SSL-Tools

SSL check results of route2.mx.cloudflare.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for route2.mx.cloudflare.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 02 Apr 2026 12:46:21 +0000

We can not guarantee a secure connection to the mailservers of route2.mx.cloudflare.net!

Please contact the operator of route2.mx.cloudflare.net and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/route2.mx.cloudflare.net

Servers

Incoming Mails

These servers are responsible for incoming mails to @route2.mx.cloudflare.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
route2.mx.cloudflare.net
162.159.205.19
 -
supported
*.mx.cloudflare.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
route2.mx.cloudflare.net
162.159.205.18
 -
supported
*.mx.cloudflare.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
route2.mx.cloudflare.net
162.159.205.17
 -
supported
*.mx.cloudflare.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
route2.mx.cloudflare.net
2606:4700:f5::10
Results incomplete
-
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
route2.mx.cloudflare.net
2606:4700:f5::f
Results incomplete
-
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s
route2.mx.cloudflare.net
2606:4700:f5::e
Results incomplete
-
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
1 s

Outgoing Mails

We have not received any emails from a @route2.mx.cloudflare.net address so far. Test mail delivery

Certificates

First seen at:

CN=*.mx.cloudflare.net,O=Cloudflare\, Inc.,L=San Francisco,ST=California,C=US

Certificate chain
Subject
Country (C)
  • US
State (ST)
  • California
Locality (L)
  • San Francisco
Organization (O)
  • Cloudflare, Inc.
Common Name (CN)
  • *.mx.cloudflare.net
Alternative Names
  • *.mx.cloudflare.net
  • mx.cloudflare.net
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • DigiCert Global G2 TLS RSA SHA256 2020 CA1
validity period
Not valid before
2025-12-09
Not valid after
2026-12-08
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
Fingerprints
SHA256
FF:D7:C0:21:68:9D:51:A9:A8:A5:DF:7D:45:2C:45:8C:A0:D8:DC:17:43:EA:B6:02:49:01:CA:1A:2C:EE:44:EC
SHA1
A4:4F:DC:43:6C:83:17:FA:BA:1D:95:63:E0:1C:DA:4E:24:5B:DB:E7
X509v3 extensions
authorityKeyIdentifier
  • keyid:74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
subjectKeyIdentifier
  • 40:2D:FB:66:47:9F:79:B0:3B:16:62:C0:40:0D:1F:36:0E:58:05:9E
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
  • Full Name:
  • URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D8:09:55:3B:94:4F:7A:FF:C8:16:19:6F:94:4F:85:AB:
  • B0:F8:FC:5E:87:55:26:0F:15:D1:2E:72:BB:45:4B:14
  • Timestamp : Dec 9 12:20:10.977 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:63:FB:FA:2E:20:7E:E2:D3:5F:A3:E3:9B:
  • 9E:CE:2B:FC:85:C8:6B:B4:C0:8E:03:2B:72:93:3C:E5:
  • 19:42:13:41:02:21:00:CC:6A:DD:9C:F4:0A:57:19:90:
  • 5F:A3:44:3B:7B:9B:77:81:5F:8C:0F:D2:A4:E8:1A:F6:
  • 03:E4:42:15:FF:1B:BC
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : C8:A3:C4:7F:C7:B3:AD:B9:35:6B:01:3F:6A:7A:12:6D:
  • E3:3A:4E:43:A5:C6:46:F9:97:AD:39:75:99:1D:CF:9A
  • Timestamp : Dec 9 12:20:10.953 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F1:0E:EA:21:A8:93:19:CA:D1:39:1A:
  • 0B:3D:51:3F:C4:D5:6C:0E:7A:5B:48:31:C0:5E:85:00:
  • C9:6A:F4:D6:2A:02:20:1A:A9:BA:D2:01:3F:E8:DC:81:
  • 04:34:D5:C7:2C:7D:3A:58:E0:91:BD:3C:C1:F7:C3:20:
  • 6C:58:4A:FC:03:B0:72
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : C2:31:7E:57:45:19:A3:45:EE:7F:38:DE:B2:90:41:EB:
  • C7:C2:21:5A:22:BF:7F:D5:B5:AD:76:9A:D9:0E:52:CD
  • Timestamp : Dec 9 12:20:10.965 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:D1:75:D6:06:E7:A4:48:7D:59:6B:30:
  • 9A:48:99:74:42:44:20:6B:AD:B5:22:82:39:F2:42:2D:
  • 04:2E:EF:B0:F3:02:21:00:B5:E5:92:E9:22:B2:59:7A:
  • E6:7B:C4:6E:2D:9F:0B:4E:3E:E8:BB:7D:80:05:FF:04:
  • 84:2D:92:F8:E9:D6:0A:4F

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.route2.mx.cloudflare.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.route2.mx.cloudflare.net
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.route2.mx.cloudflare.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid