Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 23 results

SSL 2	1 4.3%
SSL 3	2 8.7%
TLS 1.0	17 73.9%
TLS 1.1	17 73.9%
TLS 1.2	22 95.7%

Grades 23 results

A	16 69.6%
B	5 21.7%
C	1 4.3%
D	0 0%
E	0 0%
F	1 4.3%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	12 54.5%
4096	10 45.5%

StartTLS

Type	Client to server	Server to server
Required	11 64.7%	5 83.3%
Allowed	6 35.3%	1 16.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	18 69.2%	6 23.1%
Invalid	1 3.8%	1 3.8%

SASL mechanisms 17 results

Mechanism	# times offered before TLS	# times offered after TLS
SCRAM-SHA-1	7 41.2%	15 88.2%
PLAIN	7 41.2%	15 88.2%
DIGEST-MD5	6 35.3%	8 47.1%
X-OAUTH2	3 17.6%	6 35.3%
SCRAM-SHA-1-PLUS	0 0%	5 29.4%
CRAM-MD5	2 11.8%	2 11.8%
SCRAM-SHA-512-PLUS	0 0%	1 5.9%
X-ODKL-API	1 5.9%	1 5.9%
ANONYMOUS	1 5.9%	1 5.9%
X-ODKL-API-SESSION-KEY	1 5.9%	1 5.9%
SCRAM-SHA-256	0 0%	1 5.9%
SCRAM-SHA-256-PLUS	0 0%	1 5.9%
SCRAM-SHA-384	0 0%	1 5.9%
SCRAM-SHA-384-PLUS	0 0%	1 5.9%
SCRAM-SHA-512	0 0%	1 5.9%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 1 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When
xmpp.odnoklassniki.ru	client to server	2019-04-23T12:10:44+00:00

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	11
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	3
AlphaSSL CA - SHA256 - G2	4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC	2
Symantec Class 3 Secure Server CA - G4	FF:67:36:7C:5C:D4:DE:4A:E1:8B:CC:E1:D7:0F:DA:BD:7C:86:61:35	1
Gandi Standard SSL CA 2	24:71:06:A4:05:B2:88:A4:6E:70:A0:26:27:17:16:2D:09:03:E7:34	1
192.168.43.2	D9:E5:8A:77:56:24:13:6C:87:14:40:E8:11:40:41:0B:1B:27:63:7C	1
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 6 results

Target	Type	When
jabber.sytes24.pl	server to server	2019-04-23T17:00:14+00:00
lightwitch.org	client to server	2019-04-22T18:52:57+00:00
jabber.sytes24.pl	client to server	2019-04-23T09:19:50+00:00
404.city	client to server	2019-04-22T19:48:15+00:00
xmpp.is	client to server	2019-04-23T09:11:27+00:00
rain-games.com	client to server	2019-04-23T15:29:12+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 0 results

Target	SHA256(SPKI)