SSL check results of roeder.cx

NEW You can also bulk check multiple servers.

Discover if the mail servers for roeder.cx can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 20 Feb 2017 07:41:37 +0000

The mailservers of roeder.cx can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @roeder.cx addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.roeder.cx
2a02:a00:e004:41::2
10
supported
roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13.0 s
mail.roeder.cx
2001:980:5ebc:1:211:32ff:fe59:cf8a
10
supported
roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12.0 s
mail.roeder.cx
82.161.139.79
10
supported
roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12.0 s
mail.roeder.cx
188.246.2.198
10
supported
roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13.0 s

Outgoing Mails

We have received emails from these servers with @roeder.cx sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.roeder.cx (82.161.139.79)
TLSv1.2 AECDH-AES256-SHA
www.roeder.cx (IPv6:2001:980:5ebc:1:211:32ff:fe35:5fbc)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (IPv6:2001:980:5ebc:1:211:32ff:fe59:cf8a)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (IPv6:2a02:a00:e004:41::2)
TLSv1.2 AECDH-AES256-SHA
mail.roeder.cx (188.246.2.198)
TLSv1.2 AECDH-AES256-SHA

Certificates

First seen at:

roeder.cx

Certificate chain
Subject
Country (C)
  • NL
State (ST)
  • Noord-Holland
Locality (L)
  • Naarden
SN
  • Roeder
GN
  • Uwe
Common Name (CN)
  • roeder.cx
Alternative Names
  • roeder.cx
  • *.roeder.cx
Issuer
Country (C)
  • IL
Organization (O)
  • StartCom Ltd.
Organizational Unit (OU)
  • StartCom Certification Authority
Common Name (CN)
  • StartCom Class 2 IV Server CA
validity period
Not valid before
2016-06-05
Not valid after
2018-06-05
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
B5:42:6E:50:B1:8A:38:B0:0D:77:BA:25:62:94:80:A1:14:2B:CA:D0:6B:B7:DA:81:EF:80:0E:BF:DA:B8:DB:71
SHA1
A3:4F:37:E3:68:5D:2D:36:45:31:AE:AC:57:41:D2:F7:F5:01:9F:8E
X509v3 extensions
subjectKeyIdentifier
  • CA:21:B1:FB:E6:54:95:83:78:95:06:45:F1:13:28:56:85:0B:2F:02
authorityKeyIdentifier
  • keyid:94:DE:85:41:2A:A5:D9:45:F6:60:2C:2E:4C:93:09:A6:2C:23:7E:3E
authorityInfoAccess
  • OCSP - URI:http://ocsp.startssl.com
  • CA Issuers - URI:http://aia.startssl.com/certs/sca.server2.crt
crlDistributionPoints
  • Full Name:
  • URI:http://crl.startssl.com/sca-server2.crl
issuerAltName
  • URI:http://www.startssl.com/
certificatePolicies
  • Policy: 2.23.140.1.2.3
  • Policy: 1.3.6.1.4.1.23223.1.2.5
  • CPS: https://www.startssl.com/policy
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1(0)
  • Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:
  • 71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
  • Timestamp : Jun 5 07:41:07.284 2016 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F3:D7:2A:A9:EA:C0:A8:B3:26:EB:65:
  • 97:91:3F:39:19:C3:6E:92:CD:C7:45:B0:F3:C5:3F:1A:
  • 8E:4E:BE:47:CE:02:20:59:B7:EF:EB:2F:78:7F:4C:46:
  • 2A:51:29:80:19:F5:46:D2:98:09:20:EA:87:F8:97:EE:
  • 6B:D6:49:36:F8:F2:E7
  • Signed Certificate Timestamp:
  • Version : v1(0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Jun 5 07:41:08.042 2016 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:27:F9:20:AF:E5:90:C9:40:01:29:C7:87:
  • 76:43:C2:50:64:9C:17:C6:B5:0E:5D:F5:0A:5D:5E:1F:
  • 0B:55:76:36:02:21:00:CA:56:1D:03:F1:4F:93:C5:BC:
  • 5F:54:2C:D9:A0:9B:4C:F9:01:3D:FD:C4:A7:AE:44:47:
  • 7A:55:94:07:59:F8:82

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.roeder.cx
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid