SSL-Tools

SSL check results of xcn.li

NEW You can also bulk check multiple servers.

Discover if the mail servers for xcn.li can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 29 Jan 2026 20:12:14 +0000

The mailservers of xcn.li can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @xcn.li addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.xcn.li
2a0e:97c0:3ea:118::1
 0
supported
*.xcn.li
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
6 s
mail.xcn.li
45.137.70.43
 0
supported
*.xcn.li
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
6 s

Outgoing Mails

We have received emails from these servers with @xcn.li sender addresses. Test mail delivery

Host TLS Version & Cipher
smtp-42ae.mail.infomaniak.ch (84.16.66.174)
TLSv1.3 TLS_AES_256_GCM_SHA384
xcn.li (103.158.223.168)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=*.xcn.li

Certificate chain
  • *.xcn.li
    • remaining
    • 256 bit
    • ecdsa-with-SHA384
      • E7
        • remaining
        • 384 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • *.xcn.li
Alternative Names
  • *.xcn.li
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • E7
validity period
Not valid before
2026-01-22
Not valid after
2026-04-22
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
20:F2:9A:B1:8E:AF:BD:90:FB:BC:F1:21:9E:7E:66:E2:4A:F0:19:70:B1:98:A0:3C:CD:13:81:77:D7:0C:EB:62
SHA1
F7:AC:87:FC:E3:05:45:29:05:C0:1D:3C:B3:6A:F9:94:13:16:AC:84
X509v3 extensions
subjectKeyIdentifier
  • 25:2B:A1:3E:9A:3F:BE:0C:A5:25:67:36:D7:3B:8A:1C:64:67:87:47
authorityKeyIdentifier
  • keyid:AE:48:9E:DC:87:1D:44:A0:6F:DA:A2:E5:60:74:04:78:C2:9C:00:80
authorityInfoAccess
  • CA Issuers - URI:http://e7.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://e7.c.lencr.org/24.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
  • F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
  • Timestamp : Jan 22 07:57:22.182 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:12:D1:70:D3:76:89:DE:AF:19:05:D3:07:
  • F4:D2:03:3F:EF:8F:21:AD:3D:50:39:96:2B:21:3D:80:
  • 90:6B:8B:86:02:20:2F:1B:A7:F4:D6:D3:FC:CF:A5:96:
  • 32:39:CE:0C:EE:C9:D1:AB:56:01:18:5B:31:1E:1E:E8:
  • 63:BF:4B:17:F7:FC
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A5:C9:78:92:5D:57:46:17:82:87:0D:D8:89:66:0B:5C:
  • 55:64:8B:7D:00:40:F2:EC:07:68:51:D1:88:69:19:F7
  • Timestamp : Jan 22 07:57:22.831 2026 GMT
  • Extensions: 00:00:05:00:2F:BA:C3:E2
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:86:56:BD:B9:91:88:29:96:1C:B8:9F:
  • 65:E0:FE:8A:A8:58:9F:90:D7:D4:2F:4C:87:99:A9:CA:
  • 8C:EE:2E:B4:5F:02:21:00:AA:4D:CE:97:2D:8E:12:B4:
  • 0E:99:6D:BA:02:17:90:16:13:C6:F9:21:ED:5D:C2:2E:
  • 89:62:EE:87:BD:9D:AE:DB

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.xcn.li
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid