Various reports of all servers tested
Report for december 2013 |
Results of the last day |
Results of the last week |
Results of the last month
TLS versions 6 results
| SSL 2 |
0 0% |
| SSL 3 |
0 0% |
| TLS 1.0 |
2 33.3% |
| TLS 1.1 |
2 33.3% |
| TLS 1.2 |
6 100% |
Grades 6 results
| A |
6 100% |
| B |
0 0% |
| C |
0 0% |
| D |
0 0% |
| E |
0 0% |
| F |
0 0% |
Does not penalize untrusted certificates.
RSA key sizes for domain certificates
| RSA key size |
Count |
| 2048 |
6 100% |
StartTLS
| Type |
Client to server |
Server to server |
| Required |
2 100% |
4 100% |
| Allowed |
0 0% |
0 0% |
Trust
To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.
|
Trusted |
Untrusted |
| Valid |
0% |
4 57.1% |
| Invalid |
0% |
3 42.9% |
SASL mechanisms 2 results
Warning: Invalid argument supplied for foreach() in
/var/www/html/reports.php on line
486
| Mechanism |
# times offered before TLS |
# times offered after TLS |
| PLAIN |
0 0% |
2 100% |
| SCRAM-SHA-1 |
0 0% |
2 100% |
| SCRAM-SHA-1-PLUS |
0 0% |
2 100% |
| X-OAUTH2 |
0 0% |
1 50% |
Servers supporting SSL 3, but not TLS 1.0 0 results
SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.
Servers supporting SSL 2 0 results
SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.
CAs used Top 30
| Name/Organization |
SHA1 |
Count |
| R3 |
A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 |
2 |
| outlaws.im |
E8:C9:8C:9D:5B:6E:9A:17:FA:84:83:3F:2A:D4:72:F7:20:93:7B:4D |
1 |
| ZeroSSL RSA Domain Secure Site CA |
C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 |
1 |
Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results
As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.
Servers with DNSSEC signed SRV records 0 results
Servers with DNSSEC signed DANE records 0 results
Servers with a hidden service 0 results
Servers not offering encryption 0 results
Servers sharing private keys 0 results