SSL-Tools

SSL check results of firemail.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for firemail.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 22 Mar 2025 15:33:47 +0000

The mailservers of firemail.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @firemail.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.firemail.de
188.40.70.221
 10
supported
*.firemail.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @firemail.de sender addresses. Test mail delivery

Host TLS Version & Cipher
firemail.de (88.99.137.45)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
f26.my.com (185.30.177.53)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=*.firemail.de

Certificate chain
Subject
Common Name (CN)
  • *.firemail.de
Alternative Names
  • *.firemail.de
  • firemail.de
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • GlobalSign GCC R6 AlphaSSL CA 2023
validity period
Not valid before
2024-09-30
Not valid after
2025-11-01
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
1E:BB:49:1F:BE:00:D2:E9:70:F9:E4:1F:83:A6:37:17:08:FA:9C:E6:E6:81:45:43:D7:9F:26:08:0F:4E:D6:D3
SHA1
DF:58:53:C0:72:E4:2A:47:16:25:42:12:06:2F:33:9D:F4:29:67:0A
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr6alphasslca2023.crt
  • OCSP - URI:http://ocsp.globalsign.com/gsgccr6alphasslca2023
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.4146.10.1.3
  • CPS: https://www.globalsign.com/repository/
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/gsgccr6alphasslca2023.crl
authorityKeyIdentifier
  • keyid:BD:05:B7:F3:8A:93:3C:73:CB:79:FA:0F:85:12:A1:77:96:18:91:74
subjectKeyIdentifier
  • 28:9F:CA:A7:C7:99:D1:89:9B:21:26:17:78:C5:8D:D7:CD:8B:E2:9E
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
  • F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
  • Timestamp : Sep 30 09:06:45.322 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:EF:33:12:E4:72:89:81:49:9F:36:95:
  • 04:39:06:FD:72:A8:77:F1:4C:B3:10:45:F2:70:37:A9:
  • 91:67:20:CE:AE:02:20:3E:83:7C:FB:87:79:43:E0:3E:
  • A2:E9:92:75:D4:CC:B0:F7:30:57:1C:9C:48:5E:04:AC:
  • B5:78:1E:14:1A:D1:C4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
  • 47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
  • Timestamp : Sep 30 09:06:45.353 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C6:7F:60:A6:EC:AE:72:EF:8C:70:EE:
  • 0D:9A:04:2D:FE:37:83:58:37:9D:C7:01:76:69:56:53:
  • BF:4B:27:77:EE:02:21:00:B6:D3:9F:8B:2A:F4:FE:F3:
  • 19:AD:0B:EE:64:A5:07:47:6F:46:A7:BD:F6:6F:BE:DB:
  • B9:A7:AF:4D:FA:6A:9F:8E
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Sep 30 09:06:45.388 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:74:58:7E:6C:70:72:61:13:CB:12:90:3A:
  • 58:B7:F6:0D:4E:AA:6D:4F:96:DE:EC:D2:3E:34:80:EB:
  • C3:89:54:22:02:20:5C:71:F3:2C:99:53:E9:9A:04:A0:
  • 95:5C:80:A5:D2:9C:F2:C9:BB:34:2F:A7:F5:6D:7B:E3:
  • 38:2D:9A:36:18:9D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.firemail.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid