Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 31 results

SSL 2	0 0%
SSL 3	0 0%
TLS 1.0	11 35.5%
TLS 1.1	12 38.7%
TLS 1.2	29 93.5%

Grades 31 results

A	27 87.1%
B	2 6.5%
C	2 6.5%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	24 82.8%
4096	5 17.2%

StartTLS

Type	Client to server	Server to server
Required	19 86.4%	7 77.8%
Allowed	3 13.6%	2 22.2%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	0%	8 25%
Invalid	0%	24 75%

SASL mechanisms 22 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	4 18.2%	22 100%
SCRAM-SHA-1	4 18.2%	18 81.8%
SCRAM-SHA-1-PLUS	0 0%	8 36.4%
X-OAUTH2	2 9.1%	8 36.4%
DIGEST-MD5	3 13.6%	4 18.2%
EXTERNAL	0 0%	1 4.5%
CRAM-MD5	1 4.5%	1 4.5%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
R3	A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05	20
ZeroSSL ECC Domain Secure Site CA	7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78	1
E1	09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3	1
d2w.io	95:BE:5E:F9:58:A9:70:CC:63:C4:0A:D1:AB:7A:8B:27:78:48:15:56	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 11 results

Target	Type	When
404.city	client to server	2021-10-27T13:35:01+00:00
404.city	server to server	2021-10-27T13:30:57+00:00
danwin1210.me	client to server	2021-10-27T12:12:58+00:00
danwin1210.me	server to server	2021-10-27T12:14:04+00:00
jabber.5july.net	client to server	2021-10-27T21:10:39+00:00
jabber.systemli.org	client to server	2021-10-27T16:41:03+00:00
sec7.eu	client to server	2021-10-27T11:36:14+00:00
sec7.eu	server to server	2021-10-27T11:23:40+00:00
valek.net	client to server	2021-10-27T20:34:55+00:00
valek.net	server to server	2021-10-28T00:55:44+00:00
xmpp.co	server to server	2021-10-27T18:01:15+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 3 results

Target	SHA256(SPKI)
libus.pro c2s	12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6
valek.net c2s	12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6
valek.net s2s	12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6