| SSL 2 | 0 0% |
| SSL 3 | 8 1.7% |
| TLS 1.0 | 276 57.3% |
| TLS 1.1 | 303 62.9% |
| TLS 1.2 | 479 99.4% |
| A | 413 85.7% |
|---|---|
| B | 60 12.4% |
| C | 9 1.9% |
| D | 0 0% |
| E | 0 0% |
| F | 0 0% |
| RSA key size | Count |
|---|---|
| 1024 | 1 0.2% |
| 2048 | 276 58.7% |
| 3072 | 5 1.1% |
| 4096 | 188 40% |
| Type | Client to server | Server to server |
|---|---|---|
| Required | 270 82.3% | 102 66.2% |
| Allowed | 58 17.7% | 52 33.8% |
To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.
| Trusted | Untrusted | |
|---|---|---|
| Valid | 452 84.6% | 55 10.3% |
| Invalid | 14 2.6% | 13 2.4% |
| Mechanism | # times offered before TLS | # times offered after TLS |
|---|---|---|
| PLAIN | 62 18.9% | 322 98.2% |
| SCRAM-SHA-1 | 59 18% | 273 83.2% |
| SCRAM-SHA-1-PLUS | 0 0% | 102 31.1% |
| X-OAUTH2 | 14 4.3% | 94 28.7% |
| DIGEST-MD5 | 36 11% | 74 22.6% |
| CRAM-MD5 | 24 7.3% | 25 7.6% |
| ANONYMOUS | 3 0.9% | 3 0.9% |
| EXTERNAL | 3 0.9% | 3 0.9% |
| JIVE-SHAREDSECRET | 3 0.9% | 3 0.9% |
| LOGIN | 0 0% | 3 0.9% |
| NTLM | 3 0.9% | 3 0.9% |
| OFMEET | 2 0.6% | 2 0.6% |
| PGPREG | 0 0% | 1 0.3% |
| PGPBACKIN | 0 0% | 1 0.3% |
| TIKITOKEN | 1 0.3% | 1 0.3% |
| WEBEX-TOKEN | 0 0% | 1 0.3% |
| X-GOOGLE-TOKEN | 1 0.3% | 1 0.3% |
| PGPSIGN | 0 0% | 1 0.3% |
| CISCO-VTG-TOKEN | 0 0% | 1 0.3% |
SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.
| Target | Type | When |
|---|
SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.
| Target | Type | When |
|---|
| Name/Organization | SHA1 | Count |
|---|---|---|
| Let's Encrypt Authority X3 | E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB | 289 |
| Sectigo RSA Domain Validation Secure Server CA | 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB | 9 |
| Let's Encrypt Authority X3 | 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 | 8 |
| COMODO RSA Domain Validation Secure Server CA | 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 | 5 |
| Tomsk Private SSL CA - 2013#00 | E2:E4:42:FB:70:3A:93:94:5E:F5:88:05:6E:08:36:E1:AD:1D:2D:98 | 2 |
| AlphaSSL CA - SHA256 - G2 | 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC | 2 |
| DFN-Verein Global Issuing CA | C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 | 2 |
| RapidSSL RSA CA 2018 | 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D | 2 |
| Go Daddy Secure Certificate Authority - G2 | 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 | 1 |
| SwissSign Server Gold CA 2014 - G22 | AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98 | 1 |
| GeoTrust RSA CA 2018 | 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B | 1 |
| wiuwiu.de | 69:9B:08:86:97:C0:D3:BB:8D:67:3D:06:CA:34:54:7A:8B:CB:CE:9C | 1 |
| GTS CA 1O1 | DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2 | 1 |
| Callcc Root Certificate Authority | AC:22:14:C2:6F:EF:30:84:4C:3B:0C:96:A8:AF:32:21:3D:E4:2A:19 | 1 |
| ejabberd | F4:9A:E9:EC:14:F4:72:D2:F6:32:39:6D:6A:3F:99:8D:88:C5:99:74 | 1 |
| jabber.nam.cz | E7:64:A3:A0:45:E2:93:E8:97:92:00:43:CA:76:21:0F:5D:69:E6:2C | 1 |
| vitortec.com | 36:77:4C:77:49:C2:F2:52:00:FE:ED:B5:27:65:14:6F:C5:04:52:CC | 1 |
| viperam1987.i234.me | FC:30:F6:89:B4:82:F1:5C:22:B3:D2:22:CB:B3:3F:D3:6D:5E:DD:BC | 1 |
| RapidSSL CA | C0:39:A3:26:9E:E4:B8:E8:2D:00:C5:3F:A7:97:B5:A1:9E:83:6F:47 | 1 |
| mservice.ru.com | 0C:F1:FE:F0:84:A3:DB:B9:6E:E5:55:4D:65:F4:12:F9:27:A6:73:74 | 1 |
| baissade.eu | 47:0C:0F:60:13:70:0A:37:0B:47:DB:8C:13:DC:98:E1:99:FE:58:CA | 1 |
| localhost | B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 | 1 |
| jabber.mcosys.de | AF:7D:0E:3F:73:49:48:F2:C5:7D:CA:81:16:15:A4:97:B5:32:57:69 | 1 |
| transaksi.id | FF:95:02:1A:31:78:D4:39:7C:64:EB:91:4E:D5:17:DB:93:5F:DA:18 | 1 |
| SSL.com DV CA | 50:CF:0E:88:EA:5C:72:95:82:75:3A:5A:AE:D2:CC:7C:D1:F7:DA:3A | 1 |
| Sectigo RSA Organization Validation Secure Server CA | 40:CE:F3:04:6C:91:6E:D7:AE:55:7F:60:E7:68:42:82:8B:51:DE:53 | 1 |
| jabber.censa.edu.cu | 41:2A:1B:F7:98:61:C1:BF:76:01:F6:93:0E:25:D9:15:6F:B2:35:08 | 1 |
| vamerike.net | 84:47:6B:7F:53:E7:C2:A2:25:E1:06:54:3A:73:2A:2A:6F:89:D6:DD | 1 |
| StartCom Class 1 DV Server CA | 39:8E:19:36:63:9B:A5:20:6D:F5:17:9B:FB:B7:01:09:33:96:94:00 | 1 |
| ifuckthesystem.does-it.net | 0E:E6:D3:C0:BC:6C:7A:67:6F:B1:83:B8:48:1E:94:68:3E:64:9C:F1 | 1 |
As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.
| Target | Type | When | Issuer |
|---|
| Target | Type | When |
|---|---|---|
| 10112.in | client to server | |
| 404.city | client to server | |
| 404.city | server to server | |
| 4ept.net | client to server | |
| 5222.de | client to server | |
| a3.pm | client to server | |
| anon.rocks | client to server | |
| anoxinon.me | client to server | |
| anoxinon.me | server to server | |
| beherit.pl | client to server | |
| beherit.pl | server to server | |
| calyxinstitute.org | client to server | |
| cartapus.eu | client to server | |
| cartapus.eu | server to server | |
| chat.joscomputing.space | client to server | |
| chat.joscomputing.space | server to server | |
| cloudfiles.at | client to server | |
| competenceslinux.com | client to server | |
| competenceslinux.com | server to server | |
| crackbaby.de | client to server | |
| dadosch.de | client to server | |
| datentopf.org | client to server | |
| datentopf.org | server to server | |
| death.social | client to server | |
| deltalima.net | client to server | |
| deltalima.net | server to server | |
| diasp.org | client to server | |
| dismail.de | client to server | |
| dismail.de | server to server | |
| disroot.org | client to server | |
| dpc.re | client to server | |
| dpc.re | server to server | |
| draugr.de | client to server | |
| e2e.best | client to server | |
| fruweb.de | client to server | |
| gauron.fr | server to server | |
| gedalya.net | client to server | |
| general.paiga.online | client to server | |
| getoto.net | client to server | |
| gleisnetze.de | client to server | |
| gleisnetze.de | server to server | |
| grrlz.net | client to server | |
| heap.ovh | client to server | |
| hot-chilli.eu | client to server | |
| invy.at | client to server | |
| ixeg.nl | client to server | |
| jabb3r.de | client to server | |
| jabb3r.org | client to server | |
| jabber.at | client to server | |
| jabber.at | server to server | |
| jabber.belnet.be | client to server | |
| jabber.calyxinstitute.org | client to server | |
| jabber.calyxinstitute.org | server to server | |
| jabber.de | client to server | |
| jabber.de | server to server | |
| jabber.fr | client to server | |
| jabber.freenet.de | client to server | |
| jabber.freenet.de | server to server | |
| jabber-hosting.de | client to server | |
| jabber.hot-chilli.net | client to server | |
| jabber.ietf.org | client to server | |
| jabber.node6.org | client to server | |
| jabber.node6.org | server to server | |
| jabber.no-sense.net | client to server | |
| jabber.registro.br | client to server | |
| jabber.systemli.org | client to server | |
| jabber.systemli.org | server to server | |
| jabber.sytes24.pl | client to server | |
| jabber.sytes24.pl | server to server | |
| jabber.tcpreset.net | client to server | |
| jabber.windfluechter.net | server to server | |
| jugendhacker.de | client to server | |
| jugendhacker.de | server to server | |
| k8n.de | server to server | |
| kjb.one | client to server | |
| kmeaw.com | client to server | |
| kmeaw.com | server to server | |
| lightwitch.org | server to server | |
| lin.codes | client to server | |
| lin.codes | server to server | |
| loozah.com | client to server | |
| magicbroccoli.de | client to server | |
| magicbroccoli.de | server to server | |
| mailbox.org | client to server | |
| marmok.org | server to server | |
| mdosch.de | client to server | |
| mytum.de | client to server | |
| nerdica.net | client to server | |
| ningu.net | client to server | |
| ningu.net | server to server | |
| nixnet.xyz | client to server | |
| nsfw.paiga.online | client to server | |
| okaris.de | client to server | |
| paiga.online | client to server | |
| paiga.online | server to server | |
| pickle.monster | client to server | |
| pickle.monster | server to server | |
| pimux.de | client to server | |
| procnull.de | client to server | |
| riseup.net | client to server | |
| rohedaten.de | client to server | |
| shaunc.com | server to server | |
| simfox.de | client to server | |
| simplewire.de | client to server | |
| skynetcloud.site | client to server | |
| skynetcloud.site | server to server | |
| snopyta.org | client to server | |
| somlen.de | server to server | |
| suchat.org | client to server | |
| thesecure.biz | client to server | |
| thesecure.biz | server to server | |
| thinkindifferent.net | client to server | |
| thinkindifferent.net | server to server | |
| tiuxo.com | client to server | |
| tiuxo.com | server to server | |
| toxol.eu | client to server | |
| transitiv.net | client to server | |
| transitiv.net | server to server | |
| trashserver.net | client to server | |
| tuxone.ch | client to server | |
| ubuntu-jabber.de | client to server | |
| vanderwarker.family | client to server | |
| wehost.lgbt | client to server | |
| wehost.lgbt | server to server | |
| wiuwiu.de | client to server | |
| x0.chat | client to server | |
| x0.chat | server to server | |
| xmpp.centurion-consulting.tech | client to server | |
| xmpp.centurion-consulting.tech | server to server | |
| xmpp.frozenstar.info | client to server | |
| xmpp-hosting.de | client to server | |
| xmpp.is | client to server | |
| xmpp.is | server to server | |
| xmpp.xyz | client to server | |
| zeroanarchy.com | client to server | |
| zeroanarchy.com | server to server | |
| zulaa.name | client to server | |
| zulaa.name | server to server |
| Target | Type | When |
|---|
| Target | Type | When |
|---|---|---|
| jabber.calyxinstitute.org | client to server |
| Target | Type | When |
|---|---|---|
| cryptoseb.pw | server to server | |
| im.ameci.org | server to server | |
| jabber.world | client to server | |
| vitortec.com | server to server | |
| vlibraxpcgux57d7.onion | client to server | |
| wehost.lgbt | client to server | |
| wehost.lgbt | server to server | |
| xmpp.smartsupp.com | client to server |
| Target | SHA256(SPKI) |
|---|---|
| draugr.de c2s | 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B |
| ubuntu-jabber.de c2s | 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B |
| dpc.re c2s | 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B |
| dpc.re s2s | 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B |
| host.dpc.re c2s | 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B |
| host.dpc.re s2s | 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B |
| haerter.ddnss.org c2s | 70:14:0E:3A:87:20:F3:35:7A:FE:32:DD:E0:8A:AD:AC:B1:4D:F6:BA:56:36:B3:A8:76:C3:9F:1F:DC:DE:AF:17 |
| pigh.de c2s | 70:14:0E:3A:87:20:F3:35:7A:FE:32:DD:E0:8A:AD:AC:B1:4D:F6:BA:56:36:B3:A8:76:C3:9F:1F:DC:DE:AF:17 |
| 198.204.77.180 c2s | B9:BF:68:D7:56:80:81:09:08:CC:E6:89:69:9B:99:8E:B2:9E:2D:D3:AB:06:D0:52:91:27:A3:80:79:50:54:15 |
| 198.204.77.181 c2s | B9:BF:68:D7:56:80:81:09:08:CC:E6:89:69:9B:99:8E:B2:9E:2D:D3:AB:06:D0:52:91:27:A3:80:79:50:54:15 |
| 1jabber.com c2s | CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0 |
| nologs.club c2s | CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0 |
| nologs.club s2s | CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0 |
| vipclub.pm s2s | CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0 |
| xmpp.is c2s | D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A |
| xmpp.is s2s | D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A |
| xmpp.si c2s | D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A |
| xmpp.xyz c2s | D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A |