SSL check results of stassi.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for stassi.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 15 May 2024 16:08:08 +0000

The mailservers of stassi.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @stassi.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.serv-cloud.com
2a01:4f8:1c1b:8ff7::1
10
supported
mx1.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
8 s
mx1.serv-cloud.com
128.140.33.171
10
supported
mx1.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx2.serv-cloud.com
2a01:4f9:c011:a59c::1
10
supported
mx2.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
10 s
mx2.serv-cloud.com
95.216.170.227
10
supported
mx2.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
8 s

Outgoing Mails

We have received emails from these servers with @stassi.ch sender addresses. Test mail delivery

Host TLS Version & Cipher
mx2.serv.site (78.46.240.96)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx1.serv-cloud.com

Certificate chain
  • mx1.serv-cloud.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • mx1.serv-cloud.com
Alternative Names
  • mx1.serv-cloud.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-28
Not valid after
2024-06-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
BB:3B:DB:48:CD:A7:59:BC:67:CD:03:4C:73:E3:85:A5:48:89:02:45:6C:F0:55:46:AD:A9:04:4C:B9:04:36:DF
SHA1
A2:8F:18:91:7B:D9:CB:2E:87:4B:4A:8D:C8:D1:A7:A1:6E:2D:B0:EC
X509v3 extensions
subjectKeyIdentifier
  • 48:A0:4C:E3:99:16:AE:5D:DA:B4:21:F8:84:0C:57:C9:46:E4:85:C2
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Mar 28 20:04:52.174 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:4F:44:89:42:51:CF:9E:F9:65:C1:50:D0:
  • 89:EB:73:66:33:25:95:B8:EA:0B:FE:18:21:16:DB:EF:
  • B2:CE:F6:1C:02:20:3F:6C:48:F3:C7:C7:CC:07:47:96:
  • 34:79:BC:E1:F2:1A:CB:D9:58:45:F2:89:DD:FE:49:AC:
  • AC:5D:82:9B:3F:D3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Mar 28 20:04:52.183 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:81:E8:2C:9F:A2:38:86:24:CE:9A:F1:
  • 6A:F3:DB:23:5D:CF:58:F5:86:DD:8C:EB:59:1C:EE:88:
  • AF:26:D9:2B:49:02:21:00:A2:F2:10:54:4A:B5:40:0A:
  • 64:D8:AA:ED:9E:BC:54:C5:F4:AE:9F:E8:1F:4C:4A:B2:
  • A8:B2:53:CA:0A:92:79:56
First seen at:

CN=mx2.serv-cloud.com

Certificate chain
  • mx2.serv-cloud.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption

      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption

          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption

Subject
Common Name (CN)
  • mx2.serv-cloud.com
Alternative Names
  • mx2.serv-cloud.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-28
Not valid after
2024-06-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
57:F9:28:99:6A:A8:C7:4F:F8:1D:77:E8:93:96:AE:98:CF:68:15:25:ED:E1:C2:11:F8:62:D7:07:D7:4E:38:4F
SHA1
D3:03:C8:F1:40:58:5E:8A:4A:8D:3D:35:A8:E1:54:5D:A2:59:19:E5
X509v3 extensions
subjectKeyIdentifier
  • 9E:C8:B9:4B:3F:95:44:4C:2D:34:63:89:A7:11:1A:1B:41:26:92:64
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Mar 28 20:05:53.717 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:32:67:8D:2C:53:27:C3:43:2E:BF:87:AE:
  • 84:CF:45:24:42:C4:3C:6A:64:D2:C9:D4:7A:C3:7E:35:
  • 5A:FD:61:5E:02:20:4E:DF:16:87:83:9C:D4:B6:58:4C:
  • 98:88:8D:E2:23:A6:A9:3D:B8:7D:70:A5:99:B6:0E:C4:
  • CC:4F:EE:E3:F6:E1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
  • 65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
  • Timestamp : Mar 28 20:05:53.641 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:BC:AF:BF:4A:E8:79:15:84:4C:D3:CA:
  • C1:36:69:95:11:46:DB:1D:A6:E3:3B:E2:15:F7:A4:5F:
  • 59:AA:75:F6:E0:02:21:00:AA:36:02:9B:57:51:05:16:
  • BD:5D:45:65:EA:93:19:C7:5F:D7:39:15:D5:74:48:F8:
  • 0B:B9:7C:FE:F5:CF:48:48

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.serv-cloud.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx1.serv-cloud.com
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx2.serv-cloud.com
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx2.serv-cloud.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid