SSL check results of gandi.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for gandi.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 07 Sep 2020 12:25:30 +0000

The mailservers of gandi.net can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gandi.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail12.gandi.net
2001:4b98:dc4:5:ae1f:6bff:fe2d:9fdc
10
supported
pop.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mail12.gandi.net
217.70.182.73
10
supported
pop.gandi.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mail8.gandi.net
2001:4b98:dc2:90:217:70:186:186
Results incomplete
30
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mail8.gandi.net
217.70.186.186
Results incomplete
30
supported
not checked
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @gandi.net address so far. Test mail delivery

Certificates

First seen at:

CN=pop.gandi.net

Certificate chain
Subject
Common Name (CN)
  • pop.gandi.net
Alternative Names
  • pop.gandi.net
  • mail10.gandi.net
  • mail12.gandi.net
  • mail4.gandi.net
  • mail8.gandi.net
  • smtp.gandi.net
Issuer
Country (C)
  • FR
State (ST)
  • Paris
Locality (L)
  • Paris
Organization (O)
  • Gandi
Common Name (CN)
  • Gandi Standard SSL CA 2
validity period
Not valid before
2020-07-28
Not valid after
2021-07-28
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
00:67:1B:DF:58:FD:57:24:54:81:FD:7A:4A:32:21:73:C6:9D:F3:45:D7:00:44:E0:97:F6:66:77:17:A1:E7:50
SHA1
BA:29:9F:43:EE:4D:12:1B:A1:21:F0:08:00:62:D5:E4:82:8D:C4:76
X509v3 extensions
authorityKeyIdentifier
  • keyid:B3:90:A7:D8:C9:AF:4E:CD:61:3C:9F:7C:AD:5D:7F:41:FD:69:30:EA
subjectKeyIdentifier
  • C1:A8:C0:EF:51:0E:FA:F4:BC:05:64:18:4A:E3:F1:94:52:5D:0C:9A
certificatePolicies
  • Policy: 1.3.6.1.4.1.6449.1.2.2.26
  • CPS: https://cps.usertrust.com
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://crl.usertrust.com/GandiStandardSSLCA2.crl
authorityInfoAccess
  • CA Issuers - URI:http://crt.usertrust.com/GandiStandardSSLCA2.crt
  • OCSP - URI:http://ocsp.usertrust.com
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Jul 28 09:36:06.912 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:44:00:2A:E7:DB:C6:8E:E8:60:3D:8A:2A:
  • 16:DC:7D:91:46:69:84:F8:D2:5A:E4:C7:93:8F:6D:B2:
  • 24:80:DA:35:02:20:51:C0:B3:DE:D5:AA:06:05:54:01:
  • 23:18:8A:85:C8:4D:96:3E:93:7A:C6:F0:6D:CF:E0:FD:
  • 70:72:C4:E9:C0:A7
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
  • D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
  • Timestamp : Jul 28 09:36:07.065 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:47:24:F9:37:34:C9:27:B5:7C:41:87:78:
  • 19:7A:CB:C6:6D:94:9B:C4:1C:5B:07:D8:3C:4B:5F:95:
  • 53:83:A2:66:02:20:0A:2E:A8:27:00:83:34:14:F1:07:
  • FA:03:C5:AB:6B:85:10:00:4F:35:62:62:48:6B:29:C5:
  • 9B:2B:3E:2F:C1:EA