  • 0F:1E:76:29:45:C1:90:D3:5D:CE:72:15:7A:2D:CB:35:
  • 40:1B:49:F0:02:20:04:9E:8B:B0:9E:93:FA:09:3E:9E:
  • 96:7B:09:D9:8B:77:B6:A6:4C:AD:B6:F7:61:6F:92:90:
  • 0F:51:38:01:46:55

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.vonaffenfels.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid