SSL check results of gmx.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 19 Sep 2024 16:44:54 +0000

No connection to the mailservers of gmx.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx00.emig.gmx.net
212.227.15.9
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx01.emig.gmx.net
212.227.17.5
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mo4-p05-ob.smtp.rzone.de (81.169.146.183)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-xforward.gmx.net (82.165.159.40)
TLSv1.3 TLS_AES_256_GCM_SHA384
o134.p8.mailjet.com (87.253.233.134)
TLSv1.3 TLS_AES_128_GCM_SHA256
mout.gmx.net (212.227.17.20)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.21)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.22)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.19)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.18)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.15)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx.gmx.net,O=1&1 Mail & Media GmbH,L=Montabaur,ST=Rheinland-Pfalz,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Organization (O)
  • 1&1 Mail & Media GmbH
Common Name (CN)
  • mx.gmx.net
Alternative Names
  • mx.gmx.net
  • mx00.gmx.net
  • mx01.gmx.net
  • mx00.emig.gmx.net
  • mx01.emig.gmx.net
  • dhmx01.emig.gmx.net
  • dhmx02.emig.gmx.net
Issuer
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom Security GmbH
Common Name (CN)
  • Telekom Security ServerID OV Class 2 CA
validity period
Not valid before
2024-03-13
Not valid after
2025-03-17
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
E5:44:A9:71:19:78:F2:D4:2D:37:57:4F:E2:31:53:D9:E7:CE:7A:12:89:9B:6D:2D:02:57:DA:52:7F:81:A0:B6
SHA1
55:4E:5B:9D:8E:C1:A1:ED:4B:3F:77:19:07:22:C9:2B:1A:89:D7:C8
X509v3 extensions
authorityKeyIdentifier
  • keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF
subjectKeyIdentifier
  • 21:C0:E5:A4:66:30:EB:2A:01:F0:15:93:5B:A8:88:C4:9A:A7:13:92
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://docs.serverid.telesec.de/cps/serverid.htm
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
  • CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
  • 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
  • Timestamp : Mar 13 08:02:20.025 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:2D:93:70:FF:EA:33:96:00:17:4A:4C:14:
  • 15:74:7F:E7:EA:89:D1:3A:5C:8A:41:42:6D:EC:4A:AC:
  • 31:01:34:04:02:21:00:8A:DA:8A:CD:09:6C:32:A6:5A:
  • BB:A8:32:C7:C9:75:F0:D6:9E:47:75:32:8F:49:AB:49:
  • 88:47:D9:FC:F4:4E:F1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 28:E2:81:38:FD:83:21:45:E9:A9:D6:AA:75:37:6D:83:
  • 77:A8:85:12:B3:C0:7F:72:41:48:21:DC:BD:E9:8C:66
  • Timestamp : Mar 13 08:02:21.167 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:A6:7D:4D:FC:AE:B6:21:78:D5:BC:BA:
  • 92:E1:FF:E7:56:21:E0:6A:35:61:09:2C:87:20:A3:D8:
  • AA:A2:3C:64:0D:02:20:04:A5:3E:44:20:51:C7:AB:C0:
  • 8C:FC:48:51:35:98:59:94:65:E7:07:1D:5A:1A:72:91:
  • B5:6A:0E:86:39:65:23
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
  • 1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
  • Timestamp : Mar 13 08:02:19.928 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:D6:AF:F9:13:F5:4B:B9:AA:9D:DA:39:
  • E3:D4:D4:C6:5B:0F:0C:8A:53:DA:DD:5D:5C:34:76:02:
  • 29:35:FF:48:DF:02:20:7D:F6:93:7B:6D:D1:27:CC:7F:
  • DD:55:0A:9F:9A:86:48:94:0C:C4:A0:C8:D1:6B:A5:70:
  • F1:C0:E8:AB:5B:99:AD
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
  • 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
  • Timestamp : Mar 13 08:02:19.974 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:BC:43:CB:F9:B0:00:04:46:0F:EC:1A:
  • E3:20:86:B6:38:C3:2D:21:9D:8F:4C:46:AC:1F:8D:DE:
  • EE:74:BD:A6:4C:02:21:00:CD:A8:C1:1B:00:3D:2B:F3:
  • 10:35:0A:C4:CD:79:52:59:98:0F:6D:8E:76:3A:81:A3:
  • AC:AE:16:0B:5A:BA:7B:EB

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid