SSL-Tools

SSL check results of web.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for web.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON

Checking

Servers

Incoming Mails

These servers are responsible for incoming mails to @web.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-ha03.web.de
212.227.15.17
 100 ... mx.web.de
DANE
PFS
supported
Heartbleed
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
mx-ha02.web.de
212.227.17.8
 100 ... mx.web.de
DANE
PFS
supported
Heartbleed
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3

Outgoing Mails

We have received emails from these servers with @web.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mout.web.de (212.227.15.4)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mout.web.de (212.227.15.14)
Insecure - not encrypted!
mout.web.de (212.227.15.3)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mout.web.de (212.227.17.12)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mout.web.de (212.227.17.11)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mout.web.de (217.72.192.78)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mail-wm0-x22e.google.com (IPv6:2a00:1450:400c:c09::22e)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mout-xforward.web.de (82.165.159.3)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
mout-bounce.web.de (212.227.15.25)
Insecure - not encrypted!
mout.kundenserver.de (212.227.126.134)
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

Certificates

First seen at:

CN=mx.web.de,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • 1&1 Mail & Media GmbH
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Common Name (CN)
  • mx.web.de
Alternative Names
  • mx.web.de
  • mx-ha02.web.de
  • mx-ha03.web.de
  • dhmx01.web.de
  • dhmx02.web.de
Issuer
Country (C)
  • DE
Organization (O)
  • T-Systems International GmbH
Organizational Unit (OU)
  • T-Systems Trust Center
State (ST)
  • Nordrhein Westfalen
Postal code
  • 57250
Locality (L)
  • Netphen
Street
  • Untere Industriestr. 20
Common Name (CN)
  • TeleSec ServerPass Class 2 CA
validity period
Not valid before
2019-07-08
Not valid after
2021-07-13
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
2B:67:CF:B5:10:CE:06:2D:7B:B7:D9:A2:2D:40:31:FC:F6:FA:33:A0:93:A6:FC:5E:9A:0C:8B:5C:56:80:56:A7
SHA1
A8:F2:78:C2:E4:0D:E7:8E:C4:B8:29:35:23:69:58:35:01:6D:48:BB
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:C8:74:46:F5:3A:B4:46:48:26:F8:2B:CA:34:1E:56:26:04:12:00
subjectKeyIdentifier
  • 06:3F:6C:02:E9:62:EF:21:35:78:92:0D:04:C3:02:7E:06:EE:3E:D5
certificatePolicies
  • Policy: 1.3.6.1.4.1.7879.13.23.1
  • CPS: http://www.telesec.de/serverpass/cps.html
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverpass.telesec.de/rl/ServerPass_Class_2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
  • CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_Class_2_CA.cer
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jul 8 07:02:34.436 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:2E:E0:F8:F1:59:CA:E7:0C:83:A8:1C:50:
  • DD:62:29:F4:51:E6:85:B1:9D:08:95:A5:4B:01:F6:C3:
  • AA:2E:A9:B0:02:20:0C:15:1F:2C:50:FF:A9:B9:7D:F1:
  • 58:33:3A:AC:F0:27:76:57:47:39:96:21:D4:0E:1E:B2:
  • 51:42:4B:E6:68:50
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
  • 38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
  • Timestamp : Jul 8 07:02:34.433 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:2E:B0:38:04:68:93:F0:7E:99:C2:1E:63:
  • 3C:59:5B:EC:4F:A1:50:89:39:06:25:45:5E:29:47:A9:
  • 62:B6:09:73:02:21:00:80:0D:BA:9C:E3:C0:B4:C0:7E:
  • FA:91:03:B6:ED:A9:E2:25:A7:0E:0F:DC:4C:4C:C8:73:
  • A1:C0:07:25:0C:6A:57
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Jul 8 07:02:34.757 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:96:C4:99:DA:84:F4:DD:C2:12:BD:E3:
  • EB:09:8E:79:0A:F0:30:A1:52:EE:0C:F7:7D:D4:89:D2:
  • 67:D3:90:ED:FE:02:20:37:79:AB:DB:E2:C7:39:CD:75:
  • 78:83:68:EA:3F:B6:AA:F9:54:13:15:FB:33:E5:60:D7:
  • 12:2E:21:26:E8:75:65
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : Jul 8 07:02:34.396 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:62:B7:79:90:23:96:F6:AB:5A:4B:20:3F:
  • 0C:0C:E6:3C:9B:5F:50:45:40:51:31:CD:E8:48:43:4B:
  • 45:B2:BD:E4:02:21:00:E1:C0:6E:1A:1F:C8:23:9D:DC:
  • A6:EE:74:49:BD:A1:9C:25:B1:21:F2:0C:67:90:3F:FA:
  • 04:54:DF:C1:C5:2C:48
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
  • A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
  • Timestamp : Jul 8 07:02:34.391 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6C:53:D9:46:6F:89:6A:F7:5E:AC:22:53:
  • 77:D0:EF:0F:A6:42:1B:86:21:8F:86:3F:B2:63:3B:6C:
  • 48:46:ED:3D:02:21:00:EF:15:79:9A:A1:A6:15:88:BC:
  • 58:93:B9:A1:4F:93:8F:D9:59:31:F8:3D:2E:C2:94:78:
  • 29:83:DF:B7:CD:86:ED