SSL check results of roeder.cx

NEW You can also bulk check multiple servers.

Discover if the mail servers for roeder.cx can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 11 Dec 2017 15:28:54 +0000

The mailservers of roeder.cx can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @roeder.cx addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.roeder.cx
2a02:a00:e004:41::2
10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13.0 s
mail.roeder.cx
2001:980:5ebc:1:211:32ff:fe59:cf8a
10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12.0 s
mail.roeder.cx
82.161.139.79
10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12.0 s
mail.roeder.cx
188.246.2.198
10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13.0 s

Outgoing Mails

We have received emails from these servers with @roeder.cx sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.roeder.cx (82.161.139.79)
TLSv1.2 AECDH-AES256-SHA
www.roeder.cx (IPv6:2001:980:5ebc:1:211:32ff:fe35:5fbc)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (IPv6:2001:980:5ebc:1:211:32ff:fe59:cf8a)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (IPv6:2a02:a00:e004:41::2)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (188.246.2.198)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (46.41.1.216)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (IPv6:2a02:a00:e00f:fffe::12:4349)
TLSv1.2 AECDH-AES256-SHA

Certificates

First seen at:

*.roeder.cx

Certificate chain
Subject
Organizational Unit (OU)
  • Domain Control Validated
  • PositiveSSL Wildcard
Common Name (CN)
  • *.roeder.cx
Alternative Names
  • *.roeder.cx
  • roeder.cx
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • COMODO CA Limited
Common Name (CN)
  • COMODO RSA Domain Validation Secure Server CA
validity period
Not valid before
2017-07-10
Not valid after
2020-07-09
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
3C:84:C5:D2:43:60:F3:96:87:37:63:A0:01:FB:6E:B3:BB:B5:81:A4:D3:E5:AA:48:CB:1C:AE:BD:76:08:54:51
SHA1
23:EC:7B:36:F0:6B:AF:E8:12:C7:11:CC:9D:A9:84:33:95:59:FD:68
X509v3 extensions
authorityKeyIdentifier
  • keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
subjectKeyIdentifier
  • 9A:DD:FF:32:C7:00:6D:27:80:2C:98:48:08:88:D2:37:88:DE:F6:4A
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://secure.comodo.com/CPS
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.comodoca.com

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.roeder.cx
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid