Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 294 results

SSL 2 0 0%
SSL 3 1 0.3%
TLS 1.0 100 34%
TLS 1.1 102 34.7%
TLS 1.2 293 99.7%

Grades 294 results

A 275 93.5%
B 18 6.1%
C 2 0.7%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 182 68.2%
3072 6 2.2%
4096 79 29.6%

StartTLS

Type Client to server Server to server
Required 184 86.8% 68 82.9%
Allowed 28 13.2% 14 17.1%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 96 30.4% 212 67.1%
Invalid 1 0.3% 7 2.2%

SASL mechanisms 212 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 28 13.2% 209 98.6%
SCRAM-SHA-1 27 12.7% 179 84.4%
SCRAM-SHA-1-PLUS 0 0% 135 63.7%
X-OAUTH2 7 3.3% 49 23.1%
DIGEST-MD5 14 6.6% 28 13.2%
SCRAM-SHA-512-PLUS 0 0% 17 8%
SCRAM-SHA-512 2 0.9% 17 8%
SCRAM-SHA-256 3 1.4% 16 7.5%
SCRAM-SHA-256-PLUS 0 0% 16 7.5%
CRAM-MD5 9 4.2% 10 4.7%
JIVE-SHAREDSECRET 5 2.4% 5 2.4%
ANONYMOUS 3 1.4% 4 1.9%
EXTERNAL 0 0% 2 0.9%
SCRAM-SHA-384 0 0% 1 0.5%
SCRAM-SHA-384-PLUS 0 0% 1 0.5%
PADE 1 0.5% 1 0.5%
LOGIN 0 0% 1 0.5%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 188
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 10
ZeroSSL RSA Domain Secure Site CA C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 4
Encryption Everywhere DV TLS CA - G1 59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3 2
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 2
ZeroSSL ECC Domain Secure Site CA 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 2
Conversations CA F9:87:0B:66:B3:81:01:6F:E3:F3:F2:C4:B2:9E:3D:64:54:FA:E5:E8 2
E1 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 2
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 2
outlaws.su A4:08:5A:5F:8D:29:5B:B2:FD:7E:3D:1C:12:D5:FC:D1:1D:46:AD:45 1
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 1
pokedex.glucas.frr F4:C5:D8:99:BA:CE:33:86:CC:13:9B:35:C7:88:E4:72:84:7C:AD:BE 1
mail.silkemeyer.net 18:89:BC:C0:81:EC:E2:3B:A5:76:E9:81:88:24:73:AC:53:B0:F6:79 1
dc.csit.local 87:5A:F0:40:0E:ED:AF:F7:9D:28:F8:C0:5F:28:98:E3:7A:A2:55:24 1
outlaws.im E8:C9:8C:9D:5B:6E:9A:17:FA:84:83:3F:2A:D4:72:F7:20:93:7B:4D 1
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 1
jabbercentra.com E5:54:DE:04:D2:13:E8:F9:90:1E:C0:5E:05:E9:55:B3:D7:BD:FA:B3 1
ip-172-31-2-29 02:D8:92:EF:60:4F:18:2C:2A:43:9C:BA:8D:B3:D6:20:1E:E0:79:D8 1
xmpp.die-schlegels.net 56:04:66:F8:8D:B2:5D:F6:5D:5B:F8:84:6F:9C:B9:D3:0B:EE:F6:A2 1
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
AlphaSSL CA - SHA256 - G2 80:90:7F:45:C6:DF:45:8A:57:25:1E:17:5E:D7:E3:6E:96:1B:1B:95 1
10.10.20.105 6F:4B:40:6A:F6:3F:BC:0B:F6:62:C9:6E:DC:1B:26:6B:9E:C7:BD:28 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 101 results

Target Type When
076.moe client to server
07f.de client to server
1337.lgbt client to server
404.city client to server
5222.de client to server
aaoth.xyz client to server
aaoth.xyz server to server
acscott.dev client to server
acscott.dev server to server
autistici.org client to server
bosio.dev client to server
bosio.dev server to server
chat.jagtalon.com client to server
cipher.host client to server
convergent.cc client to server
convergent.cc server to server
critiq.one client to server
critiq.one server to server
danwin1210.de client to server
danwin1210.me client to server
dismail.de client to server
disroot.org client to server
disroot.org server to server
eatthebugs.cc client to server
eatthebugs.cc server to server
glucas.fr client to server
helvetica.fm client to server
hookipa.net client to server
huskyno.se client to server
insiberia.net client to server
jabb3r.org client to server
jabber.briehl.de client to server
jabber.briehl.de server to server
jabber.calyxinstitute.org client to server
jabber.de client to server
jabber.fr client to server
jabber.hot-chilli.net client to server
jabber.n3u14nd.de client to server
jabber.ovh client to server
jabber.ovh server to server
jabberplus.net client to server
jabber.systemli.org client to server
jabber.sytes24.pl client to server
jmqc.nl client to server
jmqc.nl server to server
lain.sh client to server
lain.sh server to server
lightwitch.org client to server
lucascloud.pl client to server
mailum.org client to server
masgalor.de client to server
mat-hill.xyz client to server
mdosch.de client to server
mnhn.lu server to server
monocles.eu client to server
mtxf.net server to server
mytum.de server to server
nazileaks.eu client to server
ngportal.com client to server
ngportal.com server to server
nixnet.services client to server
nixnet.services server to server
omaera.org client to server
paranoid.network client to server
paratus.club client to server
parloteo.es client to server
parloteo.es server to server
pfefferle.online client to server
pfefferle.online server to server
pimux.de client to server
postadigitale.org client to server
quickbloom.in client to server
quickbloom.in server to server
ramsheat.com client to server
ramsheat.com server to server
s1.eu.prod.push.monal-im.org server to server
skynetcloud.site client to server
skynetcloud.site server to server
slipfox.xyz client to server
snikket.de server to server
snopyta.org server to server
somlen.de server to server
suchat.org client to server
suchat.org server to server
trashserver.net client to server
uuuvn.space client to server
uuuvn.space server to server
vanderwarker.family client to server
wiuwiu.de client to server
wyderki.ovh client to server
xm.nidzica.net client to server
xmpp-hosting.de client to server
xmpp.is client to server
xmpp.is server to server
xmpp.life client to server
xmpp.mailpush.one client to server
xmpp.mailpush.one server to server
xmpp.social client to server
xmpp.social server to server
zecircle.xyz client to server
zp1.net client to server

Servers with DNSSEC signed DANE records 27 results

Target Type When
5222.de client to server
danwin1210.de client to server
dismail.de client to server
hookipa.net client to server
jabb3r.org client to server
jabber.briehl.de client to server
jabber.briehl.de server to server
jabber.calyxinstitute.org client to server
jabber.hot-chilli.net client to server
jabber.systemli.org client to server
jabber.sytes24.pl client to server
jmqc.nl client to server
jmqc.nl server to server
masgalor.de client to server
mdosch.de client to server
monocles.eu client to server
ngportal.com server to server
skynetcloud.site client to server
skynetcloud.site server to server
suchat.org client to server
suchat.org server to server
wiuwiu.de client to server
xmpp-hosting.de client to server
xmpp.social client to server
xmpp.social server to server
yax.im client to server
zp1.net client to server

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 1 results

Target Type When
goodlife.to client to server

Servers sharing private keys 14 results

Target SHA256(SPKI)
im.anidb.info c2s 19:DA:F1:7B:93:F8:BD:FE:BD:62:36:9C:31:E5:22:3B:00:9E:57:C0:4F:76:0E:B1:80:25:08:CA:8B:E0:6E:81
im.anidb.net c2s 19:DA:F1:7B:93:F8:BD:FE:BD:62:36:9C:31:E5:22:3B:00:9E:57:C0:4F:76:0E:B1:80:25:08:CA:8B:E0:6E:81
draugr.de c2s 25:92:08:14:89:00:CD:CD:18:CA:09:1E:41:CA:AB:AD:5C:2E:0C:97:C4:A3:2F:84:9D:48:BF:67:4A:B2:28:03
xabber.de c2s 25:92:08:14:89:00:CD:CD:18:CA:09:1E:41:CA:AB:AD:5C:2E:0C:97:C4:A3:2F:84:9D:48:BF:67:4A:B2:28:03
quollwriter.com c2s 6E:18:2A:B1:33:60:64:F5:60:A3:BF:91:68:B0:E7:4B:16:67:A3:0F:C1:99:AA:33:EB:68:43:23:D5:EF:E5:D6
www.quollwriter.com c2s 6E:18:2A:B1:33:60:64:F5:60:A3:BF:91:68:B0:E7:4B:16:67:A3:0F:C1:99:AA:33:EB:68:43:23:D5:EF:E5:D6
01337.io c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
0day.im c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
darknet.im c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
hell.la c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
shad0w.la c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
toad.im c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
52.8.214.106 c2s E0:7E:57:A3:7A:8F:5F:64:E5:54:2E:FD:A4:99:D2:AD:87:25:CD:BE:EA:D6:01:D0:AA:C9:07:27:B9:AA:37:50
xpalapp.com c2s E0:7E:57:A3:7A:8F:5F:64:E5:54:2E:FD:A4:99:D2:AD:87:25:CD:BE:EA:D6:01:D0:AA:C9:07:27:B9:AA:37:50