SSL check results of gandi.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for gandi.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Sat, 13 May 2023 10:12:02 +0000

The mailservers of gandi.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gandi.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail12.gandi.net
2001:4b98:dc4:5:ae1f:6bff:fe2d:9fdc
10
supported
pop.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mail12.gandi.net
217.70.182.73
10
supported
pop.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mail8.gandi.net
2001:4b98:dc2:90:217:70:186:186
30
supported
mail8.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12 s
mail8.gandi.net
217.70.186.186
30
supported
mail8.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
12 s

Outgoing Mails

We have not received any emails from a @gandi.net address so far. Test mail delivery

Certificates

First seen at:

CN=pop.gandi.net

Certificate chain
Subject
Common Name (CN)
  • pop.gandi.net
Alternative Names
  • pop.gandi.net
  • mail10.gandi.net
  • mail12.gandi.net
  • mail4.gandi.net
  • mail8.gandi.net
  • smtp.gandi.net
Issuer
Country (C)
  • FR
State (ST)
  • Paris
Locality (L)
  • Paris
Organization (O)
  • Gandi
Common Name (CN)
  • Gandi Standard SSL CA 2
validity period
Not valid before
2022-07-04
Not valid after
2023-07-30
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
06:1C:F6:42:1F:3B:82:93:E3:23:42:AF:A7:48:10:76:30:A5:05:AE:41:6F:67:C2:D8:CC:8F:C2:AA:D5:01:F4
SHA1
0A:4C:B6:2E:59:D0:38:A2:DA:4C:E0:D0:42:A9:82:96:25:72:EA:F4
X509v3 extensions
authorityKeyIdentifier
  • keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
subjectKeyIdentifier
  • 24:10:E1:87:5E:B5:6D:B9:77:3A:7E:84:EB:6B:F8:28:7B:01:8B:2E
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.26
  • CPS: https://cps.usertrust.com
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
  • OCSP - URI:http://ocsp.usertrust.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
  • B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
  • Timestamp : Jul 4 11:08:09.922 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:68:E7:AA:26:FD:1C:2F:60:27:32:ED:49:
  • 6B:CC:25:00:BC:2F:69:35:60:92:AF:2E:2E:07:F8:EA:
  • A1:35:58:F3:02:20:4F:19:02:EC:DD:A1:31:F3:D8:9C:
  • 5B:86:5D:7F:5B:7F:90:C7:6F:14:60:82:15:83:58:A1:
  • 5A:2E:25:5E:EC:E0
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
  • 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
  • Timestamp : Jul 4 11:08:09.943 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:66:F3:AB:BA:7F:47:23:F4:FF:25:2E:D7:
  • 77:F9:8D:C4:96:74:0F:84:D3:CD:0B:09:64:12:E7:C5:
  • A6:17:A9:94:02:20:1B:DE:4D:8A:2E:9A:C0:15:8C:AB:
  • 68:2B:4A:1F:56:35:13:85:4C:9B:4E:77:16:99:6F:07:
  • 56:0F:FF:53:6C:37
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : Jul 4 11:08:09.891 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:19:2A:46:F8:E4:46:29:D5:40:9A:08:4D:
  • F6:63:CA:90:C7:45:7D:D3:0E:4C:D3:A0:0F:86:91:9E:
  • 32:2A:F0:2D:02:20:1C:23:AA:E2:CB:7C:8B:0A:34:2A:
  • A9:5D:B4:CF:36:98:14:9B:74:CD:46:2C:79:C2:DC:B0:
  • E9:A2:4F:19:AA:AC
First seen at:

CN=mail8.gandi.net

Certificate chain
Subject
Common Name (CN)
  • mail8.gandi.net
Alternative Names
  • mail8.gandi.net
  • www.mail8.gandi.net
Issuer
Country (C)
  • FR
State (ST)
  • Paris
Locality (L)
  • Paris
Organization (O)
  • Gandi
Common Name (CN)
  • Gandi Standard SSL CA 2
validity period
Not valid before
2022-06-07
Not valid after
2023-07-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D2:AF:25:F4:C7:95:DA:F3:10:53:2B:08:7B:90:A7:C5:66:F1:72:21:67:AE:36:55:7C:C1:12:1B:CE:51:8B:24
SHA1
9C:3B:F8:83:81:59:19:2E:D8:F8:F5:A2:B5:F9:B8:5A:20:BB:36:D3
X509v3 extensions
authorityKeyIdentifier
  • keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
subjectKeyIdentifier
  • 97:07:EF:C9:F1:51:14:5C:B0:75:C7:8F:CA:58:B9:3E:ED:FE:67:D7
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.26
  • CPS: https://cps.usertrust.com
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
  • OCSP - URI:http://ocsp.usertrust.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
  • B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
  • Timestamp : Jun 7 09:07:33.641 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:8C:84:F0:73:C2:87:F1:DA:88:41:5C:
  • B3:68:02:B0:D0:A4:38:7C:6B:A7:2E:C0:86:F6:EC:45:
  • 5B:CB:F0:3D:53:02:21:00:AA:33:73:EC:72:C9:74:FF:
  • 20:FC:71:8A:FE:7B:7E:08:63:CB:0F:59:F6:F6:6D:44:
  • 5A:93:D8:30:CD:AC:BE:88
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
  • 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
  • Timestamp : Jun 7 09:07:33.583 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:BE:AD:9E:81:E4:2E:12:8F:30:99:7A:
  • C2:37:4B:4F:2F:F8:7B:69:56:2B:3D:35:93:7C:C1:98:
  • E7:8F:76:8D:B2:02:21:00:CC:EC:BF:2F:83:BD:F9:D9:
  • 1F:8B:39:88:DC:01:CB:41:18:3B:13:7E:D7:06:D1:77:
  • A0:F5:56:3F:F6:87:06:A3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : Jun 7 09:07:33.538 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:70:A6:00:1C:9C:31:49:56:01:68:DD:F9:
  • 92:CF:F3:08:9C:E4:38:C1:3E:81:E2:07:EB:D2:D5:DB:
  • D3:94:D0:53:02:20:7C:2D:4E:9A:A5:3C:CB:79:7E:CF:
  • 0B:87:CE:A5:57:E9:D9:38:38:44:58:C2:7C:55:03:4C:
  • 49:FA:4A:FC:9F:1C