SSL check results of seznam.cz

NEW You can also bulk check multiple servers.

Discover if the mail servers for seznam.cz can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 15 Jun 2021 18:05:38 +0000

The mailservers of seznam.cz can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @seznam.cz addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.seznam.cz
2a02:598:a::78:42
Results incomplete
10
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx1.seznam.cz
2a02:598:2::42
Results incomplete
10
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx1.seznam.cz
77.75.76.42
Results incomplete
10
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx1.seznam.cz
77.75.78.42
Results incomplete
10
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx2.seznam.cz
2a02:598:a::78:32
20
supported
mx2.seznam.cz
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
10 s
mx2.seznam.cz
2a02:598:2::32
20
supported
mx2.seznam.cz
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
10 s
mx2.seznam.cz
77.75.76.32
20
supported
mx2.seznam.cz
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
10 s
mx2.seznam.cz
77.75.78.32
20
supported
mx2.seznam.cz
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
10 s

Outgoing Mails

We have received emails from these servers with @seznam.cz sender addresses. Test mail delivery

Host TLS Version & Cipher
unknown (103.99.1.130)
Insecure - not encrypted!

Certificates

First seen at:

CN=mx2.seznam.cz

Certificate chain
  • mx2.seznam.cz
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • DST Root CA X3 (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption

Subject
Common Name (CN)
  • mx2.seznam.cz
Alternative Names
  • mx2.seznam.cz
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2021-04-20
Not valid after
2021-07-19
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
29:6D:D9:08:65:DA:41:94:B2:09:34:9C:19:0F:07:12:09:41:6D:3D:10:92:35:32:C7:07:B4:34:42:01:77:46
SHA1
15:D8:80:03:90:D7:30:AF:48:B9:9A:42:25:23:72:26:D6:36:B9:D4
X509v3 extensions
subjectKeyIdentifier
  • DB:54:E1:E8:94:FA:B0:8C:AF:87:CD:49:C7:0D:DE:3A:E1:8C:51:B5
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
  • 37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
  • Timestamp : Apr 20 15:01:04.573 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F6:14:6C:E4:86:BC:FD:01:E8:9B:A6:
  • E2:53:76:47:0A:44:68:B6:28:B8:66:43:F9:63:99:AE:
  • 9D:04:17:77:B8:02:20:13:7E:52:BC:41:2C:D0:C5:BC:
  • 31:60:E2:B1:B8:F8:2D:40:39:41:D3:43:3C:8C:AD:D6:
  • 38:AE:E4:48:3A:43:2D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Apr 20 15:01:04.659 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:3A:5C:E4:30:F8:4E:8F:81:AC:C5:07:53:
  • 23:70:51:0B:C7:E0:34:ED:12:F7:79:CA:0E:89:D5:D1:
  • 50:BA:87:FB:02:20:70:5E:9D:09:B5:5A:23:60:FF:50:
  • 74:6A:5F:28:D6:02:36:91:6B:4A:E5:35:AA:D8:79:A8:
  • 1F:60:E4:77:A5:4B