riseup.net - TLS / STARTTLS Test

Discover if the mail servers for riseup.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 27 Feb 2024 22:50:21 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Valid

The mailservers of riseup.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @riseup.net addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx1.riseup.net 198.252.153.129	10	supported	mx1.riseup.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2024-02-27 14 s

Outgoing Mails

We have received emails from these servers with @riseup.net sender addresses. Test mail delivery

Host	TLS Version & Cipher
mx1.riseup.net (198.252.153.129)	TLSv1.2 ADH-AES256-GCM-SHA384	2020-10-23

Certificates

First seen at: 2024-01-28

CN=mx1.riseup.net

Certificate chain

mx1.riseup.net
- 2024-04-03 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mx1.riseup.net

Alternative Names

mx1.riseup.net

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-01-04
Not valid after: 2024-04-03

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 9A:27:09:97:70:8D:60:0D:0E:20:8B:92:D9:1D:9A:23:11:12:BC:A6:98:CA:0E:FA:1B:4C:98:96:07:F1:71:3F
SHA1: F9:E5:20:88:C6:EB:9B:18:F8:04:D8:96:44:AC:07:64:7B:FA:AE:3B

X509v3 extensions

subjectKeyIdentifier

B0:86:CB:C2:F4:E2:CF:A5:0C:1F:39:3D:1A:12:7E:E8:BC:AF:84:7E

authorityKeyIdentifier

keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

authorityInfoAccess

OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Jan 4 04:16:02.205 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:CF:A7:DA:5A:45:D1:DC:7E:E0:AE:15:
9F:D5:69:9A:30:87:83:33:71:21:43:9A:6E:0E:36:1C:
A7:77:0A:BB:08:02:20:4F:DF:83:F5:FE:13:15:11:FC:
49:39:CE:15:31:34:C0:13:DA:C5:8B:17:F6:0C:CF:62:
86:8E:74:88:CB:5E:64
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Jan 4 04:16:02.700 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:82:23:B8:89:F8:A3:72:6F:67:BF:7A:
57:61:04:BC:12:07:0E:18:76:0C:E8:F6:B6:DE:74:D8:
60:D8:E9:82:06:02:21:00:BC:D3:65:A1:21:DF:02:B2:
95:27:88:FD:66:6F:80:C3:84:1C:8D:49:E8:7F:1B:0B:
B7:B7:08:C8:8E:00:5F:A0

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx1.riseup.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.riseup.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx1.riseup.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.riseup.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.riseup.net	DANE-TA: Trust Anchor Assertion Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx1.riseup.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of riseup.net