SSL-Tools

SSL check results of t-online.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for t-online.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 13 Dec 2019 22:32:03 +0000

The mailservers of t-online.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @t-online.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx02.t-online.de
194.25.134.9
 10
supported
mx.t-online.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11 s
mx01.t-online.de
194.25.134.72
 10
supported
mx.t-online.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11 s
mx00.t-online.de
194.25.134.8
 10
supported
mx.t-online.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11 s
mx03.t-online.de
194.25.134.73
 10
supported
mx.t-online.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
11 s

Outgoing Mails

We have received emails from these servers with @t-online.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mailout12.t-online.de (194.25.134.22)
TLSv1.2 AECDH-AES256-SHA
mailout05.t-online.de (194.25.134.82)
TLSv1.2 AECDH-AES256-SHA
mailout11.t-online.de (194.25.134.85)
TLSv1.2 AECDH-AES256-SHA
mailout03.t-online.de (194.25.134.81)
TLSv1.2 AECDH-AES256-SHA
mailout07.t-online.de (194.25.134.83)
TLSv1.2 AECDH-AES256-SHA
mailout06.t-online.de (194.25.134.19)
Insecure - not encrypted!
mailout08.t-online.de (194.25.134.20)
TLSv1.2 AECDH-AES256-SHA
mailout04.t-online.de (194.25.134.18)
Insecure - not encrypted!
mailout02.t-online.de (194.25.134.17)
TLSv1.2 AECDH-AES256-SHA
mailout09.t-online.de (194.25.134.84)
TLSv1.2 AECDH-AES256-SHA
mailout01.t-online.de (194.25.134.80)
TLSv1.2 AECDH-AES256-SHA
mailout10.t-online.de (194.25.134.21)
TLSv1.2 AECDH-AES256-SHA
smtprelay06.ispgateway.de (80.67.31.101)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail.hellhoff.net (81.169.159.206)
TLSv1 ADH-AES256-SHA
unknown (IPv6:2001:41d0:52:e00::211)
Insecure - not encrypted!
amber.md (188.138.167.230)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
host81-149-56-102.in-addr.btopenworld.com (81.149.56.102)
TLSv1.2 AECDH-AES256-SHA
mail.wkom.net (87.140.15.151)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
unknown (113.193.180.60)
TLSv1.2 AECDH-AES256-SHA
hwsrv-592471.hostwindsdns.com (IPv6:2607:5500:3000:67b::2)
Insecure - not encrypted!
hwsrv-592471.hostwindsdns.com (142.11.243.203)
Insecure - not encrypted!
unknown (IPv6:2a0d:7c40:3000:a1::2)
Insecure - not encrypted!

Certificates

First seen at:

CN=mx.t-online.de,L=Darmstadt,ST=Hessen,OU=NSO-DS,O=Deutsche Telekom AG,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom AG
Organizational Unit (OU)
  • NSO-DS
State (ST)
  • Hessen
Locality (L)
  • Darmstadt
Common Name (CN)
  • mx.t-online.de
Alternative Names
  • mx.t-online.de
  • mx00.t-online.de
  • mx01.t-online.de
  • mx02.t-online.de
  • mx03.t-online.de
Issuer
Country (C)
  • DE
Organization (O)
  • T-Systems International GmbH
Organizational Unit (OU)
  • T-Systems Trust Center
State (ST)
  • Nordrhein Westfalen
Postal code
  • 57250
Locality (L)
  • Netphen
Street
  • Untere Industriestr. 20
Common Name (CN)
  • TeleSec ServerPass Class 2 CA
validity period
Not valid before
2019-02-15
Not valid after
2021-02-20
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
30:91:FC:B3:7F:73:9A:C9:11:BA:16:FD:50:85:2E:A6:90:9C:F7:F9:50:D7:FA:89:59:C6:D1:41:B3:5B:78:AD
SHA1
3B:79:D2:37:76:87:0A:49:1C:85:D3:88:E1:54:3B:78:94:7B:54:C4
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:C8:74:46:F5:3A:B4:46:48:26:F8:2B:CA:34:1E:56:26:04:12:00
subjectKeyIdentifier
  • C1:B5:5A:D8:D7:61:79:69:93:0A:FE:74:3B:D3:D6:0F:1F:C1:99:CF
certificatePolicies
  • Policy: 1.3.6.1.4.1.7879.13.23.1
  • CPS: http://www.telesec.de/serverpass/cps.html
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverpass.telesec.de/rl/ServerPass_Class_2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
  • CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_Class_2_CA.cer
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Feb 15 08:15:41.322 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:0A:7B:64:AA:59:E0:15:9F:45:90:76:01:
  • 17:87:BC:BA:0B:BD:8A:65:DB:98:9F:83:FD:04:07:AB:
  • CD:D2:A2:03:02:21:00:CE:F2:6C:97:67:84:63:F3:65:
  • 6B:87:72:49:46:5F:AD:0B:20:E3:46:F8:9E:4B:3A:38:
  • 53:60:B9:68:A0:33:EB
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Feb 15 08:15:41.728 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:7E:D0:6A:8E:07:E8:91:C8:56:48:EB:1B:
  • 3E:99:C8:0A:21:BF:0C:16:ED:1B:8D:41:50:7E:CB:C4:
  • A5:16:52:D1:02:20:0E:CE:CE:42:27:3C:71:29:1C:66:
  • 50:C0:36:E3:D3:7D:00:D5:2C:57:7F:85:9A:C1:A5:04:
  • 48:5B:12:6A:C1:76
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Feb 15 08:15:41.163 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:FC:BA:E7:0A:E6:B2:6E:32:59:E7:29:
  • C0:DA:51:16:22:E0:29:C9:C5:FD:10:3E:90:5C:73:60:
  • 44:0E:51:DE:9B:02:21:00:B9:06:0D:91:68:38:9C:00:
  • BB:C7:17:44:8B:D0:30:E0:A7:17:F6:96:40:17:12:A3:
  • E0:3F:B5:9E:E4:A7:B9:86
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
  • 38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
  • Timestamp : Feb 15 08:15:41.163 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:AF:93:62:FA:EA:7C:9A:25:F2:59:69:
  • BD:84:F2:C6:27:36:59:60:4E:CF:E6:DF:A3:83:2B:03:
  • 0F:78:DE:19:8C:02:20:50:6B:5D:C4:7B:DE:D2:38:21:
  • 44:84:78:80:43:E4:7B:99:59:CC:F6:AA:ED:11:30:64:
  • 95:C6:43:D6:92:99:C1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : Feb 15 08:15:41.156 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:19:FA:97:62:6B:44:F2:8A:E5:C6:9B:3D:
  • E3:84:55:79:74:E6:5D:DB:B2:97:44:81:93:30:CB:9B:
  • 44:03:EF:F8:02:21:00:9A:F8:1C:46:53:90:15:64:12:
  • 0A:C5:DD:13:C3:CA:F6:19:10:EE:DD:81:5C:E3:0F:8B:
  • A1:F5:9F:1D:DF:5A:8E