Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 30 results

SSL 2	0 0%
SSL 3	0 0%
TLS 1.0	21 70%
TLS 1.1	23 76.7%
TLS 1.2	30 100%

Grades 30 results

A	28 93.3%
B	2 6.7%
C	0 0%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	18 64.3%
4096	10 35.7%

StartTLS

Type	Client to server	Server to server
Required	21 87.5%	5 83.3%
Allowed	3 12.5%	1 16.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	0%	31 86.1%
Invalid	0%	5 13.9%

SASL mechanisms 24 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	3 12.5%	23 95.8%
SCRAM-SHA-1	3 12.5%	21 87.5%
X-OAUTH2	3 12.5%	11 45.8%
SCRAM-SHA-1-PLUS	0 0%	8 33.3%
DIGEST-MD5	3 12.5%	5 20.8%
LOGIN	0 0%	1 4.2%
CRAM-MD5	0 0%	1 4.2%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	22
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	1
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	1
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 7 results

Target	Type	When
4ept.net	client to server	2019-06-25T18:02:09+00:00
draugr.de	client to server	2019-06-25T10:47:03+00:00
jabber.de	client to server	2019-06-25T21:05:30+00:00
404.city	client to server	2019-06-25T12:55:40+00:00
tuxone.ch	client to server	2019-06-25T17:23:14+00:00
wiuwiu.de	server to server	2019-06-25T22:00:16+00:00
wiuwiu.de	client to server	2019-06-25T21:52:06+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 0 results

Target	SHA256(SPKI)