SSL check results of gmx.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 22 Jul 2021 18:05:29 +0000

No connection to the mailservers of gmx.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx00.emig.gmx.net
212.227.15.9
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx01.emig.gmx.net
212.227.17.5
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mo4-p05-ob.smtp.rzone.de (81.169.146.183)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-xforward.gmx.net (82.165.159.40)
TLSv1.3 TLS_AES_256_GCM_SHA384
o134.p8.mailjet.com (87.253.233.134)
TLSv1.3 TLS_AES_128_GCM_SHA256
mout.gmx.net (212.227.15.19)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.18)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.22)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.21)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.20)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.15)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx.gmx.net,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • 1&1 Mail & Media GmbH
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Common Name (CN)
  • mx.gmx.net
Alternative Names
  • mx.gmx.net
  • mx00.gmx.net
  • mx01.gmx.net
  • mx00.emig.gmx.net
  • mx01.emig.gmx.net
  • dhmx01.emig.gmx.net
  • dhmx02.emig.gmx.net
Issuer
Country (C)
  • DE
Organization (O)
  • T-Systems International GmbH
Organizational Unit (OU)
  • T-Systems Trust Center
State (ST)
  • Nordrhein Westfalen
Postal code
  • 57250
Locality (L)
  • Netphen
Street
  • Untere Industriestr. 20
Common Name (CN)
  • TeleSec ServerPass Class 2 CA
validity period
Not valid before
2021-06-08
Not valid after
2022-06-13
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
E9:EA:38:A0:58:DD:A2:C3:92:B9:DE:38:54:6D:E1:FB:9E:29:D9:08:A2:B8:9E:AE:40:00:F3:2D:E8:8D:7A:CA
SHA1
E5:B2:E3:B4:02:31:49:7A:78:F9:1A:EF:27:9E:23:F3:AE:7B:91:10
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:C8:74:46:F5:3A:B4:46:48:26:F8:2B:CA:34:1E:56:26:04:12:00
subjectKeyIdentifier
  • E0:A4:8C:65:ED:C2:B4:EC:33:96:78:97:3D:7A:E6:2F:85:B6:D2:26
certificatePolicies
  • Policy: 1.3.6.1.4.1.7879.13.23.1
  • CPS: http://docs.serverpass.telesec.de/cps/serverpass.htm
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverpass.telesec.de/rl/ServerPass_Class_2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
  • CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_Class_2_CA.cer
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:
  • 11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
  • Timestamp : Jun 8 11:28:18.683 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:AC:25:52:C2:6C:E7:0E:1A:FD:D7:F4:
  • 8B:CA:FE:13:F9:AA:5F:D0:35:2F:27:85:12:96:1F:8B:
  • A4:C2:32:39:85:02:21:00:FE:94:39:49:F2:29:DA:36:
  • B6:58:75:16:AF:81:50:EC:71:6A:CD:27:55:C3:A3:85:
  • B4:84:7A:4A:03:7D:09:46
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Jun 8 11:28:18.755 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F1:9C:37:5C:47:39:54:EE:61:A6:86:
  • 17:A9:AA:A0:35:F2:AA:E8:7B:7B:D8:83:E9:F2:43:BF:
  • 79:B9:44:E3:2F:02:20:38:07:66:DE:23:B0:BA:56:1A:
  • AB:A8:15:51:08:B5:3E:16:AD:B3:DC:00:10:13:76:3D:
  • 98:C6:33:BA:6C:38:51
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Jun 8 11:28:18.734 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:B3:1A:FE:FA:FD:B7:63:17:E9:FE:29:
  • B5:78:70:02:EF:07:44:DC:AF:95:19:D3:54:2E:F8:54:
  • B0:49:39:79:CD:02:20:1E:08:CD:AC:44:F6:B4:78:01:
  • CF:9B:B2:E2:6D:EC:FE:73:CB:94:14:9B:F3:8C:D9:6C:
  • 94:7F:08:D8:36:6C:40
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Jun 8 11:28:18.902 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:FF:53:F2:1E:0C:DA:4D:13:D7:01:1C:
  • 01:50:27:02:5B:40:1B:B3:D3:0B:E8:42:0F:75:1E:E5:
  • 47:2F:AD:F1:11:02:21:00:EC:84:E1:6F:F8:27:3A:65:
  • FD:65:47:1B:8D:03:18:06:80:31:75:38:98:1E:F7:39:
  • 85:2A:42:70:E4:DA:8E:60
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : Jun 8 11:28:19.317 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:EA:93:83:F9:9A:F4:8D:37:BF:3B:A8:
  • CC:25:A0:A1:64:92:44:EA:A0:25:36:14:34:9D:5A:E3:
  • BA:CE:37:5D:E2:02:21:00:E3:C3:D7:9E:C3:34:FC:8F:
  • D1:B3:F5:3D:97:BA:08:D8:6C:36:87:AC:12:9E:45:24:
  • 78:20:0D:B3:45:02:D5:B4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
  • 4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
  • Timestamp : Jun 8 11:28:19.310 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:EB:39:A6:3E:E7:50:FB:9B:5D:31:A5:
  • 93:5A:50:EC:60:11:EA:52:DF:39:B6:1C:E6:07:55:F3:
  • 34:C7:C2:0F:4E:02:20:66:03:6C:76:07:56:39:2C:95:
  • 02:10:73:8E:71:86:AA:98:1A:07:A1:F2:EC:E2:8C:79:
  • 5D:B3:28:86:A4:8D:D7

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid