Batch XML OnlyNode/OnlyField

This document describes the Batch OnlyNode and OnlyField features. OnlyNode/OnlyField allows you to extract almost any information from a TLS email SMTP session. Using OnlyNode/OnlyField does require you to be familiar with all the other Batch features and XML formats first.

See About for information about what a Batch is and what it can do. Context sensitive help is available on every screen of batch/edit. See XML Input File for information Batch XML Input Files. See Output Formats for information Batch Output Formats

What They Do

As the name implies, OnlyNode/OnlyField is a way to extract the fields you want from the output of one of our tests. OnlyNode and OnlyField are options in BatchTest. First you configure a BatchTest that includes the field(s) you want in XML, then you extract just that field.

How Are They Different

OnlyNode output is very terse. It is just the field name and the value in a flat XML tree. This works well to extract a small number of fields from a test. OnlyField keeps the original test XML structure, so for example the SSLVersion of each MX host in a Receiver test can be extracted. For three MX hosts, OnlyNode output for SSLVersion looks like:

<CheckTLS test="BatchTestreceiver" version="V03.10.01">
  <Results format="xml-detail">
    <Result>
      <eMailAddress>checktls.com</eMailAddress>
        <SSLVersion>TLSv1_3</SSLVersion>
        <SSLVersion>TLSv1_3</SSLVersion>
        <SSLVersion>TLSv1_3</SSLVersion>
    </Result>
  </Results>
</CheckTLS>
While OnlyField looks like this:
<CheckTLS test="BatchTestreceiver" version="V03.11.00">
  <Results format="xml-detail">
    <Result>
      <eMailAddress>checktls.com</eMailAddress>
      <MX exchange="mail1.checktls.com[10.11.12.1:25]" preference="10">
        <SSL>
          <SSLVersion>TLSv1_3</SSLVersion>
        </SSL>
      </MX>
      <MX exchange="mail2.checktls.com[10.11.12.2:25]" preference="20">
        <SSL>
          <SSLVersion>TLSv1_3</SSLVersion>
        </SSL>
      </MX>
      <MX exchange="mail3.checktls.com[10.11.12.3:25]" preference="30">
        <SSL>
          <SSLVersion>TLSv1_3</SSLVersion>
        </SSL>
      </MX>
    </Result>
  </Results>
</CheckTLS>

How To Use Them

For example, say you want the version of SSL/TLS that a site uses to receive email.

Info about how a site receives email comes from the //email/Test To: test. Run that test manually to find the Output Format that includes SSLVersion. In this example, that's Output Format = DETAIL:

...
SSLVersion in use: TLSv1_3
...
Output Format = MATRIX does not show SSLVersion, and Output Formats higher than DETAIL also show SSLVersion but they do extra work that you don't want.

Create a Receiver BatchTest that targets the address you want at the DETAIL level but using XML (so Output Format = XML-DETAIL):

<BatchTest TestType="receiver">
  <Target>checktls.com</Target>
  <Delivery>
    <To>you@yourdomain.com</To>
    <Format>xml-detail</Format>
  </Delivery>
</BatchTest>
Run it and make sure it returns the same DETAIL as the manual test and that it includes the SSLVersion field:
...
<SSLVersion>TLSv1_3</SSLVersion>
...

Add an OnlyNode line to the BatchTest:

<BatchTest TestType="receiver">
  <Target>checktls.com</Target>
  <Delivery>
    <To>you@yourdomain.com</To>
    <Format>xml-detail</Format>
    <OnlyNode>SSLVersion</OnlyNode>
  </Delivery>
</BatchTest>

Run it and you should get this in your email:

<CheckTLS test="BatchTestreceiver" version="V03.10.01">
  <Results format="xml-detail">
    <Result>
      <SSLVersion>TLSv1_3</SSLVersion>
    </Result>
  </Results>
</CheckTLS>

What If I Get More Than One OnlyNode?

In the above example, SSLVersion is a feature of a particular email server. For a target email address that has more than one MX, there will be an SSLVersion for each MX. So the above example will instead look like this:

<CheckTLS test="BatchTestreceiver" version="V03.10.01">
  <Results format="xml-detail">
    <Result>
      <eMailAddress>checktls.com</eMailAddress>
        <SSLVersion>TLSv1_3</SSLVersion>
        <SSLVersion>TLSv1_3</SSLVersion>
        <SSLVersion>TLSv1_3</SSLVersion>
    </Result>
  </Results>
</CheckTLS>

See OnlyField below for how to separate these better.

If all the MXs are the same, then you don't care. If not, see Why Do you "Score" TLS Instead of Giving a Yes or No Answer? in the FAQ. If the target has more than one version of SSL in use, which one do you want?

You have several choices:

  • use all of them
  • use the best case (be optimistic)
  • use the worst case (be safe)
  • use the first one

While we do not recommend it, using the "first" one, especially if it has the lowest MX priority, meaning it will tried first, is the best option if you are only going to use just one. We have an easy, fast way to pick just the first one. Add the QUICK option to the target, like this:

<BatchTest TestType="receiver">
  <Target Quick="1">checktls.com</Target>
  <Delivery>
    <To>you@yourdomain.com</To>
    <Format>xml-detail</Format>
    <OnlyNode>SSLVersion</OnlyNode>
  </Delivery>
</BatchTest>

This BatchTest produces just a single SSLVersion:

<CheckTLS test="BatchTestreceiver" version="V03.10.01">
  <Results format="xml-detail">
    <Result>
      <SSLVersion>TLSv1_3</SSLVersion>
    </Result>
  </Results>
</CheckTLS>

XPath OnlyNode

OnlyNode supports full XPath Syntax. XPath allows you to select any field from any XML test result. For example, to show the second MX host with its SSLVersion, Cipher, and when its cert expires for three targets:

<BatchTest TestType="receiver">
  <Target>firstdomain.com</Target>
  <Target>seconddomain.com</Target>
  <Target>thirddomain.com</Target>
  <Delivery>
    <To>you@yourdomain.com</To>
    <Format>xml-certdetail</Format>
    <OnlyNode>eMailAddress</OnlyNode>
    <OnlyNode>ConfidenceFactor</OnlyNode>
    <OnlyNode>//MX[2]/@exchange</OnlyNode>
    <OnlyNode>//MX[2]/SSL/SSLVersion</OnlyNode>
    <OnlyNode>//MX[2]/SSL/Cipher</OnlyNode>
    <OnlyNode>//MX[2]/SSL/Certs/Cert[@number=1]/NotValidAfter</OnlyNode>
  </Delivery>
</BatchTest>
Note that to OnlyNode the expiration date we have to change the Output Format from XML-DETAIL to XML-CERTDETAIL to get the NotValidAfter field.

This BatchTest produces:

<CheckTLS test="BatchTestreceiver" version="V03.10.01">
  <Results format="xml-certdetail">
    <Result>
      <eMailAddress>firstdomain.com</eMailAddress>
      <ConfidenceFactor>90</eMailAddress>
      <_..MX.1...exchange>mail2.firstdomain.com[192.168.127.1]</_..MX.1...exchange>
      <SSLVersion>TLSv1_3</SSLVersion>
      <Cipher>TLS_AES_256_GCM_SHA384</Cipher>
      <NotValidAfter>Jun  7 12:00:00 2019 GMT</NotValidAfter>
    </Result>
    <Result>
      <eMailAddress>seconddomain.com</eMailAddress>
      <ConfidenceFactor>90</eMailAddress>
      <_..MX.1...exchange>mail2.seconddomain.com[192.168.127.2]</_..MX.1...exchange>
      <SSLVersion>TLSv1_3</SSLVersion>
      <Cipher>TLS_AES_256_GCM_SHA384</Cipher>
      <NotValidAfter>Jun  7 12:00:00 2019 GMT</NotValidAfter>
    </Result>
    <Result>
      <eMailAddress>thirddomain.com</eMailAddress>
      <ConfidenceFactor>90</eMailAddress>
      <_..MX.1...exchange>mail2.thirddomain.com[192.168.127.3]</_..MX.1...exchange>
      <SSLVersion>TLSv1_3</SSLVersion>
      <Cipher>TLS_AES_256_GCM_SHA384</Cipher>
      <NotValidAfter>Jun  7 12:00:00 2019 GMT</NotValidAfter>
    </Result>
  </Results>
</CheckTLS>
Notice that the element name for the MX exchange is made up because the raw XPath output would not be a valid XML node name.

OnlyField to the Rescue

As the longer examples above show, OnlyNode output is simple when you only want one or two lines of output. For more than a few lines of output, or for a field like SSLVersion or NotValidAfter (certificate expiration date) that can appear many times for a single target, the OnlyNode output is difficult to work with. OnlyField does the same thing as OnlyNode, but keeps the original XML structure intact. This makes OnlyField output easier for another computer to parse. That computer could be your back-office systems, JavaScript on a webpage, or a Microsoft Outlook add-in that enforces TLS when sending. OnlyField output even loads into an Excel spreadsheet without any changes.

For example, Receiver testing three targets that have one, two, and three MX hosts respectively with this input file:

<BatchTest TestType="receiver">
  <Target>firstdomain.com</Target>
  <Target>seconddomain.com</Target>
  <Target>thirddomain.com</Target>
  <Delivery>
    <To>you@yourdomain.com</To>
    <Format>xml-certdetail</Format>
    <OnlyNode>eMailAddress</OnlyNode>
    <OnlyNode>ConfidenceFactor</OnlyNode>
    <OnlyNode>//MX/@exchange</OnlyNode>
    <OnlyNode>//MX/SSL/SSLVersion</OnlyNode>
    <OnlyNode>//MX/SSL/Cipher</OnlyNode>
    <OnlyNode>//MX/SSL/Certs/Cert/NotValidAfter</OnlyNode>
  </Delivery>
</BatchTest>

The raw batchtest output is over 4600 lines.

OnlyNode outputs:

<CheckTLS test="BatchTestreceiver" version="V03.11.00">
  <Results format="xml-certdetail">
    <Result>
      <eMailAddress>test.one.com</eMailAddress>
      <ConfidenceFactor>100</ConfidenceFactor>
      <_..MX..exchange> exchange="mail1.test.one.com[10.10.10.10:25]"</_..MX..exchange>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Apr 11 23:59:59 2019 GMT</NotValidAfter>
    </Result>
    <Result>
      <eMailAddress>test.two.com</eMailAddress>
      <ConfidenceFactor>90</ConfidenceFactor>
      <_..MX..exchange> exchange="mail1.test.two.com[10.20.20.10:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="mail2.test.two.com[10.20.20.20:25]"</_..MX..exchange>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES256-GCM-SHA384</Cipher>
      <NotValidAfter>Oct 26 00:00:00 2020 GMT</NotValidAfter>
    </Result>
    <Result>
      <eMailAddress>test.three.com</eMailAddress>
      <ConfidenceFactor>100</ConfidenceFactor>
      <_..MX..exchange> exchange="aspmx.l.google.com[173.194.208.27:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="alt1.aspmx.l.google.com[64.233.186.26:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="alt2.aspmx.l.google.com[74.125.193.27:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="aspmx2.googlemail.com[64.233.186.27:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="aspmx3.googlemail.com[74.125.193.26:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="aspmx4.googlemail.com[173.194.76.26:25]"</_..MX..exchange>
      <_..MX..exchange> exchange="aspmx5.googlemail.com[173.194.69.26:25]"</_..MX..exchange>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
    </Result>
  </Results>
</CheckTLS>

Even using advanced XPath syntax

<OnlyNode>//MX/@exchange | //MX/SSL/SSLVersion | //MX/SSL/Cipher | //MX/SSL/Certs/Cert/NotValidAfter</OnlyNode>
to group each MX's fields together, OnlyNode outputs:
<CheckTLS test="BatchTestreceiver" version="V03.11.00">
  <Results format="xml-certdetail">
    <Result>
      <eMailAddress>test.one.com</eMailAddress>
      <ConfidenceFactor>100</ConfidenceFactor>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="mail1.test.one.com[10.10.10.10:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Apr 11 23:59:59 2019 GMT</NotValidAfter>
      <NotValidAfter>Feb 11 23:59:59 2029 GMT</NotValidAfter>
      <NotValidAfter>Jan 18 23:59:59 2038 GMT</NotValidAfter>
    </Result>
    <Result>
      <eMailAddress>test.two.com</eMailAddress>
      <ConfidenceFactor>90</ConfidenceFactor>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="mail1.test.two.com[10.20.20.10:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES256-GCM-SHA384</Cipher>
      <NotValidAfter>Oct 26 00:00:00 2020 GMT</NotValidAfter>
      <NotValidAfter>Oct 22 12:00:00 2028 GMT</NotValidAfter>
      <NotValidAfter>Nov 10 00:00:00 2031 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="mail2.test.two.com[10.20.20.20:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES256-GCM-SHA384</Cipher>
      <NotValidAfter>Oct 26 00:00:00 2020 GMT</NotValidAfter>
      <NotValidAfter>Oct 22 12:00:00 2028 GMT</NotValidAfter>
      <NotValidAfter>Nov 10 00:00:00 2031 GMT</NotValidAfter>
    </Result>
    <Result>
      <eMailAddress>test.three.com</eMailAddress>
      <ConfidenceFactor>100</ConfidenceFactor>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="aspmx.l.google.com[172.217.197.26:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="alt1.aspmx.l.google.com[64.233.186.26:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="alt2.aspmx.l.google.com[74.125.193.27:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="aspmx2.googlemail.com[64.233.186.26:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="aspmx3.googlemail.com[74.125.193.26:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="aspmx4.googlemail.com[173.194.76.27:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
      <_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter> exchange="aspmx5.googlemail.com[173.194.69.27:25]"</_..MX..exchange.....MX.SSL.SSLVersion.....MX.SSL.Cipher.....MX.SSL.Certs.Cert.NotValidAfter>
      <SSLVersion>TLSv1_2</SSLVersion>
      <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
      <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
      <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
    </Result>
  </Results>
</CheckTLS>

OnlyField outputs (copy/paste this into Excel to see the advantage):

<CheckTLS test="BatchTestreceiver" version="V03.11.00">
  <Results format="xml-certdetail">
    <Result>
      <eMailAddress>test.one.com</eMailAddress>
      <ConfidenceFactor>100</ConfidenceFactor>
      <MX exchange="mail1.test.one.com[10.10.10.10:25]" preference="1">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Apr 11 23:59:59 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Feb 11 23:59:59 2029 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Jan 18 23:59:59 2038 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
    </Result>
    <Result>
      <eMailAddress>test.two.com</eMailAddress>
      <ConfidenceFactor>90</ConfidenceFactor>
      <MX exchange="mail1.test.two.com[10.20.20.10:25]" preference="10">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES256-GCM-SHA384</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Oct 26 00:00:00 2020 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Oct 22 12:00:00 2028 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Nov 10 00:00:00 2031 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="mail2.test.two.com[10.20.20.20:25]" preference="11">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES256-GCM-SHA384</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Oct 26 00:00:00 2020 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Oct 22 12:00:00 2028 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Nov 10 00:00:00 2031 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
    </Result>
    <Result>
      <eMailAddress>test.three.com</eMailAddress>
      <ConfidenceFactor>100</ConfidenceFactor>
      <MX exchange="aspmx.l.google.com[172.217.197.27:25]" preference="10">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="alt1.aspmx.l.google.com[64.233.186.26:25]" preference="20">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="alt2.aspmx.l.google.com[74.125.193.27:25]" preference="20">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="aspmx2.googlemail.com[64.233.186.26:25]" preference="50">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="aspmx3.googlemail.com[74.125.193.27:25]" preference="50">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="aspmx4.googlemail.com[173.194.76.27:25]" preference="50">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
      <MX exchange="aspmx5.googlemail.com[173.194.69.26:25]" preference="50">
        <SSL>
          <SSLVersion>TLSv1_2</SSLVersion>
          <Cipher>ECDHE-RSA-AES128-GCM-SHA256</Cipher>
          <Certs count="3">
            <Cert number="1">
              <NotValidAfter>Jan 22 13:15:00 2019 GMT</NotValidAfter>
            </Cert>
            <Cert number="2">
              <NotValidAfter>Dec 15 00:00:42 2021 GMT</NotValidAfter>
            </Cert>
            <Cert number="3">
              <NotValidAfter>Dec 15 08:00:00 2021 GMT</NotValidAfter>
            </Cert>
          </Certs>
        </SSL>
      </MX>
    </Result>
  </Results>
</CheckTLS>