SSL-Tools

SSL check results of ggi-spermex.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ggi-spermex.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 29 May 2020 11:34:15 +0000

The mailservers of ggi-spermex.de can be reached through an encrypted connection.

However, we found problems that may affect the security.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ggi-spermex.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.ggi-spermex.de
217.91.138.48
 100
supported
SPE-ADEX01.spermex.local
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
6 s

Outgoing Mails

We have received emails from these servers with @ggi-spermex.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mail.ggi.de (195.243.221.46)
TLSv1.2 ECDHE-RSA-AES256-SHA384
smtprelay04.ispgateway.de (80.67.31.42)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=SPE-ADEX01.spermex.local

Certificate chain
  • SPE-ADEX01.spermex.local
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Hostname Mismatch
    • Unknown Authority
      spermex-SPE-ADEX01-CA-1
Subject
Common Name (CN)
  • SPE-ADEX01.spermex.local
Alternative Names
  • othername:<unsupported>
  • SPE-ADEX01.spermex.local
Issuer
Domain Component (DC)
  • local
  • spermex
Common Name (CN)
  • spermex-SPE-ADEX01-CA-1
validity period
Not valid before
2019-12-29
Not valid after
2020-12-28
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
F7:B1:E0:1C:31:09:CB:24:DC:36:8A:F6:6F:2A:2C:3E:3E:9A:50:39:58:54:58:E9:3E:49:0F:A4:74:54:B5:2E
SHA1
9C:6B:2A:D5:90:88:1F:26:BB:6D:0E:FB:69:72:5D:49:70:35:27:9E
X509v3 extensions
1_3_6_1_4_1_311_20_2
  • . .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
SMIME-CAPS
  • 0i0...*.H.. ......0...*.H.. ......0...`.H.e...*0...`.H.e...-0...`.H.e....0...`.H.e....0...+....0
  • ..*.H.. ..
subjectKeyIdentifier
  • 47:B5:81:39:7D:54:1E:52:D6:A8:83:F6:CF:B1:5B:DB:75:44:55:56
authorityKeyIdentifier
  • keyid:41:C3:65:8E:F4:03:F5:56:5F:29:1D:BE:09:64:64:9C:CE:7C:04:92
crlDistributionPoints
  • Full Name:
  • URI:ldap:///CN=spermex-SPE-ADEX01-CA-1,CN=SPE-ADEX01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=spermex,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
authorityInfoAccess
  • CA Issuers - URI:ldap:///CN=spermex-SPE-ADEX01-CA-1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=spermex,DC=local?cACertificate?base?objectClass=certificationAuthority