gmx.de - TLS / STARTTLS Test

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON

Checking

Certificates

Checking
Protocol

Checking
DANE

Checking
Bullshit made in Germany

Logo: CC-BY-SA MathiasM

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mx00.emig.gmx.net 212.227.15.9	10	...	mx.gmx.net	DANE PFS supported Heartbleed Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~
mx01.emig.gmx.net 212.227.17.5	10	...	mx.gmx.net	DANE PFS supported Heartbleed Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host	TLS Version & Cipher
mout.gmx.net (212.227.15.19)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2020-01-09
mout.gmx.net (212.227.17.22)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2020-01-23
mout.gmx.net (212.227.15.15)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2020-01-21
mout.gmx.net (212.227.17.20)	TLSv1.3 TLS_AES_256_GCM_SHA384	2019-12-12
mout.gmx.net (212.227.17.21)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2019-12-16
mout.gmx.net (212.227.15.18)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2020-01-01
mx-relay24.cloudservice.ag (46.235.240.139)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2016-07-18
mx-relay02.cloudservice.ag (81.20.94.237)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2016-07-18
mx-relay07.cloudservice.ag (81.20.94.250)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2016-07-18
mx-relay22.cloudservice.ag (46.235.240.135)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2016-07-18
mout-xforward.gmx.net (82.165.159.41)	TLSv1.2 DHE-RSA-AES256-GCM-SHA384	2016-09-30
mout-xforward.gmx.net (82.165.159.14)	TLSv1.2 DHE-RSA-AES256-GCM-SHA384	2016-09-30
mout-xforward.gmx.net (82.165.159.12)	TLSv1.2 DHE-RSA-AES256-GCM-SHA384	2016-09-30
bay004-omc1s14.hotmail.com (65.54.190.25)	TLSv1.2 ECDHE-RSA-AES256-SHA384	2017-02-08
unknown (82.211.23.143)	Insecure - not encrypted!	2017-05-28
mx1.mailbox.org (80.241.60.212)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2017-09-12
xen.hvgg.de (89.19.241.160)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384	2018-01-20
mout-xforward.gmx.net (82.165.159.40)	TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256	2019-08-19

Certificates

First seen at: 2019-07-23

CN=mx.gmx.net,L=Montabaur,ST=Rheinland-Pfalz,O=1&1 Mail & Media GmbH,C=DE

Certificate chain

mx.gmx.net
- 2021-07-13 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Country (C)

Organization (O)

1&1 Mail & Media GmbH

State (ST)

Rheinland-Pfalz

Locality (L)

Montabaur

Common Name (CN)

mx.gmx.net

Alternative Names

mx.gmx.net
mx00.gmx.net
mx01.gmx.net
mx00.emig.gmx.net
mx01.emig.gmx.net
dhmx01.emig.gmx.net
dhmx02.emig.gmx.net

Issuer

Country (C)

Organization (O)

T-Systems International GmbH

Organizational Unit (OU)

T-Systems Trust Center

State (ST)

Nordrhein Westfalen

Postal code

57250

Locality (L)

Netphen

Street

Untere Industriestr. 20

Common Name (CN)

TeleSec ServerPass Class 2 CA

validity period

Not valid before: 2019-07-08
Not valid after: 2021-07-13

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Client Authentication
TLS Web Server Authentication

Fingerprints

SHA256: 20:0D:00:E1:FF:AE:E6:89:C5:53:9B:7F:CB:B8:D0:C2:BE:7A:90:47:D9:C0:FB:58:5F:B5:87:FA:07:32:AA:15
SHA1: EB:A3:E1:6B:16:5E:61:36:78:DC:0B:A1:12:78:76:FA:65:F1:D4:91

X509v3 extensions

authorityKeyIdentifier

keyid:94:C8:74:46:F5:3A:B4:46:48:26:F8:2B:CA:34:1E:56:26:04:12:00

subjectKeyIdentifier

FA:0D:A9:12:EE:DC:F8:53:B8:54:EB:7E:6E:00:D3:F7:65:2A:49:AB

certificatePolicies

Policy: 1.3.6.1.4.1.7879.13.23.1
CPS: http://www.telesec.de/serverpass/cps.html
Policy: 2.23.140.1.2.2

crlDistributionPoints

Full Name:
URI:http://crl.serverpass.telesec.de/rl/ServerPass_Class_2.crl

authorityInfoAccess

OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_Class_2_CA.cer

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Jul 8 07:03:03.566 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:7D:4A:65:C1:03:32:37:F7:1A:CA:9D:89:
11:79:37:81:A6:25:03:E6:49:D9:F9:10:A8:E4:A9:2D:
8E:60:9B:37:02:20:54:2C:F7:F4:0A:39:60:15:F9:CB:
71:FE:A2:BC:AB:D1:3C:C6:A8:E6:44:0A:73:0F:43:C7:
E5:35:9E:CE:52:CC
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
Timestamp : Jul 8 07:03:03.860 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:76:08:19:34:87:66:3E:84:AF:FF:1E:2A:
C7:6C:E2:7F:67:59:B6:1B:93:77:75:D2:39:6D:06:3F:
B0:47:6A:DC:02:21:00:83:12:9D:04:6B:CE:6A:68:C6:
EE:94:60:43:B0:A9:4D:1E:9A:43:3A:97:93:CD:E6:AD:
E5:DD:94:BC:D9:BB:2F
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
Timestamp : Jul 8 07:03:03.518 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:53:E7:97:F4:27:99:CA:AF:B1:73:50:25:
F2:F0:D5:BD:FD:FD:0B:35:43:05:E5:55:01:13:46:C1:
71:A0:77:A2:02:21:00:D2:1A:CC:86:5C:81:AA:54:D9:
F2:3A:6E:E6:B2:61:E9:17:33:4D:F8:80:47:D9:08:28:
4D:7E:C6:3A:E3:58:A9
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
Timestamp : Jul 8 07:03:03.511 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BE:E9:E2:66:43:C3:79:D6:F9:B8:9C:
D4:DC:47:86:5E:FB:87:F1:95:06:ED:D9:8D:93:16:85:
56:17:87:AA:75:02:20:77:CC:02:2F:62:D0:93:D6:EA:
C0:9F:8C:6F:16:88:3F:2C:41:4A:27:E5:18:C0:CF:F1:
91:5A:18:4B:19:BE:FD
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Jul 8 07:03:03.515 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:90:85:0F:B5:E1:F4:FB:E8:09:7A:96:
3F:BB:EE:E8:CD:68:5F:16:42:A8:C8:E2:92:FB:4C:2F:
74:DA:1D:08:9F:02:21:00:A3:3D:AA:7E:B2:36:10:91:
08:B5:9A:EC:40:E9:D9:38:B4:E4:5D:73:C8:7B:53:C0:
05:A4:FF:E9:6F:30:FC:36

SSL check results of gmx.de