SSL-Tools

SSL check results of gandi.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for gandi.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 10 Nov 2023 18:05:39 +0000

The mailservers of gandi.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gandi.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail12.gandi.net
2001:4b98:dc4:5:ae1f:6bff:fe2d:9fdc
 10
supported
pop.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mail12.gandi.net
217.70.182.73
 10
supported
pop.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mail8.gandi.net
2001:4b98:dc2:90:217:70:186:186
 30
supported
mail8.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12 s
mail8.gandi.net
217.70.186.186
 30
supported
mail8.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
13 s

Outgoing Mails

We have not received any emails from a @gandi.net address so far. Test mail delivery

Certificates

First seen at:

CN=pop.gandi.net

Certificate chain
Subject
Common Name (CN)
  • pop.gandi.net
Alternative Names
  • pop.gandi.net
  • mail10.gandi.net
  • mail12.gandi.net
  • mail4.gandi.net
  • mail8.gandi.net
  • smtp.gandi.net
Issuer
Country (C)
  • FR
State (ST)
  • Paris
Locality (L)
  • Paris
Organization (O)
  • Gandi
Common Name (CN)
  • Gandi Standard SSL CA 2
validity period
Not valid before
2023-07-06
Not valid after
2024-07-30
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
7B:D4:9E:E5:63:35:35:3F:60:8C:3C:0C:94:17:32:9B:5F:90:13:47:1E:E5:60:46:F1:C3:DA:2A:74:FF:FC:AF
SHA1
9F:B7:D6:0B:5B:E3:05:B5:65:80:B7:C6:39:8C:8D:6F:FD:31:23:05
X509v3 extensions
authorityKeyIdentifier
  • keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
subjectKeyIdentifier
  • B1:C8:03:97:15:27:6A:03:D3:69:4D:29:63:54:CD:91:93:3C:06:50
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.26
  • CPS: https://cps.usertrust.com
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
  • OCSP - URI:http://ocsp.usertrust.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Jul 6 14:27:19.414 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:76:E9:AF:E9:BD:BA:6D:CB:4D:56:72:8B:
  • FB:C1:33:92:3F:F9:A1:13:E5:5A:95:AA:A1:76:5A:52:
  • 9D:7D:05:8E:02:21:00:F0:CB:F8:17:FD:94:22:9E:0B:
  • 5F:5D:C0:A7:1B:BC:5E:DC:9B:E9:36:A3:50:9B:B1:74:
  • 46:D3:BC:8C:23:B9:36
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Jul 6 14:27:19.508 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:D2:A8:60:28:F3:EB:0B:49:B5:9D:C4:
  • E9:67:D1:BD:90:DC:A5:FB:9D:43:A5:23:0E:76:93:2C:
  • A5:12:EF:1B:77:02:20:05:3F:18:F6:D2:5F:4A:16:94:
  • C6:DA:E8:2A:65:7F:96:49:D3:84:E1:0F:A9:B2:1A:66:
  • 89:64:3E:3B:E5:E8:57
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Jul 6 14:27:19.453 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:7F:9C:30:5E:CB:79:0F:5E:00:53:F5:84:
  • 38:21:AE:59:3C:6C:1E:05:A6:7C:04:86:45:A0:AB:48:
  • 2F:15:15:62:02:20:76:AA:4E:97:AF:22:10:F5:6A:3E:
  • B9:A6:23:D0:45:D4:DF:EA:7F:C9:CA:2C:F8:C1:E4:5A:
  • 1C:E9:3D:EC:95:EF
First seen at:

CN=mail8.gandi.net

Certificate chain
Subject
Common Name (CN)
  • mail8.gandi.net
Alternative Names
  • mail8.gandi.net
  • www.mail8.gandi.net
Issuer
Country (C)
  • FR
State (ST)
  • Paris
Locality (L)
  • Paris
Organization (O)
  • Gandi
Common Name (CN)
  • Gandi Standard SSL CA 2
validity period
Not valid before
2023-06-05
Not valid after
2024-07-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
DC:15:73:2F:D5:71:0D:22:0A:3A:67:0E:C4:3A:49:48:A1:99:72:19:DA:C4:2F:BC:45:8B:80:52:4A:2E:94:7A
SHA1
EC:8D:F7:86:53:D4:97:1C:8D:D0:15:52:9C:58:F6:EE:A3:4F:D0:63
X509v3 extensions
authorityKeyIdentifier
  • keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
subjectKeyIdentifier
  • 1E:84:37:B5:5A:2A:E8:4A:78:A1:B4:BD:D7:AD:2B:49:C5:A4:E5:B0
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.26
  • CPS: https://cps.usertrust.com
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
  • OCSP - URI:http://ocsp.usertrust.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Jun 5 10:18:53.205 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:07:0C:32:AF:B5:84:93:76:37:B5:64:0C:
  • 3B:57:05:64:DF:50:07:98:60:73:A0:AC:1B:8F:44:7F:
  • ED:CF:60:D3:02:21:00:B8:20:BF:69:45:2B:1B:09:F4:
  • C5:86:60:0A:B7:81:5D:EF:33:D0:ED:86:39:AC:31:75:
  • AA:45:A5:89:95:6F:CC
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Jun 5 10:18:53.300 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:A6:77:C8:49:81:CB:52:54:72:FF:85:
  • 48:45:62:7D:B1:D0:B5:39:7D:57:B6:59:CC:FC:3F:01:
  • CD:E0:20:F0:D6:02:20:61:A3:CF:AC:99:5C:DC:A7:9A:
  • CB:98:6C:E0:B9:86:26:4A:76:D2:10:E0:BB:77:37:50:
  • D6:63:2A:44:39:C2:1E
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Jun 5 10:18:53.248 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8C:D1:F6:4F:2D:E8:3A:62:31:DF:25:
  • 63:7B:E5:EC:E5:B8:3A:3F:97:3A:AE:EA:02:E3:9F:82:
  • 9B:3D:92:A8:BF:02:20:68:FA:1C:24:AF:7D:BA:9A:B6:
  • C3:DD:00:EA:8A:5B:CD:16:D5:F2:A0:7F:4C:C7:6C:25:
  • F4:51:C9:FD:92:D1:1A