SSL-Tools

SSL check results of 20min.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for 20min.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 19 Oct 2020 16:52:55 +0000

The mailservers of 20min.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @20min.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
aspmx.l.google.com
2a00:1450:4013:c01::1a
 1
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
aspmx.l.google.com
172.217.218.27
 1
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
alt1.aspmx.l.google.com
2404:6800:4003:c05::1a
 5
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
18 s
alt1.aspmx.l.google.com
172.253.118.27
 5
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
17 s
alt2.aspmx.l.google.com
2404:6800:4008:c00::1a
 5
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s
alt2.aspmx.l.google.com
108.177.97.27
 5
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
15 s
alt3.aspmx.l.google.com
2607:f8b0:400e:c04::1b
 10
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
8 s
alt3.aspmx.l.google.com
74.125.28.27
 10
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s
alt4.aspmx.l.google.com
2607:f8b0:4003:c0e::1b
 10
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s
alt4.aspmx.l.google.com
173.194.201.27
 10
supported
mx.google.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s

Outgoing Mails

We have not received any emails from a @20min.ch address so far. Test mail delivery

Certificates

First seen at:

CN=mx.google.com,O=Google LLC,L=Mountain View,ST=California,C=US

Certificate chain
  • mx.google.com
    • remaining
    • 256 bit
    • sha256WithRSAEncryption
      • GTS CA 1O1
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • GlobalSign (Certificate is self-signed.)
            • remaining
            • 2048 bit
            • sha1WithRSAEncryption
Subject
Country (C)
  • US
State (ST)
  • California
Locality (L)
  • Mountain View
Organization (O)
  • Google LLC
Common Name (CN)
  • mx.google.com
Alternative Names
  • mx.google.com
  • alt1.aspmx.l.google.com
  • alt1.gmail-smtp-in.l.google.com
  • alt1.gmr-smtp-in.l.google.com
  • alt2.aspmx.l.google.com
  • alt2.gmail-smtp-in.l.google.com
  • alt2.gmr-smtp-in.l.google.com
  • alt3.aspmx.l.google.com
  • alt3.gmail-smtp-in.l.google.com
  • alt3.gmr-smtp-in.l.google.com
  • alt4.aspmx.l.google.com
  • alt4.gmail-smtp-in.l.google.com
  • alt4.gmr-smtp-in.l.google.com
  • aspmx.l.google.com
  • aspmx2.googlemail.com
  • aspmx3.googlemail.com
  • aspmx4.googlemail.com
  • aspmx5.googlemail.com
  • gmail-smtp-in.l.google.com
  • gmr-mx.google.com
  • gmr-smtp-in.l.google.com
  • mx1.smtp.goog
  • mx2.smtp.goog
  • mx3.smtp.goog
  • mx4.smtp.goog
Issuer
Country (C)
  • US
Organization (O)
  • Google Trust Services
Common Name (CN)
  • GTS CA 1O1
validity period
Not valid before
2020-09-22
Not valid after
2020-12-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
Fingerprints
SHA256
21:20:6E:42:E3:7E:7D:E9:D3:C1:09:7A:7D:8A:71:B2:27:D6:BC:78:E6:70:5B:A1:6D:88:B1:26:D7:0C:42:B2
SHA1
62:34:4F:DF:4B:EC:A2:1A:CF:05:D4:68:9C:74:74:C7:18:4E:E5:86
X509v3 extensions
subjectKeyIdentifier
  • E0:56:F8:C1:34:29:72:59:C0:6D:3D:90:19:2C:AA:08:9E:FC:88:9B
authorityKeyIdentifier
  • keyid:98:D1:F8:6E:10:EB:CF:9B:EC:60:9F:18:90:1B:A0:EB:7D:09:FD:2B
authorityInfoAccess
  • OCSP - URI:http://ocsp.pki.goog/gts1o1core
  • CA Issuers - URI:http://pki.goog/gsr2/GTS1O1.crt
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • Policy: 1.3.6.1.4.1.11129.2.5.3
crlDistributionPoints
  • Full Name:
  • URI:http://crl.pki.goog/GTS1O1core.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32:
  • 7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58
  • Timestamp : Sep 22 16:26:02.229 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:81:44:67:DF:B1:EE:46:10:4A:44:72:
  • DD:E7:07:9C:9C:9D:11:75:32:48:40:A0:A2:32:48:7C:
  • C0:04:D2:11:5D:02:20:0A:7E:51:1F:26:75:6C:29:24:
  • 23:42:49:F8:56:CE:4E:38:E0:2C:C3:F4:D4:30:D0:DA:
  • F1:CC:5D:90:A9:5A:F4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
  • 25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
  • Timestamp : Sep 22 16:26:02.232 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:72:3C:35:99:37:FE:E0:DC:75:72:EC:0E:
  • 0A:AF:C7:70:DA:69:99:7E:65:CB:8E:7A:EF:82:3B:F8:
  • D4:2B:4D:93:02:20:6D:A7:50:74:B7:88:11:FC:2B:2A:
  • C5:E0:B1:5A:2E:5C:FC:F2:AB:2A:4F:18:62:26:B6:90:
  • D9:F9:16:B1:86:18