Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 6 results

SSL 2 0 0%
SSL 3 0 0%
TLS 1.0 2 33.3%
TLS 1.1 2 33.3%
TLS 1.2 6 100%

Grades 6 results

A 6 100%
B 0 0%
C 0 0%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 6 100%

StartTLS

Type Client to server Server to server
Required 2 100% 4 100%
Allowed 0 0% 0 0%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 4 57.1%
Invalid 0% 3 42.9%

SASL mechanisms 2 results


Warning: Invalid argument supplied for foreach() in /var/www/html/reports.php on line 486
Mechanism # times offered before TLS # times offered after TLS
PLAIN 0 0% 2 100%
SCRAM-SHA-1 0 0% 2 100%
SCRAM-SHA-1-PLUS 0 0% 2 100%
X-OAUTH2 0 0% 1 50%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 2
outlaws.im E8:C9:8C:9D:5B:6E:9A:17:FA:84:83:3F:2A:D4:72:F7:20:93:7B:4D 1
ZeroSSL RSA Domain Secure Site CA C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 0 results

Target Type When

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 0 results

Target Type When

Servers sharing private keys 0 results

Target SHA256(SPKI)