Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 482 results

SSL 2 0 0%
SSL 3 8 1.7%
TLS 1.0 276 57.3%
TLS 1.1 303 62.9%
TLS 1.2 479 99.4%

Grades 482 results

A 413 85.7%
B 60 12.4%
C 9 1.9%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 1 0.2%
2048 276 58.7%
3072 5 1.1%
4096 188 40%

StartTLS

Type Client to server Server to server
Required 270 82.3% 102 66.2%
Allowed 58 17.7% 52 33.8%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 452 84.6% 55 10.3%
Invalid 14 2.6% 13 2.4%

SASL mechanisms 328 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 62 18.9% 322 98.2%
SCRAM-SHA-1 59 18% 273 83.2%
SCRAM-SHA-1-PLUS 0 0% 102 31.1%
X-OAUTH2 14 4.3% 94 28.7%
DIGEST-MD5 36 11% 74 22.6%
CRAM-MD5 24 7.3% 25 7.6%
ANONYMOUS 3 0.9% 3 0.9%
EXTERNAL 3 0.9% 3 0.9%
JIVE-SHAREDSECRET 3 0.9% 3 0.9%
LOGIN 0 0% 3 0.9%
NTLM 3 0.9% 3 0.9%
OFMEET 2 0.6% 2 0.6%
PGPREG 0 0% 1 0.3%
PGPBACKIN 0 0% 1 0.3%
TIKITOKEN 1 0.3% 1 0.3%
WEBEX-TOKEN 0 0% 1 0.3%
X-GOOGLE-TOKEN 1 0.3% 1 0.3%
PGPSIGN 0 0% 1 0.3%
CISCO-VTG-TOKEN 0 0% 1 0.3%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 289
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 9
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 8
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 5
Tomsk Private SSL CA - 2013#00 E2:E4:42:FB:70:3A:93:94:5E:F5:88:05:6E:08:36:E1:AD:1D:2D:98 2
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 2
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 2
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 2
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 1
SwissSign Server Gold CA 2014 - G22 AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1
wiuwiu.de 69:9B:08:86:97:C0:D3:BB:8D:67:3D:06:CA:34:54:7A:8B:CB:CE:9C 1
GTS CA 1O1 DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2 1
Callcc Root Certificate Authority AC:22:14:C2:6F:EF:30:84:4C:3B:0C:96:A8:AF:32:21:3D:E4:2A:19 1
ejabberd F4:9A:E9:EC:14:F4:72:D2:F6:32:39:6D:6A:3F:99:8D:88:C5:99:74 1
jabber.nam.cz E7:64:A3:A0:45:E2:93:E8:97:92:00:43:CA:76:21:0F:5D:69:E6:2C 1
vitortec.com 36:77:4C:77:49:C2:F2:52:00:FE:ED:B5:27:65:14:6F:C5:04:52:CC 1
viperam1987.i234.me FC:30:F6:89:B4:82:F1:5C:22:B3:D2:22:CB:B3:3F:D3:6D:5E:DD:BC 1
RapidSSL CA C0:39:A3:26:9E:E4:B8:E8:2D:00:C5:3F:A7:97:B5:A1:9E:83:6F:47 1
mservice.ru.com 0C:F1:FE:F0:84:A3:DB:B9:6E:E5:55:4D:65:F4:12:F9:27:A6:73:74 1
baissade.eu 47:0C:0F:60:13:70:0A:37:0B:47:DB:8C:13:DC:98:E1:99:FE:58:CA 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
jabber.mcosys.de AF:7D:0E:3F:73:49:48:F2:C5:7D:CA:81:16:15:A4:97:B5:32:57:69 1
transaksi.id FF:95:02:1A:31:78:D4:39:7C:64:EB:91:4E:D5:17:DB:93:5F:DA:18 1
SSL.com DV CA 50:CF:0E:88:EA:5C:72:95:82:75:3A:5A:AE:D2:CC:7C:D1:F7:DA:3A 1
Sectigo RSA Organization Validation Secure Server CA 40:CE:F3:04:6C:91:6E:D7:AE:55:7F:60:E7:68:42:82:8B:51:DE:53 1
jabber.censa.edu.cu 41:2A:1B:F7:98:61:C1:BF:76:01:F6:93:0E:25:D9:15:6F:B2:35:08 1
vamerike.net 84:47:6B:7F:53:E7:C2:A2:25:E1:06:54:3A:73:2A:2A:6F:89:D6:DD 1
StartCom Class 1 DV Server CA 39:8E:19:36:63:9B:A5:20:6D:F5:17:9B:FB:B7:01:09:33:96:94:00 1
ifuckthesystem.does-it.net 0E:E6:D3:C0:BC:6C:7A:67:6F:B1:83:B8:48:1E:94:68:3E:64:9C:F1 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 138 results

Target Type When
10112.in client to server
404.city client to server
404.city server to server
4ept.net client to server
5222.de client to server
a3.pm client to server
anon.rocks client to server
anoxinon.me client to server
anoxinon.me server to server
beherit.pl client to server
beherit.pl server to server
calyxinstitute.org client to server
cartapus.eu client to server
cartapus.eu server to server
chat.joscomputing.space client to server
chat.joscomputing.space server to server
cloudfiles.at client to server
competenceslinux.com client to server
competenceslinux.com server to server
crackbaby.de client to server
dadosch.de client to server
datentopf.org client to server
datentopf.org server to server
death.social client to server
deltalima.net client to server
deltalima.net server to server
diasp.org client to server
dismail.de client to server
dismail.de server to server
disroot.org client to server
dpc.re client to server
dpc.re server to server
draugr.de client to server
e2e.best client to server
fruweb.de client to server
gauron.fr server to server
gedalya.net client to server
general.paiga.online client to server
getoto.net client to server
gleisnetze.de client to server
gleisnetze.de server to server
grrlz.net client to server
heap.ovh client to server
hot-chilli.eu client to server
invy.at client to server
ixeg.nl client to server
jabb3r.de client to server
jabb3r.org client to server
jabber.at client to server
jabber.at server to server
jabber.belnet.be client to server
jabber.calyxinstitute.org client to server
jabber.calyxinstitute.org server to server
jabber.de client to server
jabber.de server to server
jabber.fr client to server
jabber.freenet.de client to server
jabber.freenet.de server to server
jabber-hosting.de client to server
jabber.hot-chilli.net client to server
jabber.ietf.org client to server
jabber.node6.org client to server
jabber.node6.org server to server
jabber.no-sense.net client to server
jabber.registro.br client to server
jabber.systemli.org client to server
jabber.systemli.org server to server
jabber.sytes24.pl client to server
jabber.sytes24.pl server to server
jabber.tcpreset.net client to server
jabber.windfluechter.net server to server
jugendhacker.de client to server
jugendhacker.de server to server
k8n.de server to server
kjb.one client to server
kmeaw.com client to server
kmeaw.com server to server
lightwitch.org server to server
lin.codes client to server
lin.codes server to server
loozah.com client to server
magicbroccoli.de client to server
magicbroccoli.de server to server
mailbox.org client to server
marmok.org server to server
mdosch.de client to server
mytum.de client to server
nerdica.net client to server
ningu.net client to server
ningu.net server to server
nixnet.xyz client to server
nsfw.paiga.online client to server
okaris.de client to server
paiga.online client to server
paiga.online server to server
pickle.monster client to server
pickle.monster server to server
pimux.de client to server
procnull.de client to server
riseup.net client to server
rohedaten.de client to server
shaunc.com server to server
simfox.de client to server
simplewire.de client to server
skynetcloud.site client to server
skynetcloud.site server to server
snopyta.org client to server
somlen.de server to server
suchat.org client to server
thesecure.biz client to server
thesecure.biz server to server
thinkindifferent.net client to server
thinkindifferent.net server to server
tiuxo.com client to server
tiuxo.com server to server
toxol.eu client to server
transitiv.net client to server
transitiv.net server to server
trashserver.net client to server
tuxone.ch client to server
ubuntu-jabber.de client to server
vanderwarker.family client to server
wehost.lgbt client to server
wehost.lgbt server to server
wiuwiu.de client to server
x0.chat client to server
x0.chat server to server
xmpp.centurion-consulting.tech client to server
xmpp.centurion-consulting.tech server to server
xmpp.frozenstar.info client to server
xmpp-hosting.de client to server
xmpp.is client to server
xmpp.is server to server
xmpp.xyz client to server
zeroanarchy.com client to server
zeroanarchy.com server to server
zulaa.name client to server
zulaa.name server to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 1 results

Target Type When
jabber.calyxinstitute.org client to server

Servers not offering encryption 8 results

Target Type When
cryptoseb.pw server to server
im.ameci.org server to server
jabber.world client to server
vitortec.com server to server
vlibraxpcgux57d7.onion client to server
wehost.lgbt client to server
wehost.lgbt server to server
xmpp.smartsupp.com client to server

Servers sharing private keys 18 results

Target SHA256(SPKI)
draugr.de c2s 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B
ubuntu-jabber.de c2s 0C:08:82:CC:51:FB:1B:58:3A:F0:5A:D9:F8:40:26:5B:5E:23:11:06:FC:3A:0D:C9:1D:35:21:1A:CF:69:AC:2B
dpc.re c2s 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B
dpc.re s2s 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B
host.dpc.re c2s 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B
host.dpc.re s2s 37:B7:CA:5C:1E:40:E2:0C:3F:38:55:DB:80:01:52:25:AF:C0:CA:7D:77:84:C6:2A:B2:06:0C:1B:B2:95:9F:3B
haerter.ddnss.org c2s 70:14:0E:3A:87:20:F3:35:7A:FE:32:DD:E0:8A:AD:AC:B1:4D:F6:BA:56:36:B3:A8:76:C3:9F:1F:DC:DE:AF:17
pigh.de c2s 70:14:0E:3A:87:20:F3:35:7A:FE:32:DD:E0:8A:AD:AC:B1:4D:F6:BA:56:36:B3:A8:76:C3:9F:1F:DC:DE:AF:17
198.204.77.180 c2s B9:BF:68:D7:56:80:81:09:08:CC:E6:89:69:9B:99:8E:B2:9E:2D:D3:AB:06:D0:52:91:27:A3:80:79:50:54:15
198.204.77.181 c2s B9:BF:68:D7:56:80:81:09:08:CC:E6:89:69:9B:99:8E:B2:9E:2D:D3:AB:06:D0:52:91:27:A3:80:79:50:54:15
1jabber.com c2s CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0
nologs.club c2s CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0
nologs.club s2s CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0
vipclub.pm s2s CB:F9:A7:62:2D:4F:BB:68:42:9B:35:79:17:8C:4C:4F:D5:86:39:CD:3F:54:31:90:60:D9:46:54:97:2F:7D:B0
xmpp.is c2s D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A
xmpp.is s2s D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A
xmpp.si c2s D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A
xmpp.xyz c2s D4:3D:DB:4A:8E:49:4A:CE:55:D3:1F:9D:F2:3A:3B:04:3F:57:65:31:7A:46:38:FD:11:04:F7:3E:2C:79:32:4A