SSL check results of gmx.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 08 Apr 2024 07:16:16 +0000

No connection to the mailservers of gmx.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx00.emig.gmx.net
212.227.15.9
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx01.emig.gmx.net
212.227.17.5
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mo4-p05-ob.smtp.rzone.de (81.169.146.183)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-xforward.gmx.net (82.165.159.40)
TLSv1.3 TLS_AES_256_GCM_SHA384
o134.p8.mailjet.com (87.253.233.134)
TLSv1.3 TLS_AES_128_GCM_SHA256
mout.gmx.net (212.227.17.20)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.21)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.22)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.19)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.18)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.15)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx.gmx.net,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • 1&1 Mail & Media GmbH
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Common Name (CN)
  • mx.gmx.net
Alternative Names
  • mx.gmx.net
  • mx00.gmx.net
  • mx01.gmx.net
  • mx00.emig.gmx.net
  • mx01.emig.gmx.net
  • dhmx01.emig.gmx.net
  • dhmx02.emig.gmx.net
Issuer
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom Security GmbH
Common Name (CN)
  • Telekom Security ServerID OV Class 2 CA
validity period
Not valid before
2023-04-25
Not valid after
2024-04-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
4B:75:BA:42:76:0C:89:0D:B2:0A:CF:5E:63:92:CF:89:23:E4:56:12:C3:70:D1:E2:2F:B7:76:97:E7:F7:E6:2B
SHA1
7D:10:99:7E:13:2A:B1:23:9C:AA:C0:2F:D8:05:FA:62:0A:B3:FC:88
X509v3 extensions
authorityKeyIdentifier
  • keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF
subjectKeyIdentifier
  • 61:F1:FE:E0:7D:33:10:73:A0:67:53:BB:FB:F8:6E:E2:FC:6D:A5:E0
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://docs.serverid.telesec.de/cps/serverid.htm
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
  • CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Apr 25 08:50:27.907 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:97:41:73:7B:BC:0D:3D:20:46:B0:2E:
  • 08:DF:85:1E:CF:FF:04:AD:5A:52:61:C3:59:5E:FA:96:
  • F5:E5:FB:F3:78:02:20:27:8D:10:F3:37:B2:E2:31:3E:
  • 6B:07:06:51:AD:35:89:46:FA:32:45:EC:BB:7F:CB:01:
  • DB:6F:0B:9D:27:00:40
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Apr 25 08:50:27.364 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:2F:0E:73:CA:2D:4A:53:4A:69:D0:59:B5:
  • 3D:0D:4F:5B:6D:70:25:B5:4C:88:2E:E3:1F:18:0B:43:
  • 7D:FC:C6:BF:02:21:00:F4:BE:BC:96:32:09:5C:77:49:
  • 82:1D:3A:F4:F5:BA:04:18:95:14:BE:16:C1:02:CA:BC:
  • 33:89:D0:A7:9F:60:11
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Apr 25 08:50:27.670 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:9B:F6:96:27:08:02:3E:B3:E8:C7:14:
  • 8D:2A:2F:CD:61:C7:D2:C9:AF:BA:78:F8:B5:17:DA:CC:
  • 78:75:BD:04:9A:02:20:58:F8:BB:90:0E:C6:C0:9F:84:
  • B6:47:A9:34:EE:23:F7:E9:38:69:E9:DF:3B:BA:0D:43:
  • 7A:0A:AC:41:1F:EA:0B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
  • 1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
  • Timestamp : Apr 25 08:50:27.766 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:1F:C1:73:DA:76:28:9D:F8:64:38:E6:E6:
  • 80:4B:E9:05:CF:29:9C:9F:C1:D0:81:DC:38:48:BF:2F:
  • 81:0A:78:E2:02:20:15:4B:E5:C4:27:35:F2:2A:5E:05:
  • 5F:3B:98:33:3A:C2:7B:75:8A:BF:01:4E:8C:02:5B:E3:
  • BC:EF:D7:6C:C2:4D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Apr 25 08:50:27.486 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:AE:3F:CA:DA:69:35:D2:F5:F6:34:F7:
  • C4:15:75:56:07:61:E0:F5:81:58:68:68:4A:C5:09:0B:
  • D3:39:82:95:CD:02:20:2F:0D:E4:BA:97:A5:D6:80:EB:
  • F2:F6:9D:F5:9F:A0:8E:E7:CA:81:67:57:1C:97:13:F4:
  • B0:8C:5E:9A:16:81:6D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid