Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 558 results

SSL 2 3 0.5%
SSL 3 8 1.4%
TLS 1.0 363 65.1%
TLS 1.1 393 70.4%
TLS 1.2 550 98.6%

Grades 558 results

A 466 83.5%
B 78 14%
C 11 2%
D 0 0%
E 0 0%
F 3 0.5%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 2 0.4%
2048 332 60%
3072 3 0.5%
4096 214 38.7%
8192 2 0.4%

StartTLS

Type Client to server Server to server
Required 294 80.3% 129 67.2%
Allowed 72 19.7% 63 32.8%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 511 84.7% 47 7.8%
Invalid 11 1.8% 34 5.6%

SASL mechanisms 366 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 80 21.9% 358 97.8%
SCRAM-SHA-1 72 19.7% 290 79.2%
X-OAUTH2 21 5.7% 119 32.5%
SCRAM-SHA-1-PLUS 0 0% 104 28.4%
DIGEST-MD5 49 13.4% 95 26%
CRAM-MD5 26 7.1% 27 7.4%
EXTERNAL 5 1.4% 10 2.7%
ANONYMOUS 6 1.6% 7 1.9%
OFMEET 4 1.1% 4 1.1%
JIVE-SHAREDSECRET 3 0.8% 3 0.8%
X-OAUTH 1 0.3% 2 0.5%
X-GOOGLE-TOKEN 2 0.5% 2 0.5%
X-ODKL-API-SESSION-KEY 1 0.3% 1 0.3%
GSSAPI 1 0.3% 1 0.3%
LOGIN 0 0% 1 0.3%
SCRAM-SHA-256 0 0% 1 0.3%
SCRAM-SHA-256-PLUS 0 0% 1 0.3%
SCRAM-SHA-384 0 0% 1 0.3%
SCRAM-SHA-384-PLUS 0 0% 1 0.3%
SCRAM-SHA-512 0 0% 1 0.3%
SCRAM-SHA-512-PLUS 0 0% 1 0.3%
TIKITOKEN 1 0.3% 1 0.3%
X-ODKL-API 1 0.3% 1 0.3%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 3 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When
defensys.ru client to server
odnoklassniki.ru client to server
silper.cz client to server

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 307
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 17
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 11
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 7
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 5
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 3
DigiCert SHA2 Secure Server CA 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4 3
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 2
Google Internet Authority G3 EE:AC:BD:0C:B4:52:81:95:77:91:1E:1E:62:03:DB:26:2F:84:A3:18 2
TERENA SSL CA 3 77:B9:9B:B2:BD:75:22:E1:7E:C0:99:EA:71:77:51:6F:27:78:7C:AD 2
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 2
havana.pw C4:D3:20:BF:EA:37:6F:EF:33:6A:64:D2:59:EA:7C:47:6C:12:DA:BC 1
ejabberd 83:25:BC:DF:EA:A5:44:51:09:EB:A3:37:A9:81:D8:93:5F:D4:EA:39 1
ejabberd CB:9F:57:B6:A8:D9:03:F9:5B:56:1A:D5:AD:BC:0C:44:A6:07:14:7C 1
ejabberd EA:87:07:FF:A3:23:0F:DE:E8:29:E5:F7:0F:7D:30:05:99:10:12:F3 1
GlobalSign Organization Validation CA - SHA256 - G2 90:2E:F2:DE:EB:3C:5B:13:EA:4C:3D:51:93:62:93:09:E2:31:AE:55 1
ejabberd 3D:72:04:19:E3:26:D3:F3:17:9F:15:E5:C6:D1:F6:58:13:AB:97:62 1
CA Cert Signing Authority 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 1
Gandi Standard SSL CA 2 24:71:06:A4:05:B2:88:A4:6E:70:A0:26:27:17:16:2D:09:03:E7:34 1
ejabberd 01:34:EC:54:16:6E:59:94:B3:4C:5C:1F:2B:30:37:86:F9:A0:F9:55 1
Fachhochschule Aachen CA - G01 1E:40:27:3D:8B:B9:58:38:5F:3B:70:1F:F0:70:EE:23:0A:79:65:97 1
GeoTrust EV RSA CA 2018 A3:99:04:64:17:B6:7E:32:0D:3E:FA:69:D7:DC:E6:B8:BF:E8:A9:F2 1
Encryption Everywhere DV TLS CA - G1 59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3 1
dzeng.name 3E:2F:6E:ED:86:5D:1D:4E:BF:24:DC:67:6E:10:CE:C4:D8:AA:07:30 1
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 1
clusters.criccommentary.com CC:A1:10:F0:1F:3F:8F:F0:4C:13:A2:3B:4C:32:5D:9A:97:E7:B3:49 1
ejabberd D3:15:3D:8E:44:48:3C:E5:71:91:17:35:1C:6B:08:1A:C3:20:9C:3F 1
hplatammsg E6:84:DE:51:D8:17:34:AA:64:49:B9:AE:5B:D7:DE:90:09:33:28:3D 1
im.luxmed.pl 8C:16:50:C6:BE:14:BC:B4:71:48:09:CA:30:42:FC:2E:59:99:36:50 1
ejabberd 55:29:08:99:C7:21:F3:BD:F1:EA:04:6A:C4:A7:F6:77:F5:C9:B0:57 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 3 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer
muc.tigase.org server to server *.muc.tigase.org
muc.tigase.org server to server muc.tigase.org
pandion.im client to server *.pandion.im

Servers with DNSSEC signed SRV records 140 results

Target Type When
404.city client to server
a3.pm client to server
alpha-labs.net client to server
cryptolab.net client to server
elaon.de client to server
fossgalaxy.com server to server
fysh.in client to server
hm.ctl.email server to server
jabb3r.org client to server
jabber.belnet.be server to server
jabber.calyxinstitute.org client to server
jabber.chaostreffbern.ch client to server
jabber.cheetah85.ovh client to server
lacantine.xyz client to server
novaim.com server to server
riseup.net client to server
strobeto.de server to server
xmpp.is client to server
xmpp.taiga-san.net server to server
yzal.io server to server
blesmrt.net server to server
dark-alexandr.net server to server
elaon.de server to server
elcentral.de client to server
gedalya.net client to server
jabb3r.de client to server
jabber.de client to server
jabber.hot-chilli.eu client to server
jalogisch.de client to server
k8n.de server to server
shug.ch client to server
snopyta.org server to server
suchat.org server to server
trashserver.net client to server
trashserver.net server to server
tuxone.ch client to server
volatile.bz client to server
xmpp.lt client to server
xmpp.lt server to server
xmpp.mynet.fr server to server
addrea.fr client to server
core.mx client to server
dark-alexandr.net client to server
fritze.org client to server
gajim.org client to server
irc.srcf.net server to server
jabber.o-g.at client to server
jalogisch.de server to server
jid.pl client to server
novaim.com client to server
ocf.berkeley.edu server to server
silper.cz client to server
simplewire.de server to server
tbk112.com client to server
thesecure.biz client to server
volatile.bz server to server
conference.ipfire.org client to server
cypherpunk.observer client to server
jabber.at client to server
jabber.calyxinstitute.org server to server
jabber.cat server to server
jabber.de server to server
jabber.ordinatis.de client to server
jabberpl.org client to server
jabber.tcpreset.net client to server
jabber.tcpreset.net server to server
magicbroccoli.de server to server
momi.ca server to server
sharezen.de client to server
umweltschutz.team client to server
wernig.net client to server
xmpp.dk client to server
5222.de client to server
addrea.fr server to server
charl.eu client to server
dismail.de server to server
feichtmayr.com client to server
grey.pw client to server
icanhasserver.com server to server
jabber.o-g.at server to server
mherbst.de client to server
pimux.de client to server
rows.io server to server
serafean.cz server to server
sharezen.de server to server
simplewire.de client to server
strobeto.de client to server
sysman.cz client to server
tuxone.ch server to server
x0.chat client to server
xmpp.is server to server
404.city server to server
aco.net client to server
coderot.de client to server
cryptolab.net server to server
disroot.org client to server
draugr.de client to server
expx.systems client to server
expx.systems server to server
fossgalaxy.com client to server
knop.eu client to server
knop.eu server to server
lightwitch.org client to server
momi.ca client to server
netzgil.de server to server
petko.me server to server
xmpp.mynet.fr client to server
aco.net server to server
alternanet.fr client to server
barfoo.eu client to server
charl.eu server to server
dismail.de client to server
gedalya.net server to server
jabber.belnet.be client to server
jabber.cheetah85.ovh server to server
jabber.fr client to server
jabber.systemli.org client to server
mailbox.org client to server
maurice-walker.com client to server
maurice-walker.com server to server
omemo.ca client to server
petko.me client to server
serafean.cz client to server
atdot.eu client to server
feichtmayr.com server to server
hardfalcon.net server to server
im.cyberjinh.fr client to server
im.cyberjinh.fr server to server
jabber.cat client to server
jabber.hot-chilli.net client to server
jabber.systemli.org server to server
mailbox.org server to server
netzgil.de client to server
ocf.berkeley.edu client to server
pouet.ovh client to server
rooms.kitsune.one server to server
suchat.org client to server
umweltschutz.team server to server
wowana.me server to server
wyrddreams.org client to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 5 results

Target Type When
jabber.calyxinstitute.org client to server
jabber.calyxinstitute.org server to server
olympuszuekvbpt6.onion server to server
rcclub.im client to server
rcclub.im server to server

Servers not offering encryption 8 results

Target Type When
118.69.238.142 client to server
178.62.230.14 client to server
addrea.fr server to server
cisco.com server to server
idavang.online client to server
idavang.online server to server
memomaestro.com client to server
webex.com server to server

Servers sharing private keys 33 results

Target SHA256(SPKI)
alpha-labs.net c2s 16:85:86:88:CA:7C:B5:21:D5:F3:F0:79:C2:DC:2D:19:F8:FC:8D:56:8C:63:55:05:A2:89:28:D4:ED:28:70:D0
jabber.alpha-labs.net c2s 16:85:86:88:CA:7C:B5:21:D5:F3:F0:79:C2:DC:2D:19:F8:FC:8D:56:8C:63:55:05:A2:89:28:D4:ED:28:70:D0
chat.sturm.com.au c2s 1C:A3:CA:85:8A:23:35:4E:16:5F:FF:D8:3D:1F:F0:42:2B:DC:37:9D:6E:A4:35:39:E3:87:AD:C7:D1:1F:7C:4C
sturm.com.au c2s 1C:A3:CA:85:8A:23:35:4E:16:5F:FF:D8:3D:1F:F0:42:2B:DC:37:9D:6E:A4:35:39:E3:87:AD:C7:D1:1F:7C:4C
push.tigase.im s2s 57:88:30:BC:82:FB:AA:23:A2:4E:74:4B:C8:85:D8:42:22:93:82:4C:80:00:03:4E:FC:83:CD:C4:D8:76:67:7D
tigase.im c2s 57:88:30:BC:82:FB:AA:23:A2:4E:74:4B:C8:85:D8:42:22:93:82:4C:80:00:03:4E:FC:83:CD:C4:D8:76:67:7D
tigase.im s2s 57:88:30:BC:82:FB:AA:23:A2:4E:74:4B:C8:85:D8:42:22:93:82:4C:80:00:03:4E:FC:83:CD:C4:D8:76:67:7D
aldentesoftware.dk c2s 92:FF:E5:85:4D:FF:9F:7D:2C:91:F0:41:80:25:35:27:9B:37:FA:7E:83:A0:99:BA:A5:82:34:C9:E2:31:A0:18
bookaftale.dk c2s 92:FF:E5:85:4D:FF:9F:7D:2C:91:F0:41:80:25:35:27:9B:37:FA:7E:83:A0:99:BA:A5:82:34:C9:E2:31:A0:18
www.aldentesoftware.dk c2s 92:FF:E5:85:4D:FF:9F:7D:2C:91:F0:41:80:25:35:27:9B:37:FA:7E:83:A0:99:BA:A5:82:34:C9:E2:31:A0:18
dom0.net s2s A9:91:20:12:A0:33:9E:F5:66:6F:B8:7E:2F:B5:8F:D9:12:4D:5F:06:A1:AF:26:E1:77:0C:49:09:98:DD:3F:8C
irc.srcf.net s2s A9:91:20:12:A0:33:9E:F5:66:6F:B8:7E:2F:B5:8F:D9:12:4D:5F:06:A1:AF:26:E1:77:0C:49:09:98:DD:3F:8C
chat.paladyn.org c2s AD:84:03:AE:1A:DE:04:02:B8:72:A3:28:E6:16:F8:39:25:D6:E8:43:B6:84:BA:B2:7B:6F:30:83:88:42:28:53
oxford-phab.paladyn.org c2s AD:84:03:AE:1A:DE:04:02:B8:72:A3:28:E6:16:F8:39:25:D6:E8:43:B6:84:BA:B2:7B:6F:30:83:88:42:28:53
ec2-3-130-102-208.us-east-2.compute.amazonaws.com c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
expliot.in c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
expliot.in s2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
shangryla.net c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
shangryla.net s2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
40.121.52.68 c2s C6:96:50:63:6B:96:A5:69:18:2B:D3:C4:50:64:D4:B5:B8:13:CA:FB:78:7D:04:B5:A9:1F:08:67:9A:8D:1E:67
qa-connect-xmppcollab.bentley.com c2s C6:96:50:63:6B:96:A5:69:18:2B:D3:C4:50:64:D4:B5:B8:13:CA:FB:78:7D:04:B5:A9:1F:08:67:9A:8D:1E:67
420blaze.it c2s CD:88:F4:5A:D9:99:82:73:4C:E3:07:91:5A:08:6A:2E:0A:A0:57:95:83:F0:10:8A:1B:D2:79:76:2B:27:EE:0F
airmail.cc s2s CD:88:F4:5A:D9:99:82:73:4C:E3:07:91:5A:08:6A:2E:0A:A0:57:95:83:F0:10:8A:1B:D2:79:76:2B:27:EE:0F
cock.li c2s CD:88:F4:5A:D9:99:82:73:4C:E3:07:91:5A:08:6A:2E:0A:A0:57:95:83:F0:10:8A:1B:D2:79:76:2B:27:EE:0F
libreti.net c2s EE:A0:44:CD:D6:41:6C:5E:EA:47:71:11:26:C5:00:27:69:28:E9:29:5C:37:76:A1:FD:78:93:F2:F9:9A:31:56
libreti.net s2s EE:A0:44:CD:D6:41:6C:5E:EA:47:71:11:26:C5:00:27:69:28:E9:29:5C:37:76:A1:FD:78:93:F2:F9:9A:31:56
tioui.com c2s EE:A0:44:CD:D6:41:6C:5E:EA:47:71:11:26:C5:00:27:69:28:E9:29:5C:37:76:A1:FD:78:93:F2:F9:9A:31:56
tioui.com s2s EE:A0:44:CD:D6:41:6C:5E:EA:47:71:11:26:C5:00:27:69:28:E9:29:5C:37:76:A1:FD:78:93:F2:F9:9A:31:56
muc.volatile.bz s2s FD:1F:2B:A1:5C:44:93:EC:3A:68:5C:12:97:1E:A0:EC:19:B5:4A:B6:EB:38:1E:9E:97:DE:87:7D:BE:4C:9A:B5
volatile.bz c2s FD:1F:2B:A1:5C:44:93:EC:3A:68:5C:12:97:1E:A0:EC:19:B5:4A:B6:EB:38:1E:9E:97:DE:87:7D:BE:4C:9A:B5
volatile.bz s2s FD:1F:2B:A1:5C:44:93:EC:3A:68:5C:12:97:1E:A0:EC:19:B5:4A:B6:EB:38:1E:9E:97:DE:87:7D:BE:4C:9A:B5
almost.unreachable.ca c2s FD:B0:39:95:7A:E3:4D:12:9E:23:CC:FA:74:EB:CF:7E:05:67:5D:DC:08:CC:65:A3:A4:85:A2:92:4F:B4:F7:1E
unreachable.ca c2s FD:B0:39:95:7A:E3:4D:12:9E:23:CC:FA:74:EB:CF:7E:05:67:5D:DC:08:CC:65:A3:A4:85:A2:92:4F:B4:F7:1E