SSL check results of web.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for web.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 03 Oct 2024 14:31:33 +0000

No connection to the mailservers of web.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @web.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-ha02.web.de
212.227.17.8
Results incomplete
100
supported
mx.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx-ha03.web.de
212.227.15.17
Results incomplete
100
supported
mx.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @web.de sender addresses. Test mail delivery

Host TLS Version & Cipher
unknown (IPv6:2a05:8b81:1000:ac::d5e3)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mout.web.de (212.227.17.11)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.17.12)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (217.72.192.78)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.3)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.4)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.web.de (212.227.15.14)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout02.posteo.de (185.67.36.142)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

Certificates

First seen at:

CN=mx.web.de,O=1&1 Mail & Media GmbH,L=Montabaur,ST=Rheinland-Pfalz,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Organization (O)
  • 1&1 Mail & Media GmbH
Common Name (CN)
  • mx.web.de
Alternative Names
  • mx.web.de
  • mx-ha02.web.de
  • mx-ha03.web.de
  • dhmx01.web.de
  • dhmx02.web.de
Issuer
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom Security GmbH
Common Name (CN)
  • Telekom Security ServerID OV Class 2 CA
validity period
Not valid before
2024-03-13
Not valid after
2025-03-17
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
76:62:65:B1:BF:C5:B5:D7:C6:0A:6C:0E:D8:7E:0B:74:53:7E:AC:4B:B5:3A:14:20:2A:89:2C:B4:C0:85:11:14
SHA1
89:0A:22:84:48:DD:F4:A6:16:2B:9A:02:5F:62:DB:C7:5F:5E:11:7F
X509v3 extensions
authorityKeyIdentifier
  • keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF
subjectKeyIdentifier
  • 83:9A:21:A1:CE:3E:22:AC:E8:75:9D:A5:E0:D9:17:67:53:20:C4:FE
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://docs.serverid.telesec.de/cps/serverid.htm
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
  • CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Mar 13 08:00:12.788 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:D0:99:2A:24:5B:12:F1:B7:DB:82:19:
  • 5F:80:6D:9E:DF:3A:EF:F3:F4:99:6D:52:87:09:B2:7B:
  • 67:1B:69:98:DC:02:21:00:96:5A:15:15:15:F1:09:62:
  • 29:A8:2C:20:BB:38:57:D0:E6:A4:10:2A:A4:CD:C2:8D:
  • D1:65:EA:92:CB:CC:92:91
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
  • 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
  • Timestamp : Mar 13 08:00:12.405 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:0F:09:D6:1E:63:04:5C:13:1B:EF:5C:BC:
  • 37:AA:90:35:D7:F0:0F:EB:A8:1F:81:2A:C1:7C:90:31:
  • 16:5B:64:BA:02:20:30:A9:88:D9:07:E2:27:67:99:B7:
  • 70:84:5B:8E:F2:91:DB:70:BB:CA:58:C6:0D:F0:B9:31:
  • 98:CA:AE:F1:53:B8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 28:E2:81:38:FD:83:21:45:E9:A9:D6:AA:75:37:6D:83:
  • 77:A8:85:12:B3:C0:7F:72:41:48:21:DC:BD:E9:8C:66
  • Timestamp : Mar 13 08:00:13.298 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:B3:65:0B:4C:76:62:8A:17:B4:E0:DF:
  • 46:99:64:9B:A2:8A:CB:5C:F2:BC:77:C1:87:F5:23:18:
  • A1:79:CF:40:11:02:21:00:81:13:56:9A:D5:2D:E5:D0:
  • E5:7F:CB:39:13:73:94:CE:75:CF:46:34:2F:A5:2A:80:
  • EF:C5:EA:77:54:9E:1D:2A
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
  • 1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
  • Timestamp : Mar 13 08:00:12.313 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:45:63:F8:D5:E0:9B:8F:C6:3A:93:BB:1E:
  • 13:2D:8E:3A:05:AA:80:5B:3B:2F:57:88:BC:44:73:E9:
  • FB:E4:D0:75:02:20:03:2E:6E:91:AE:BC:31:0F:05:71:
  • 7F:F4:C0:1E:82:1E:9D:ED:57:7F:4B:D6:79:F0:BB:9D:
  • 6D:20:E6:12:CA:EA
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
  • 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
  • Timestamp : Mar 13 08:00:12.358 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:8A:BD:5C:6A:8B:76:F7:B5:D6:30:4D:
  • 57:0C:22:59:54:BC:3E:1E:1A:83:5D:9C:65:60:C4:82:
  • CA:16:79:87:10:02:21:00:9F:27:B2:CC:F4:74:99:1B:
  • 2D:32:85:89:B5:ED:62:50:0C:17:DF:B1:50:B4:B6:AC:
  • 72:35:D2:41:54:2D:84:6D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-ha02.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-ha02.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx-ha03.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-ha03.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid