SSL check results of web.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for web.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 02 Aug 2021 15:12:20 +0000

No connection to the mailservers of web.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @web.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-ha03.web.de
212.227.15.17
Results incomplete
100
supported
mx.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx-ha02.web.de
212.227.17.8
Results incomplete
100
supported
mx.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @web.de sender addresses. Test mail delivery

Host TLS Version & Cipher
unknown (IPv6:2a05:8b81:1000:ac::d5e3)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout.web.de (212.227.15.14)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.3)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (217.72.192.78)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.4)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.17.12)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.17.11)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.142)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx.web.de,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • 1&1 Mail & Media GmbH
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Common Name (CN)
  • mx.web.de
Alternative Names
  • mx.web.de
  • mx-ha02.web.de
  • mx-ha03.web.de
  • dhmx01.web.de
  • dhmx02.web.de
Issuer
Country (C)
  • DE
Organization (O)
  • T-Systems International GmbH
Organizational Unit (OU)
  • T-Systems Trust Center
State (ST)
  • Nordrhein Westfalen
Postal code
  • 57250
Locality (L)
  • Netphen
Street
  • Untere Industriestr. 20
Common Name (CN)
  • TeleSec ServerPass Class 2 CA
validity period
Not valid before
2021-06-08
Not valid after
2022-06-13
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
09:12:98:89:C9:04:EA:E8:1A:5A:A7:90:31:82:DB:CC:D1:86:24:E8:1F:8B:B9:78:CA:64:A5:84:3C:C6:3D:C2
SHA1
11:3A:C9:EF:79:6A:74:37:CB:CE:2B:D8:44:33:35:63:2C:AB:D2:48
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:C8:74:46:F5:3A:B4:46:48:26:F8:2B:CA:34:1E:56:26:04:12:00
subjectKeyIdentifier
  • 3E:81:E8:79:4D:BF:1F:05:0D:45:EC:73:EE:0F:FC:1A:45:0C:BB:82
certificatePolicies
  • Policy: 1.3.6.1.4.1.7879.13.23.1
  • CPS: http://docs.serverpass.telesec.de/cps/serverpass.htm
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverpass.telesec.de/rl/ServerPass_Class_2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
  • CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_Class_2_CA.cer
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
  • 11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
  • Timestamp : Jun 8 10:37:11.808 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:19:A0:CF:20:73:A8:75:C0:F7:2C:51:DB:
  • E4:35:9F:C8:3A:50:C7:77:63:B8:8D:A6:7E:4E:D7:74:
  • 29:03:A1:50:02:20:7F:E0:82:FF:61:D0:8F:11:5E:67:
  • FA:05:FE:E7:E9:88:A0:C9:CA:BA:2D:2F:1F:0E:55:03:
  • F6:2C:2F:08:BB:C1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jun 8 10:37:11.868 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6A:2B:70:37:15:3B:CF:E9:A8:44:1D:D1:
  • 10:0D:9A:56:D5:E1:F8:80:69:BF:CF:BE:E2:2F:17:F4:
  • D4:05:10:E1:02:21:00:93:4F:76:81:92:ED:A2:1B:E9:
  • 77:EA:27:5F:D6:F8:CB:95:85:D4:B5:E1:47:F8:1A:0E:
  • A3:37:A0:06:50:74:B8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Jun 8 10:37:11.860 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:51:9E:27:C5:66:3C:48:2A:14:25:03:36:
  • D4:DE:DE:5A:34:05:27:F7:76:6B:4F:6E:36:7C:B6:42:
  • A4:D9:56:72:02:20:62:A8:6B:5C:57:75:01:6D:89:45:
  • 23:34:75:FD:8F:37:EE:DF:41:94:B8:79:19:76:26:2E:
  • 6F:91:46:DA:A1:6A
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Jun 8 10:37:12.112 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:72:B3:A2:6F:4B:F5:83:DC:42:94:BA:C7:
  • B0:5B:F5:86:38:CE:7F:C5:FB:6B:62:AA:FF:3D:24:FD:
  • B1:81:DE:7F:02:21:00:9C:B3:09:29:73:26:CA:1E:B0:
  • 2E:51:B0:72:5E:E5:AE:11:69:DD:EA:C2:8B:D8:12:EC:
  • 7D:2B:CD:30:83:23:71
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
  • 4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
  • Timestamp : Jun 8 10:37:12.424 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:DF:EA:2A:3E:89:23:BC:FB:9A:C6:1F:
  • 44:EF:12:83:64:D5:53:C5:E0:24:03:ED:13:7B:53:58:
  • 2D:FD:8E:40:8B:02:20:7B:05:0B:00:D0:56:1E:28:27:
  • 6C:80:3B:70:F6:48:BC:1F:2C:37:5B:1D:A3:E9:29:1C:
  • F9:FE:3A:E4:42:88:C2
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : Jun 8 10:37:12.435 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:59:FD:77:3D:7C:C6:2C:90:AB:EC:9E:84:
  • F8:EB:4F:D3:60:04:86:41:64:C1:3B:AF:83:47:66:F0:
  • 1E:39:BC:98:02:21:00:FA:33:09:D4:D4:FD:4D:0C:6B:
  • E8:F5:D8:E8:3D:25:84:E8:EE:27:10:D8:1E:E9:91:04:
  • 26:7C:1D:00:17:FA:BC

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-ha03.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx-ha03.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-ha02.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-ha02.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid