gmx.de - TLS / STARTTLS Test

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 30 Jun 2024 05:37:07 +0000

Certificates

Trustworthy
Protocol

Not checked
DANE

Valid
Bullshit made in Germany

Logo: CC-BY-SA MathiasM

No connection to the mailservers of gmx.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx00.emig.gmx.net 212.227.15.9 Results incomplete	10	supported	mx.gmx.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-30 1 s
mx01.emig.gmx.net 212.227.17.5 Results incomplete	10	supported	mx.gmx.net	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-06-30 1 s

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host	TLS Version & Cipher
mo4-p05-ob.smtp.rzone.de (81.169.146.183)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-07-17
mout-xforward.gmx.net (82.165.159.40)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-07-05
o134.p8.mailjet.com (87.253.233.134)	TLSv1.3 TLS_AES_128_GCM_SHA256	2021-05-27
mout.gmx.net (212.227.17.20)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-08-30
mout.gmx.net (212.227.17.21)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-08-25
mout.gmx.net (212.227.17.22)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-08-20
mout.gmx.net (212.227.15.19)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-08-01
mout.gmx.net (212.227.15.18)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-07-31
mout.gmx.net (212.227.15.15)	TLSv1.3 TLS_AES_256_GCM_SHA384	2021-06-20

Certificates

First seen at: 2024-05-03

CN=mx.gmx.net,O=1&1 Mail & Media GmbH,L=Montabaur,ST=Rheinland-Pfalz,C=DE

Certificate chain

mx.gmx.net
- 2025-03-17 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Country (C)

State (ST)

Rheinland-Pfalz

Locality (L)

Montabaur

Organization (O)

1&1 Mail & Media GmbH

Common Name (CN)

mx.gmx.net

Alternative Names

mx.gmx.net
mx00.gmx.net
mx01.gmx.net
mx00.emig.gmx.net
mx01.emig.gmx.net
dhmx01.emig.gmx.net
dhmx02.emig.gmx.net

Issuer

Country (C)

Organization (O)

Deutsche Telekom Security GmbH

Common Name (CN)

Telekom Security ServerID OV Class 2 CA

validity period

Not valid before: 2024-03-13
Not valid after: 2025-03-17

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Client Authentication
TLS Web Server Authentication

Fingerprints

SHA256: E5:44:A9:71:19:78:F2:D4:2D:37:57:4F:E2:31:53:D9:E7:CE:7A:12:89:9B:6D:2D:02:57:DA:52:7F:81:A0:B6
SHA1: 55:4E:5B:9D:8E:C1:A1:ED:4B:3F:77:19:07:22:C9:2B:1A:89:D7:C8

X509v3 extensions

authorityKeyIdentifier

keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF

subjectKeyIdentifier

21:C0:E5:A4:66:30:EB:2A:01:F0:15:93:5B:A8:88:C4:9A:A7:13:92

certificatePolicies

Policy: 2.23.140.1.2.2
CPS: http://docs.serverid.telesec.de/cps/serverid.htm

crlDistributionPoints

Full Name:
URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl

authorityInfoAccess

OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
Timestamp : Mar 13 08:02:20.025 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:2D:93:70:FF:EA:33:96:00:17:4A:4C:14:
15:74:7F:E7:EA:89:D1:3A:5C:8A:41:42:6D:EC:4A:AC:
31:01:34:04:02:21:00:8A:DA:8A:CD:09:6C:32:A6:5A:
BB:A8:32:C7:C9:75:F0:D6:9E:47:75:32:8F:49:AB:49:
88:47:D9:FC:F4:4E:F1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 28:E2:81:38:FD:83:21:45:E9:A9:D6:AA:75:37:6D:83:
77:A8:85:12:B3:C0:7F:72:41:48:21:DC:BD:E9:8C:66
Timestamp : Mar 13 08:02:21.167 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:A6:7D:4D:FC:AE:B6:21:78:D5:BC:BA:
92:E1:FF:E7:56:21:E0:6A:35:61:09:2C:87:20:A3:D8:
AA:A2:3C:64:0D:02:20:04:A5:3E:44:20:51:C7:AB:C0:
8C:FC:48:51:35:98:59:94:65:E7:07:1D:5A:1A:72:91:
B5:6A:0E:86:39:65:23
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
Timestamp : Mar 13 08:02:19.928 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D6:AF:F9:13:F5:4B:B9:AA:9D:DA:39:
E3:D4:D4:C6:5B:0F:0C:8A:53:DA:DD:5D:5C:34:76:02:
29:35:FF:48:DF:02:20:7D:F6:93:7B:6D:D1:27:CC:7F:
DD:55:0A:9F:9A:86:48:94:0C:C4:A0:C8:D1:6B:A5:70:
F1:C0:E8:AB:5B:99:AD
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
Timestamp : Mar 13 08:02:19.974 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:BC:43:CB:F9:B0:00:04:46:0F:EC:1A:
E3:20:86:B6:38:C3:2D:21:9D:8F:4C:46:AC:1F:8D:DE:
EE:74:BD:A6:4C:02:21:00:CD:A8:C1:1B:00:3D:2B:F3:
10:35:0A:C4:CD:79:52:59:98:0F:6D:8E:76:3A:81:A3:
AC:AE:16:0B:5A:BA:7B:EB

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mx00.emig.gmx.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx00.emig.gmx.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid
_25._tcp.mx01.emig.gmx.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	—
_25._tcp.mx01.emig.gmx.net	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	valid	valid

SSL check results of gmx.de