SSL-Tools

SSL check results of stassi.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for stassi.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 09 Jul 2024 18:31:41 +0000

The mailservers of stassi.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @stassi.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.serv-cloud.com
2a01:4f8:1c1b:8ff7::1
 10
supported
mx1.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx1.serv-cloud.com
128.140.33.171
 10
supported
mx1.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx2.serv-cloud.com
2a01:4f9:c011:a59c::1
 10
supported
mx2.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx2.serv-cloud.com
95.216.170.227
 10
supported
mx2.serv-cloud.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @stassi.ch sender addresses. Test mail delivery

Host TLS Version & Cipher
mx2.serv.site (78.46.240.96)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx1.serv-cloud.com

Certificate chain
  • mx1.serv-cloud.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx1.serv-cloud.com
Alternative Names
  • mx1.serv-cloud.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-05-28
Not valid after
2024-08-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
49:89:4C:46:98:1F:FF:DE:2D:72:02:2B:55:33:CF:6B:49:93:F2:ED:D9:2E:6D:EB:97:C8:DF:61:F0:76:FF:EE
SHA1
6C:24:86:47:4A:B9:D2:C8:BE:CC:63:A1:BA:B2:14:CA:D8:7D:A3:67
X509v3 extensions
subjectKeyIdentifier
  • 72:D4:72:0B:A8:05:19:19:88:6A:0D:4D:E3:0C:D8:B4:90:4B:33:43
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : May 28 03:22:23.364 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:CB:57:52:C8:D3:5C:1F:5B:A9:54:C7:
  • 0F:78:46:77:A0:4D:15:54:2D:44:BE:B9:1D:B8:FD:39:
  • B1:34:47:AD:1F:02:20:06:A1:A7:C0:D9:C1:00:43:78:
  • 0D:67:B3:BC:A4:AF:AB:5B:05:4A:17:BB:3A:34:97:DF:
  • 8A:60:81:5B:0E:43:B6
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
  • ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
  • Timestamp : May 28 03:22:23.361 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:FA:CC:DC:87:55:6F:74:F2:88:35:DD:
  • CA:46:0F:B4:2A:B0:D0:A9:93:78:41:E9:3F:F8:1C:BD:
  • D6:4F:D8:58:E8:02:21:00:FC:D3:9C:5A:07:BA:DD:5E:
  • B2:1D:07:26:05:8F:2A:B1:4C:45:93:BE:66:E2:D2:3E:
  • C4:97:F1:BA:7A:AE:52:72
First seen at:

CN=mx2.serv-cloud.com

Certificate chain
  • mx2.serv-cloud.com
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mx2.serv-cloud.com
Alternative Names
  • mx2.serv-cloud.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-05-28
Not valid after
2024-08-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
06:63:9A:EF:2E:1B:CE:69:C6:3B:F8:02:71:83:CF:6C:FE:D0:34:E3:51:A3:35:18:A7:B2:53:61:B1:69:9B:A9
SHA1
5D:D6:0F:E9:A7:C5:F8:60:F6:DF:06:BE:E9:B1:F0:CB:CE:64:09:29
X509v3 extensions
subjectKeyIdentifier
  • 07:4D:91:12:75:C1:60:B0:A5:A7:60:58:91:C5:1F:15:F4:31:05:3E
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
  • ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
  • Timestamp : May 28 03:29:19.569 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:35:01:F0:27:10:30:44:BC:B4:60:E7:A5:
  • 86:2F:65:A2:46:F3:DD:9D:EE:56:33:D7:7A:B1:3C:1D:
  • A7:9D:77:68:02:20:3D:26:7E:CC:00:8A:41:AE:8F:D5:
  • 8C:2C:61:9E:22:48:2D:CC:0B:CD:AB:8E:65:14:68:1F:
  • 50:D3:F9:2E:D8:A4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : May 28 03:29:19.566 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:6B:5A:C6:82:DE:41:B5:B2:C0:CF:42:0D:
  • 3C:26:E5:3D:4D:DB:C7:4E:4F:60:B1:BD:2A:60:4B:C3:
  • FE:7E:7C:11:02:20:0B:56:F5:D2:AB:54:C0:BF:0C:F1:
  • F1:8D:6B:34:0C:87:9E:7D:5A:E6:76:35:28:17:F0:41:
  • 55:36:47:78:F3:BB

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.serv-cloud.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx1.serv-cloud.com
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx2.serv-cloud.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx2.serv-cloud.com
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid