Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 484 results

SSL 2 0 0%
SSL 3 6 1.2%
TLS 1.0 250 51.7%
TLS 1.1 288 59.5%
TLS 1.2 484 100%

Grades 484 results

A 423 87.4%
B 58 12%
C 3 0.6%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 1 0.2%
2048 291 60.8%
3072 3 0.6%
4096 184 38.4%

StartTLS

Type Client to server Server to server
Required 279 85.8% 109 68.6%
Allowed 46 14.2% 50 31.4%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 448 85.5% 56 10.7%
Invalid 8 1.5% 12 2.3%

SASL mechanisms 325 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 53 16.3% 320 98.5%
SCRAM-SHA-1 48 14.8% 256 78.8%
SCRAM-SHA-1-PLUS 0 0% 107 32.9%
X-OAUTH2 26 8% 98 30.2%
DIGEST-MD5 26 8% 57 17.5%
CRAM-MD5 12 3.7% 13 4%
JIVE-SHAREDSECRET 7 2.2% 7 2.2%
ANONYMOUS 3 0.9% 4 1.2%
X-GOOGLE-TOKEN 4 1.2% 4 1.2%
LOGIN 0 0% 2 0.6%
NTLM 1 0.3% 1 0.3%
GSSAPI 0 0% 1 0.3%
SCRAM-SHA-256 0 0% 1 0.3%
TIKITOKEN 1 0.3% 1 0.3%
WEBEX-TOKEN 0 0% 1 0.3%
CISCO-VTG-TOKEN 0 0% 1 0.3%
X-OAUTH 1 0.3% 1 0.3%
OFMEET 1 0.3% 1 0.3%
OAUTHBEARER 0 0% 1 0.3%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 281
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 9
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 7
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 6
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 4
GTS CA 1O1 DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2 4
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 3
MPG CA - G02 C6:24:B9:32:0E:2D:2D:FB:07:9B:FD:8A:FF:97:3F:32:D5:AF:B6:31 3
Entrust Certification Authority - L1K F2:1C:12:F4:6C:DB:6B:2E:16:F0:9F:94:19:CD:FF:32:84:37:B2:D7 2
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 2
ejabberd C5:8C:4D:76:A7:EB:1B:73:B4:25:92:5A:17:E8:5F:41:43:DD:47:40 1
CAcert Class 3 Root A7:C4:8F:BE:6B:02:6D:BD:0E:C1:B4:65:B8:8D:D8:13:EE:1D:EF:A0 1
ejabberd Community Server Test Certificate 74:82:AB:54:E7:09:17:4A:D3:67:9D:37:3B:3B:4E:FD:ED:A7:A4:1B 1
ejabberd 17:C5:FC:FF:6C:A6:DC:95:10:D9:6F:30:4B:BC:04:57:5E:05:03:28 1
RapidSSL CA C0:39:A3:26:9E:E4:B8:E8:2D:00:C5:3F:A7:97:B5:A1:9E:83:6F:47 1
ddosed.org 86:F3:A7:AB:6F:7C:8B:5B:28:E8:E1:E0:F9:4B:BA:4C:F8:5A:FD:1D 1
jabb.info CE:9C:81:4F:9C:17:63:51:8A:D4:0F:C5:C9:93:31:E9:DA:5D:11:AA 1
xmpp.frostworks.in 97:A2:B4:67:DC:8D:B2:9F:50:1B:F1:D2:C3:D9:15:AB:25:B4:05:6A 1
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 1
opentrux.fr 35:83:35:D2:F6:F7:F5:8B:CA:E1:AA:4A:C5:9F:5F:EB:CE:09:AE:6F 1
COMODO ECC Domain Validation Secure Server CA 16:EE:54:E4:8C:76:EA:A1:05:2E:09:01:0D:8F:AE:FE:E9:5E:5E:BB 1
kontu.dy.fi 94:C6:CB:1C:A7:E1:06:B2:E4:24:28:DA:14:70:0D:C3:D0:76:A2:DC 1
Conversations CA F9:87:0B:66:B3:81:01:6F:E3:F3:F2:C4:B2:9E:3D:64:54:FA:E5:E8 1
StartCom Class 1 DV Server CA 39:8E:19:36:63:9B:A5:20:6D:F5:17:9B:FB:B7:01:09:33:96:94:00 1
dev.inspeero.com 9F:C1:EC:DA:AD:0A:EE:F5:F6:5E:20:D2:39:C2:1E:BE:90:B0:73:8A 1
p4dvd 84:57:88:65:D5:1A:F6:DD:F5:54:E8:86:3B:3F:6D:BD:00:7E:83:B0 1
pingou.ovh C7:6D:23:8E:FF:64:1A:B7:4A:23:27:2B:C7:8C:09:54:09:F3:E1:5E 1
HydrantID SSL ICA G2 AC:4A:72:8B:4D:FC:35:60:1F:A3:4B:92:24:22:A4:2C:25:3F:75:6C 1
im.cable.ru EA:E0:A0:AE:A3:89:F0:84:7D:CB:AE:38:D4:B8:98:87:3D:22:33:93 1
Network Solutions OV Server CA 2 44:0F:F6:8A:35:E0:39:95:AC:55:E4:57:A6:7E:B1:68:0F:9A:7C:DD 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 146 results

Target Type When
404.city client to server
404.city server to server
4ept.net client to server
4ept.net server to server
5222.de client to server
5222.de server to server
alpha-labs.net client to server
anoxinon.me client to server
aquilatech.com client to server
awit.at client to server
babai.ru client to server
babai.ru server to server
bastelbude.eu client to server
bells23.org.uk server to server
bensch-server.de client to server
chat.tiuxo.com client to server
chat.tiuxo.com server to server
cloutfla.re client to server
competenceslinux.com client to server
competenceslinux.com server to server
conference.postadigitale.org server to server
cookiechat.de client to server
cookiechat.de server to server
cymaniac.net client to server
danwin1210.me client to server
danwin1210.me server to server
datenschnorchler.de client to server
datenschnorchler.de server to server
debian.org client to server
diasp.org client to server
dietrich.cx client to server
dietrich.cx server to server
dismail.de client to server
disroot.org client to server
domob.eu client to server
draugr.de client to server
expx.net client to server
expx.net server to server
faceless.city server to server
ferox.cc client to server
ferox.cc server to server
forum.friendi.ca server to server
fysh.in client to server
gajim.org client to server
gideonkuijt.nl client to server
gideonkuijt.nl server to server
gr4v.net client to server
gr4v.net server to server
grey.pw client to server
hillmeier.net client to server
im.cyberjinh.fr client to server
im.cyberjinh.fr server to server
imfreedom.org client to server
imfreedom.org server to server
initq.de client to server
jabb3r.de client to server
jabber.at client to server
jabber.calyxinstitute.org client to server
jabber.cat client to server
jabber.de client to server
jabber.fr client to server
jabber.horstbox.org client to server
jabber.hot-chilli.net client to server
jabber.no-sense.net client to server
jabberpl.org client to server
jabberpl.org server to server
jabber.systemli.org client to server
jabber.systemli.org server to server
jarvispowered.com client to server
jarvispowered.com server to server
kb8ojh.net client to server
kb8ojh.net server to server
kjb.one client to server
kupschke.net client to server
libretux.com client to server
lorien.samba-tng.org server to server
magicbroccoli.de client to server
mailbox.org client to server
mailbox.org server to server
marevalo.net client to server
mattrude.com client to server
mattrude.com server to server
mdosch.de server to server
myxmpp.inthe.eu client to server
myxmpp.inthe.eu server to server
nerv.tech server to server
niel.site server to server
nixnet.xyz client to server
nosnilmot.com client to server
omgsrsly.net client to server
omgsrsly.net server to server
opentrux.fr client to server
pimux.de client to server
pingou.ovh client to server
pirati.ca client to server
plastyc.cz client to server
plastyc.cz server to server
procnull.de server to server
rednull.org client to server
rednull.org server to server
riseup.net client to server
sfrd.de client to server
sfrd.de server to server
simplewire.de client to server
snopyta.org client to server
snopyta.org server to server
suchat.org client to server
suchat.org server to server
tadzik.net client to server
tadzik.net server to server
thfree.ru client to server
thfree.ru server to server
thinkindifferent.net client to server
tiuxo.com client to server
tiuxo.com server to server
toxol.eu client to server
trashserver.net client to server
trashserver.net server to server
trava.lv client to server
tuxone.ch client to server
tuxone.ch server to server
ubuntu-jabber.de client to server
valiant.ninja client to server
valiant.ninja server to server
verdammung.org client to server
verified.de client to server
w4eg.de client to server
weindl.biz client to server
weindl.biz server to server
wiredcloud.xyz client to server
wiuwiu.de client to server
wiuwiu.de server to server
x0.chat client to server
xdfr.de client to server
xdfr.de server to server
xmpp.0x54434d.net client to server
xmpp.0x54434d.net server to server
xmpp-hosting.de client to server
xmpp-hosting.de server to server
xmpp.is client to server
xmpp.lt client to server
xmpp.lt server to server
xmpp.vulpes.one client to server
xmpp.vulpes.one server to server
xyzzy.link client to server
zash.se server to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 2 results

Target Type When
3iabhz2dyncfdh73.onion client to server
jabber.calyxinstitute.org client to server

Servers not offering encryption 7 results

Target Type When
files.cjjmproperty.com client to server
jabber.world client to server
matrix.org server to server
nokia.com server to server
rajin.biz server to server
ras2i.fr client to server
techmeology.co.uk client to server

Servers sharing private keys 31 results

Target SHA256(SPKI)
draugr.de c2s 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B
ubuntu-jabber.de c2s 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B
verdammung.org c2s 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B
ircgw.dibella.net s2s 43:80:F1:CC:5E:23:B7:07:3E:EF:52:A9:EE:C2:38:69:0B:66:9D:CD:D3:7E:C3:DB:A4:CE:46:C2:E0:96:4F:58
mercury.dibella.net s2s 43:80:F1:CC:5E:23:B7:07:3E:EF:52:A9:EE:C2:38:69:0B:66:9D:CD:D3:7E:C3:DB:A4:CE:46:C2:E0:96:4F:58
chat.tiuxo.com c2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
chat.tiuxo.com s2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
tiuxo.com c2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
tiuxo.com s2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
awit.at c2s 6F:99:53:96:D7:D8:0D:B7:DE:B6:91:1E:3F:56:81:7F:14:C6:7A:67:A7:1E:B0:D4:BA:C5:C0:21:54:B0:AB:54
ferox.cc c2s 6F:99:53:96:D7:D8:0D:B7:DE:B6:91:1E:3F:56:81:7F:14:C6:7A:67:A7:1E:B0:D4:BA:C5:C0:21:54:B0:AB:54
ferox.cc s2s 6F:99:53:96:D7:D8:0D:B7:DE:B6:91:1E:3F:56:81:7F:14:C6:7A:67:A7:1E:B0:D4:BA:C5:C0:21:54:B0:AB:54
weindl.biz c2s 6F:99:53:96:D7:D8:0D:B7:DE:B6:91:1E:3F:56:81:7F:14:C6:7A:67:A7:1E:B0:D4:BA:C5:C0:21:54:B0:AB:54
weindl.biz s2s 6F:99:53:96:D7:D8:0D:B7:DE:B6:91:1E:3F:56:81:7F:14:C6:7A:67:A7:1E:B0:D4:BA:C5:C0:21:54:B0:AB:54
brave.de s2s A4:3F:6A:16:56:D8:0A:35:EA:B0:63:8C:9E:D0:E9:A3:CE:BC:27:6E:29:58:E6:AB:0F:26:C0:BE:67:62:AC:B4
messaging.brave.de s2s A4:3F:6A:16:56:D8:0A:35:EA:B0:63:8C:9E:D0:E9:A3:CE:BC:27:6E:29:58:E6:AB:0F:26:C0:BE:67:62:AC:B4
sgp.xmpp.id c2s AC:22:50:08:5E:A5:DF:42:3A:34:1C:12:13:BC:81:74:BB:AD:32:E9:E3:D1:11:36:61:24:77:3E:FA:2C:20:87
x.connected2.me c2s AC:22:50:08:5E:A5:DF:42:3A:34:1C:12:13:BC:81:74:BB:AD:32:E9:E3:D1:11:36:61:24:77:3E:FA:2C:20:87
talkx.l.google.com c2s AE:A1:F6:B9:A8:67:EE:D7:30:E7:BD:89:25:EA:9E:A2:E1:73:FC:34:72:BE:23:52:12:B2:6C:5A:9C:92:D4:96
xmpp.l.google.com c2s AE:A1:F6:B9:A8:67:EE:D7:30:E7:BD:89:25:EA:9E:A2:E1:73:FC:34:72:BE:23:52:12:B2:6C:5A:9C:92:D4:96
conference.ceeme-services.com s2s D7:58:79:A6:FA:4F:09:48:68:AA:9A:B7:2A:38:75:1E:B8:BC:03:17:E9:20:64:43:E8:16:FD:3F:10:AD:D4:53
jabber.ceeme-services.com s2s D7:58:79:A6:FA:4F:09:48:68:AA:9A:B7:2A:38:75:1E:B8:BC:03:17:E9:20:64:43:E8:16:FD:3F:10:AD:D4:53
sky-networks.de c2s E9:51:92:BE:45:2C:DF:64:DF:9C:64:28:E9:CE:BA:A3:8D:9E:01:32:4E:30:EC:16:DA:76:6F:6D:4F:28:4D:2A
sky-networks.de s2s E9:51:92:BE:45:2C:DF:64:DF:9C:64:28:E9:CE:BA:A3:8D:9E:01:32:4E:30:EC:16:DA:76:6F:6D:4F:28:4D:2A
snmx.de c2s E9:51:92:BE:45:2C:DF:64:DF:9C:64:28:E9:CE:BA:A3:8D:9E:01:32:4E:30:EC:16:DA:76:6F:6D:4F:28:4D:2A
snmx.de s2s E9:51:92:BE:45:2C:DF:64:DF:9C:64:28:E9:CE:BA:A3:8D:9E:01:32:4E:30:EC:16:DA:76:6F:6D:4F:28:4D:2A
cloutfla.re c2s F4:38:DA:67:EA:7B:11:0E:69:60:36:B9:93:CD:F5:C4:31:73:CD:29:63:33:63:87:CE:60:8C:38:3C:2B:64:1C
valiant.ninja c2s F4:38:DA:67:EA:7B:11:0E:69:60:36:B9:93:CD:F5:C4:31:73:CD:29:63:33:63:87:CE:60:8C:38:3C:2B:64:1C
valiant.ninja s2s F4:38:DA:67:EA:7B:11:0E:69:60:36:B9:93:CD:F5:C4:31:73:CD:29:63:33:63:87:CE:60:8C:38:3C:2B:64:1C
it.ecec.com c2s F7:73:D5:04:41:9E:F3:8B:44:FF:2D:C8:8A:CD:C8:3D:92:1A:DA:70:CF:04:82:EE:8E:17:FB:5E:3D:74:9D:8A
spark.ecec.com c2s F7:73:D5:04:41:9E:F3:8B:44:FF:2D:C8:8A:CD:C8:3D:92:1A:DA:70:CF:04:82:EE:8E:17:FB:5E:3D:74:9D:8A