SSL check results of gmx.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 04 May 2023 10:41:01 +0000

No connection to the mailservers of gmx.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.emig.gmx.net
212.227.17.5
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx00.emig.gmx.net
212.227.15.9
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mo4-p05-ob.smtp.rzone.de (81.169.146.183)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-xforward.gmx.net (82.165.159.40)
TLSv1.3 TLS_AES_256_GCM_SHA384
o134.p8.mailjet.com (87.253.233.134)
TLSv1.3 TLS_AES_128_GCM_SHA256
mout.gmx.net (212.227.17.20)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.21)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.22)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.19)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.18)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.15)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx.gmx.net,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain
Subject
Country (C)
  • DE
Organization (O)
  • 1&1 Mail & Media GmbH
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Common Name (CN)
  • mx.gmx.net
Alternative Names
  • mx.gmx.net
  • mx00.gmx.net
  • mx01.gmx.net
  • mx00.emig.gmx.net
  • mx01.emig.gmx.net
  • dhmx01.emig.gmx.net
  • dhmx02.emig.gmx.net
Issuer
Country (C)
  • DE
Organization (O)
  • T-Systems International GmbH
Organizational Unit (OU)
  • T-Systems Trust Center
State (ST)
  • Nordrhein Westfalen
Postal code
  • 57250
Locality (L)
  • Netphen
Street
  • Untere Industriestr. 20
Common Name (CN)
  • TeleSec ServerPass Class 2 CA
validity period
Not valid before
2022-05-04
Not valid after
2023-05-08
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
BF:2F:5F:33:EA:5F:1A:2E:73:15:80:73:CE:97:16:62:DA:9C:58:88:B3:B1:41:7B:29:CE:92:E0:CA:D8:5C:55
SHA1
34:B0:54:4F:0D:D3:40:2E:77:62:E7:47:9C:94:43:10:03:E8:A8:35
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:C8:74:46:F5:3A:B4:46:48:26:F8:2B:CA:34:1E:56:26:04:12:00
subjectKeyIdentifier
  • 97:C6:E8:56:17:6A:E1:3D:FF:1A:A9:22:AE:5C:E8:47:BE:A9:09:01
certificatePolicies
  • Policy: 1.3.6.1.4.1.7879.13.23.1
  • CPS: http://docs.serverpass.telesec.de/cps/serverpass.htm
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverpass.telesec.de/rl/ServerPass_Class_2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
  • CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_Class_2_CA.cer
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
  • B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
  • Timestamp : May 4 10:59:08.953 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:17:70:10:48:BE:9B:C3:41:8A:F4:C5:9D:
  • 39:69:29:84:84:3B:47:C5:43:4D:58:B2:53:77:22:E5:
  • A7:72:27:2A:02:20:47:D9:A9:5B:18:4A:8B:0F:87:93:
  • 90:CA:47:7A:72:34:E1:B5:89:D9:95:4E:BF:68:F8:89:
  • 64:42:C7:1F:75:D2
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : May 4 10:59:09.070 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A2:0E:F4:47:D8:3E:DF:CC:12:09:50:
  • A3:61:07:AD:4C:D3:49:C4:B1:B2:28:6E:3D:09:48:12:
  • 0D:1E:DD:EE:02:02:21:00:D7:EB:10:C3:64:F0:5C:E3:
  • 8A:E0:EC:C3:D2:A9:C0:D4:9F:7D:56:81:B1:73:7E:C9:
  • 9A:C8:D5:38:76:B8:D7:BF
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : May 4 10:59:08.965 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:1C:BC:59:3B:D5:1D:05:47:3C:EF:B1:8D:
  • 5D:88:FE:31:E8:4E:1A:65:DF:66:B7:97:C5:B0:5A:CF:
  • 54:46:E2:C4:02:20:42:1D:4B:7A:3B:7A:C9:E5:31:8F:
  • D7:42:E5:BA:C1:6D:25:FA:EB:4D:5D:A9:27:02:22:DD:
  • 34:7A:88:B5:84:23
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : May 4 10:59:09.324 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A5:7F:3B:C8:AD:E6:33:97:77:42:45:
  • 0D:E8:F0:47:55:5A:66:34:ED:D2:56:C0:AE:3B:E3:D0:
  • CE:6C:ED:BF:CD:02:21:00:D5:37:B7:A2:B8:81:23:A8:
  • D6:C1:F4:77:B1:08:F3:80:1A:1D:83:60:8E:9E:39:6D:
  • 0A:AC:77:8C:E0:8F:25:5A
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
  • 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
  • Timestamp : May 4 10:59:09.317 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:25:9F:D7:30:47:53:87:A2:DA:F8:ED:89:
  • 98:BC:62:7F:5A:B5:6A:57:0E:23:FF:33:7D:64:A8:3A:
  • B6:BA:40:EA:02:20:32:4E:BB:F8:E6:84:34:FA:CE:6F:
  • B0:0E:DE:86:B5:55:FD:8B:B5:98:B4:D1:E8:48:63:71:
  • 5F:CA:E2:6E:7E:BE
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
  • 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
  • Timestamp : May 4 10:59:09.533 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:19:32:BC:EA:19:AA:C8:F9:F3:3E:0F:F2:
  • E4:7F:88:FE:87:60:32:A5:77:05:B3:26:E4:E7:BC:92:
  • CC:64:B6:54:02:21:00:B7:C8:7C:87:8C:B5:A0:6A:01:
  • 4D:EA:BE:37:1D:FC:66:26:00:39:9E:1C:E6:C6:7E:02:
  • 52:6A:3D:CC:99:22:E7

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid