| SSL 2 | 0 0% |
| SSL 3 | 5 1.2% |
| TLS 1.0 | 221 54.3% |
| TLS 1.1 | 243 59.7% |
| TLS 1.2 | 406 99.8% |
| A | 356 87.5% |
|---|---|
| B | 47 11.5% |
| C | 4 1% |
| D | 0 0% |
| E | 0 0% |
| F | 0 0% |
| RSA key size | Count |
|---|---|
| 1024 | 8 2% |
| 2048 | 243 61.1% |
| 3072 | 9 2.3% |
| 4096 | 138 34.7% |
| Type | Client to server | Server to server |
|---|---|---|
| Required | 223 82.9% | 85 61.6% |
| Allowed | 46 17.1% | 53 38.4% |
To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.
| Trusted | Untrusted | |
|---|---|---|
| Valid | 371 83.7% | 46 10.4% |
| Invalid | 5 1.1% | 21 4.7% |
| Mechanism | # times offered before TLS | # times offered after TLS |
|---|---|---|
| PLAIN | 39 14.5% | 264 98.1% |
| SCRAM-SHA-1 | 39 14.5% | 228 84.8% |
| SCRAM-SHA-1-PLUS | 0 0% | 101 37.5% |
| X-OAUTH2 | 13 4.8% | 72 26.8% |
| DIGEST-MD5 | 25 9.3% | 50 18.6% |
| CRAM-MD5 | 17 6.3% | 18 6.7% |
| JIVE-SHAREDSECRET | 3 1.1% | 3 1.1% |
| SCRAM-SHA-256 | 0 0% | 2 0.7% |
| X-GOOGLE-TOKEN | 2 0.7% | 2 0.7% |
| SCRAM-SHA-384 | 0 0% | 1 0.4% |
| SCRAM-SHA-384-PLUS | 0 0% | 1 0.4% |
| SCRAM-SHA-512 | 0 0% | 1 0.4% |
| SCRAM-SHA-512-PLUS | 0 0% | 1 0.4% |
| ANONYMOUS | 1 0.4% | 1 0.4% |
| LOGIN | 0 0% | 1 0.4% |
| OFCHAT | 1 0.4% | 1 0.4% |
| EXTERNAL | 1 0.4% | 1 0.4% |
| SCRAM-SHA-256-PLUS | 0 0% | 1 0.4% |
SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.
| Target | Type | When |
|---|
SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.
| Target | Type | When |
|---|
| Name/Organization | SHA1 | Count |
|---|---|---|
| Let's Encrypt Authority X3 | E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB | 231 |
| Sectigo RSA Domain Validation Secure Server CA | 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB | 9 |
| COMODO RSA Domain Validation Secure Server CA | 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 | 4 |
| Let's Encrypt Authority X3 | 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 | 3 |
| AlphaSSL CA - SHA256 - G2 | 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC | 3 |
| GTS CA 1O1 | DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2 | 3 |
| Go Daddy Secure Certificate Authority - G2 | 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 | 2 |
| taftfamily.net | 76:B6:6A:0F:A0:5E:D9:4F:C3:96:8A:8A:1F:15:EC:50:37:6A:44:BA | 1 |
| ejabberd | E9:85:31:20:53:12:FB:FF:5C:7B:66:61:EC:F3:FE:39:E7:F1:2A:81 | 1 |
| xmpp.bonbonvideochat.com | 0E:27:CA:D2:75:C4:9E:3F:F7:34:42:0A:21:A8:F6:63:E9:11:BD:7D | 1 |
| GeoTrust RSA CA 2018 | 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B | 1 |
| internal-CA | 59:9E:14:F2:E9:00:6D:02:AF:23:3C:68:50:7C:63:36:DC:CA:9D:75 | 1 |
| anggichanger.org | DF:4B:F5:BF:2E:5B:D7:1E:E2:FC:A8:00:C5:78:15:58:8D:E4:72:EC | 1 |
| ejabberd | 1D:9D:4A:31:E6:BE:39:BA:0C:FF:94:77:6D:0C:07:21:C7:4A:CA:90 | 1 |
| ejabberd | 65:FA:E0:08:3B:63:6A:DB:AA:17:ED:2C:FC:88:40:9A:69:1F:09:DE | 1 |
| localhost | B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 | 1 |
| blue-mind.net | 5A:13:19:01:E3:56:61:B8:BF:0D:B9:78:C9:D7:55:82:5B:17:28:9B | 1 |
| jabber3star.com | 0B:FA:FA:B9:54:B5:66:1A:DD:A1:13:D7:9E:CB:2D:DB:2A:BC:9A:0A | 1 |
| Alexander Turenko | D8:F0:E0:34:CF:C3:A2:E5:A5:FC:70:BA:74:4C:62:68:8E:91:93:43 | 1 |
| iposerver-1974423365.avaya.com | 90:71:30:ED:DA:97:36:3A:05:2E:D3:D0:EB:88:60:8B:2A:4B:DA:2F | 1 |
| bluemind.net | D3:EB:01:9D:9D:38:EC:04:14:99:9E:24:80:3B:AC:12:DC:0C:AD:9D | 1 |
| *.bluemind.net | D3:EB:01:9D:9D:38:EC:04:14:99:9E:24:80:3B:AC:12:DC:0C:AD:9D | 1 |
| *.blue-mind.net | 5A:13:19:01:E3:56:61:B8:BF:0D:B9:78:C9:D7:55:82:5B:17:28:9B | 1 |
| ifuckthesystem.does-it.net | 0E:E6:D3:C0:BC:6C:7A:67:6F:B1:83:B8:48:1E:94:68:3E:64:9C:F1 | 1 |
| jabbex.net | 50:EC:3E:BA:4B:E4:ED:8A:27:20:7B:EB:ED:A9:BB:14:87:A6:91:7E | 1 |
| tfs.today | E0:C5:77:C9:7F:CF:74:F0:73:D7:B2:A5:5A:D0:B2:2D:57:21:F0:7F | 1 |
| ejabberd | AE:2C:0D:9A:45:73:0A:23:CA:D1:7E:22:F4:EB:A4:64:3C:62:E2:2C | 1 |
| CA Cert Signing Authority | DD:FC:DA:54:1E:75:77:AD:DC:A8:7E:88:27:A9:8A:50:60:32:52:A5 | 1 |
| fujabber.com | 15:AE:2C:E3:3A:5B:78:A3:78:8F:16:67:9E:DF:F0:AD:30:65:2E:C1 | 1 |
| tmstec.tecnobit.es | 96:82:29:5B:18:19:49:5A:B8:65:F8:6C:25:01:7E:8B:3C:07:05:E0 | 1 |
As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.
| Target | Type | When | Issuer |
|---|---|---|---|
| blue-mind.net | client to server | *.blue-mind.net | |
| blue-mind.net | client to server | blue-mind.net | |
| blue-mind.net | server to server | *.blue-mind.net | |
| blue-mind.net | server to server | blue-mind.net | |
| bluemind.net | client to server | *.bluemind.net | |
| bluemind.net | client to server | bluemind.net | |
| bluemind.net | server to server | *.bluemind.net | |
| bluemind.net | server to server | bluemind.net | |
| im.bsquad.net | client to server | ||
| im.bsquad.net | server to server | ||
| totktonada.ru | client to server | Alexander Turenko | |
| totktonada.ru | server to server | Alexander Turenko |
| Target | Type | When |
|---|---|---|
| 404.city | client to server | |
| 404.city | server to server | |
| 5222.de | server to server | |
| a3india.com | client to server | |
| akashaduocyen.nl | client to server | |
| akashaduocyen.nl | server to server | |
| alpha-labs.net | client to server | |
| beherit.pl | client to server | |
| beherit.pl | server to server | |
| biohazardous.de | client to server | |
| biohazardous.de | server to server | |
| bria.wf | client to server | |
| chinwag.org | client to server | |
| chinwag.org | server to server | |
| christiansaga.de | client to server | |
| christiansaga.de | server to server | |
| cloud.nosarcun.net | client to server | |
| core.mx | client to server | |
| core.radiosignal.net | client to server | |
| core.radiosignal.net | server to server | |
| cymaniac.net | client to server | |
| denstore.se | client to server | |
| denstore.se | server to server | |
| diebesban.de | client to server | |
| dismail.de | client to server | |
| dismail.de | server to server | |
| disroot.org | client to server | |
| disroot.org | server to server | |
| dpc.re | client to server | |
| dpc.re | server to server | |
| draugr.de | client to server | |
| draugr.de | server to server | |
| expx.net | client to server | |
| famion.eu | client to server | |
| famion.eu | server to server | |
| ghosttown-productions.de | client to server | |
| ghosttown-productions.de | server to server | |
| hlad.org | client to server | |
| hlad.org | server to server | |
| hot-chilli.net | client to server | |
| hot-chilli.net | server to server | |
| ikenmeyer.eu | client to server | |
| iluha.de | client to server | |
| iluha.de | server to server | |
| im.icttci.cz | client to server | |
| invy.at | client to server | |
| jabb3r.de | client to server | |
| jabb3r.org | client to server | |
| jabb3r.org | server to server | |
| jabber.5july.net | client to server | |
| jabber.5july.net | server to server | |
| jabber.calyxinstitute.org | client to server | |
| jabber.cat | client to server | |
| jabber.chaostreffbern.ch | client to server | |
| jabber.de | client to server | |
| jabber.fr | client to server | |
| jabber.hot-chilli.net | client to server | |
| jabber.kai.cz | client to server | |
| jabber.kai.cz | server to server | |
| jabberpl.org | client to server | |
| jabberpl.org | server to server | |
| jabber.systemausfall.org | client to server | |
| jabber.systemli.org | client to server | |
| jabber.uk | client to server | |
| kraushaar.io | client to server | |
| lightwitch.org | client to server | |
| lightwitch.org | server to server | |
| magicbroccoli.de | client to server | |
| mailbox.org | client to server | |
| masgalor.de | client to server | |
| masgalor.de | server to server | |
| mdosch.de | client to server | |
| mdosch.de | server to server | |
| mp.stlu.de | client to server | |
| mp.stlu.de | server to server | |
| nerdculture.de | client to server | |
| nerdculture.de | server to server | |
| niel.site | client to server | |
| nikel.me | client to server | |
| nixnet.xyz | client to server | |
| nlnet.nl | client to server | |
| null-pointer.eu | client to server | |
| null-pointer.eu | server to server | |
| ojab.ru | client to server | |
| ojab.ru | server to server | |
| online.osba.nl | client to server | |
| online.osba.nl | server to server | |
| os-k.eu | server to server | |
| pimux.de | client to server | |
| pimux.de | server to server | |
| p-pn.org | client to server | |
| projer.in | client to server | |
| riseup.net | client to server | |
| sanyi.nl | client to server | |
| sanyi.nl | server to server | |
| serafean.cz | client to server | |
| serafean.cz | server to server | |
| skynetcloud.site | client to server | |
| skynetcloud.site | server to server | |
| snopyta.org | client to server | |
| srv2.searacon.nl | client to server | |
| srv2.searacon.nl | server to server | |
| suchat.org | client to server | |
| suchat.org | server to server | |
| tarxjf.info | client to server | |
| tarxjf.info | server to server | |
| thesecure.biz | client to server | |
| tiuxo.com | client to server | |
| tiuxo.com | server to server | |
| trashserver.net | client to server | |
| vbf.one | client to server | |
| vbf.one | server to server | |
| wiuwiu.de | client to server | |
| xmpp-hosting.de | client to server | |
| xmpp.is | client to server | |
| zzzxxx.xyz | client to server | |
| zzzxxx.xyz | server to server |
| Target | Type | When |
|---|
| Target | Type | When |
|---|---|---|
| jabber.calyxinstitute.org | client to server |
| Target | Type | When |
|---|---|---|
| cock.li | server to server | |
| mpro.la | client to server |
| Target | SHA256(SPKI) |
|---|---|
| diebesban.de c2s | 39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84 |
| mdosch.de c2s | 39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84 |
| mdosch.de s2s | 39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84 |
| im.apinc.org c2s | 8D:C0:62:5B:A8:4C:F5:FE:DB:6A:C8:40:EC:A6:05:6D:B0:92:F1:26:64:01:C0:16:51:D1:07:5A:C2:EE:22:E2 |
| jabber.fr c2s | 8D:C0:62:5B:A8:4C:F5:FE:DB:6A:C8:40:EC:A6:05:6D:B0:92:F1:26:64:01:C0:16:51:D1:07:5A:C2:EE:22:E2 |
| jabber.osterbart.de c2s | 99:59:98:77:71:B8:8B:AE:89:76:9C:7B:95:DE:EB:FE:A5:1C:99:F0:88:EB:60:28:75:FD:C3:76:08:A5:90:ED |
| talk-to.de c2s | 99:59:98:77:71:B8:8B:AE:89:76:9C:7B:95:DE:EB:FE:A5:1C:99:F0:88:EB:60:28:75:FD:C3:76:08:A5:90:ED |
| 109.230.199.180 c2s | B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66 |
| home.bakker.io c2s | B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66 |
| home.bakker.io s2s | B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66 |
| jdcain.me c2s | B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66 |
| jdcain.me s2s | B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66 |
| babak.cc c2s | D1:02:02:9B:82:1D:8B:62:33:36:43:0B:F9:F6:6D:2F:77:EB:91:86:F7:BA:74:57:0D:D5:68:A5:0A:3E:B1:2F |
| xmpp.babak.cc c2s | D1:02:02:9B:82:1D:8B:62:33:36:43:0B:F9:F6:6D:2F:77:EB:91:86:F7:BA:74:57:0D:D5:68:A5:0A:3E:B1:2F |
| it4freedom.net s2s | EE:43:24:B0:2B:6C:AC:BA:42:8E:E2:7A:87:89:89:6D:88:1B:94:48:01:D9:91:46:60:84:C0:BC:5F:37:34:3D |
| lore.bra.it4freedom.net s2s | EE:43:24:B0:2B:6C:AC:BA:42:8E:E2:7A:87:89:89:6D:88:1B:94:48:01:D9:91:46:60:84:C0:BC:5F:37:34:3D |
| guardianphone.net c2s | EF:A2:8D:4C:7D:86:7F:65:8E:A6:2D:B4:09:87:48:80:CD:F2:EA:3B:A0:D1:CF:5D:91:19:77:B6:AB:B0:68:ED |
| guardianphone.net s2s | EF:A2:8D:4C:7D:86:7F:65:8E:A6:2D:B4:09:87:48:80:CD:F2:EA:3B:A0:D1:CF:5D:91:19:77:B6:AB:B0:68:ED |
| guardianphone.org c2s | EF:A2:8D:4C:7D:86:7F:65:8E:A6:2D:B4:09:87:48:80:CD:F2:EA:3B:A0:D1:CF:5D:91:19:77:B6:AB:B0:68:ED |