Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 20 results

SSL 2	1 5%
SSL 3	1 5%
TLS 1.0	9 45%
TLS 1.1	8 40%
TLS 1.2	19 95%

Grades 20 results

A	19 95%
B	0 0%
C	0 0%
D	0 0%
E	0 0%
F	1 5%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	12 60%
4096	8 40%

StartTLS

Type	Client to server	Server to server
Required	12 85.7%	5 83.3%
Allowed	2 14.3%	1 16.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	0%	20 95.2%
Invalid	0%	1 4.8%

SASL mechanisms 14 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	1 7.1%	14 100%
SCRAM-SHA-1	0 0%	11 78.6%
SCRAM-SHA-1-PLUS	0 0%	9 64.3%
DIGEST-MD5	1 7.1%	2 14.3%
SCRAM-SHA-512-PLUS	0 0%	1 7.1%
X-OAUTH2	0 0%	1 7.1%
SCRAM-SHA-256	0 0%	1 7.1%
SCRAM-SHA-256-PLUS	0 0%	1 7.1%
SCRAM-SHA-512	0 0%	1 7.1%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 1 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When
s.ms	client to server	2021-07-24T00:19:42+00:00

CAs used Top 30

Name/Organization	SHA1	Count
R3	A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05	12
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	1
Thawte RSA CA 2018	4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7	1
R3	48:50:4E:97:4C:0D:AC:5B:5C:D4:76:C8:20:22:74:B2:4C:8C:71:72	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 7 results

Target	Type	When
404.city	client to server	2021-07-23T07:19:39+00:00
404.city	server to server	2021-07-23T07:20:08+00:00
dismail.de	client to server	2021-07-23T17:48:40+00:00
dismail.de	server to server	2021-07-23T17:48:45+00:00
disroot.org	client to server	2021-07-23T15:47:11+00:00
disroot.org	server to server	2021-07-23T16:37:19+00:00
jabber.absturztau.be	server to server	2021-07-23T10:51:43+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 0 results

Target	SHA256(SPKI)