SSL-Tools

SSL check results of web.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for web.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 31 May 2023 16:28:03 +0000

No connection to the mailservers of web.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @web.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-ha03.web.de
212.227.15.17
Results incomplete
100
supported
mx.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx-ha02.web.de
212.227.17.8
Results incomplete
100
supported
mx.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @web.de sender addresses. Test mail delivery

Host TLS Version & Cipher
unknown (IPv6:2a05:8b81:1000:ac::d5e3)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout.web.de (212.227.17.11)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.17.12)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (217.72.192.78)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.3)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.4)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.14)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.142)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx.web.de,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • 1&1 Mail & Media GmbH
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Common Name (CN)
  • mx.web.de
Alternative Names
  • mx.web.de
  • mx-ha02.web.de
  • mx-ha03.web.de
  • dhmx01.web.de
  • dhmx02.web.de
Issuer
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom Security GmbH
Common Name (CN)
  • Telekom Security ServerID OV Class 2 CA
validity period
Not valid before
2023-04-25
Not valid after
2024-04-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
6A:6A:5A:B6:BE:43:28:36:DB:34:2E:FA:20:F4:24:25:51:FF:3B:35:C3:BD:A4:87:4B:F0:F1:28:85:71:77:69
SHA1
DD:71:76:C0:7D:72:AB:94:04:A8:6F:2C:99:54:69:76:19:59:0B:6C
X509v3 extensions
authorityKeyIdentifier
  • keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF
subjectKeyIdentifier
  • C5:05:70:E9:56:70:82:5D:8D:29:D6:62:D2:1E:61:44:11:A9:2E:E4
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://docs.serverid.telesec.de/cps/serverid.htm
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
  • CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Apr 25 08:52:28.277 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:1C:54:87:E2:15:BC:AE:41:6F:B7:DB:E2:
  • C8:01:D8:27:17:A7:84:14:D3:0B:F0:55:96:15:BD:B5:
  • A2:72:3C:66:02:20:3D:2C:45:2F:6C:AE:62:AD:55:F4:
  • 5C:7B:B3:70:7A:9A:5C:52:9C:10:D4:E4:2E:11:CD:AC:
  • 9B:F5:E3:9E:78:91
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Apr 25 08:52:28.245 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:51:42:FA:CF:A4:50:1C:A0:CD:BD:B1:A7:
  • 1C:26:6A:B6:ED:E1:B1:CA:C7:70:79:BC:FA:C1:ED:A5:
  • 3B:5C:3A:45:02:21:00:FF:82:15:B4:CB:A9:92:94:14:
  • 64:6D:F7:66:47:44:75:B9:4C:78:EF:08:F1:AB:22:5F:
  • CF:59:4A:CA:18:54:12
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Apr 25 08:52:28.473 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:70:6F:99:78:76:4E:FC:F7:FF:DA:52:D7:
  • 99:A8:DF:1F:AD:12:3A:70:AD:7F:9A:D7:62:71:5B:63:
  • 73:B2:02:7B:02:20:1D:1D:BB:C7:4D:14:A4:71:D8:89:
  • 8A:45:51:4F:4E:31:E6:F8:7B:09:E1:B0:A4:71:30:B7:
  • CB:E6:34:53:8B:3B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
  • 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
  • Timestamp : Apr 25 08:52:28.519 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E1:72:19:C8:E8:C3:E1:32:22:0D:7D:
  • 08:32:83:55:18:0B:0E:51:DA:D0:36:E1:B7:13:7E:59:
  • C0:EA:6A:EC:82:02:20:7D:20:49:AC:0E:72:04:1D:76:
  • AD:FC:69:81:EB:81:03:A2:D2:13:29:F2:1D:D7:06:54:
  • 16:6D:F6:13:63:FB:B0
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Apr 25 08:52:28.346 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:39:57:37:4A:C7:81:C9:CC:4F:8F:1F:49:
  • DC:2F:C6:22:40:02:81:8B:18:0D:71:9A:85:6D:5B:56:
  • 10:56:21:F7:02:21:00:87:05:22:F6:7C:35:6B:82:2A:
  • F2:C7:A8:D3:E3:DE:A0:87:A4:F6:22:29:08:C9:18:6C:
  • 82:A1:82:DB:20:D0:D3

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-ha03.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-ha02.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid