SSL-Tools

SSL check results of roeder.cx

NEW You can also bulk check multiple servers.

Discover if the mail servers for roeder.cx can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 16 Mar 2021 20:26:01 +0000

The mailservers of roeder.cx can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @roeder.cx addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.roeder.cx
2001:980:5ebc:1:211:32ff:fe59:cf8a
 10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mail.roeder.cx
2a02:a00:e004:41::2
 10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mail.roeder.cx
82.161.139.79
 10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s
mail.roeder.cx
188.246.21.42
 10
supported
*.roeder.cx
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
14 s

Outgoing Mails

We have received emails from these servers with @roeder.cx sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.roeder.cx (82.161.139.79)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

Certificates

First seen at:

CN=*.roeder.cx

Certificate chain
Subject
Common Name (CN)
  • *.roeder.cx
Alternative Names
  • *.roeder.cx
  • roeder.cx
Issuer
Country (C)
  • GB
State (ST)
  • Greater Manchester
Locality (L)
  • Salford
Organization (O)
  • Sectigo Limited
Common Name (CN)
  • Sectigo RSA Domain Validation Secure Server CA
validity period
Not valid before
2020-06-06
Not valid after
2022-07-11
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
2C:32:D3:2E:E7:E8:41:00:B6:D2:B3:93:68:F4:AE:7E:E2:86:C8:5D:0B:7B:BF:36:22:21:14:C0:95:9F:27:1E
SHA1
F0:79:CB:5B:CD:4F:E6:23:3C:2F:A7:C6:E7:CB:DB:FA:E8:83:B0:6D
X509v3 extensions
authorityKeyIdentifier
  • keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
subjectKeyIdentifier
  • 18:A2:34:EA:8C:E9:55:95:89:AB:98:BC:83:CC:C2:9B:74:4E:C0:5B
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.7
  • CPS: https://sectigo.com/CPS
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
  • OCSP - URI:http://ocsp.sectigo.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
  • 11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
  • Timestamp : Jun 6 10:09:56.827 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:7F:3E:39:C8:F2:84:5D:68:41:AD:74:E4:
  • AB:94:0D:FB:0A:81:F4:4E:79:BA:EF:70:C6:E9:3A:E1:
  • 46:B2:77:EB:02:21:00:8F:D8:80:05:89:84:A1:D6:8C:
  • EF:60:EE:2A:94:EC:7B:63:CA:9A:7B:34:5C:A9:24:6C:
  • 1D:EB:DB:AD:5C:D4:A8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DF:A5:5E:AB:68:82:4F:1F:6C:AD:EE:B8:5F:4E:3E:5A:
  • EA:CD:A2:12:A4:6A:5E:8E:3B:12:C0:20:44:5C:2A:73
  • Timestamp : Jun 6 10:09:56.865 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:79:60:E6:C6:E6:2B:81:A4:69:CE:AD:F2:
  • B2:FB:65:E6:46:B7:B6:26:D2:32:6D:14:BE:D7:FA:68:
  • 26:E0:8F:29:02:21:00:E4:36:B3:37:2C:BD:1F:27:90:
  • 76:F9:95:84:10:6F:3F:A5:A1:A0:6A:85:4F:31:3D:C6:
  • CA:92:0B:BF:D7:20:55
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jun 6 10:09:56.825 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:85:B7:B7:C5:A1:3F:63:91:F2:55:FA:
  • 00:6E:CE:61:14:7A:2E:1F:9B:8F:88:D2:78:CA:A4:28:
  • B2:39:3E:28:A4:02:20:65:D3:69:80:21:59:9F:29:AF:
  • 0C:58:9D:19:5D:C8:9E:5A:17:E0:B3:F2:56:E6:BB:A4:
  • 0D:36:31:BD:77:9D:35

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.roeder.cx
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid