Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 407 results

SSL 2 0 0%
SSL 3 5 1.2%
TLS 1.0 221 54.3%
TLS 1.1 243 59.7%
TLS 1.2 406 99.8%

Grades 407 results

A 356 87.5%
B 47 11.5%
C 4 1%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 8 2%
2048 243 61.1%
3072 9 2.3%
4096 138 34.7%

StartTLS

Type Client to server Server to server
Required 223 82.9% 85 61.6%
Allowed 46 17.1% 53 38.4%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 371 83.7% 46 10.4%
Invalid 5 1.1% 21 4.7%

SASL mechanisms 269 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 39 14.5% 264 98.1%
SCRAM-SHA-1 39 14.5% 228 84.8%
SCRAM-SHA-1-PLUS 0 0% 101 37.5%
X-OAUTH2 13 4.8% 72 26.8%
DIGEST-MD5 25 9.3% 50 18.6%
CRAM-MD5 17 6.3% 18 6.7%
JIVE-SHAREDSECRET 3 1.1% 3 1.1%
SCRAM-SHA-256 0 0% 2 0.7%
X-GOOGLE-TOKEN 2 0.7% 2 0.7%
SCRAM-SHA-384 0 0% 1 0.4%
SCRAM-SHA-384-PLUS 0 0% 1 0.4%
SCRAM-SHA-512 0 0% 1 0.4%
SCRAM-SHA-512-PLUS 0 0% 1 0.4%
ANONYMOUS 1 0.4% 1 0.4%
LOGIN 0 0% 1 0.4%
OFCHAT 1 0.4% 1 0.4%
EXTERNAL 1 0.4% 1 0.4%
SCRAM-SHA-256-PLUS 0 0% 1 0.4%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 231
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 9
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 4
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 3
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 3
GTS CA 1O1 DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2 3
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 2
taftfamily.net 76:B6:6A:0F:A0:5E:D9:4F:C3:96:8A:8A:1F:15:EC:50:37:6A:44:BA 1
ejabberd E9:85:31:20:53:12:FB:FF:5C:7B:66:61:EC:F3:FE:39:E7:F1:2A:81 1
xmpp.bonbonvideochat.com 0E:27:CA:D2:75:C4:9E:3F:F7:34:42:0A:21:A8:F6:63:E9:11:BD:7D 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1
internal-CA 59:9E:14:F2:E9:00:6D:02:AF:23:3C:68:50:7C:63:36:DC:CA:9D:75 1
anggichanger.org DF:4B:F5:BF:2E:5B:D7:1E:E2:FC:A8:00:C5:78:15:58:8D:E4:72:EC 1
ejabberd 1D:9D:4A:31:E6:BE:39:BA:0C:FF:94:77:6D:0C:07:21:C7:4A:CA:90 1
ejabberd 65:FA:E0:08:3B:63:6A:DB:AA:17:ED:2C:FC:88:40:9A:69:1F:09:DE 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
blue-mind.net 5A:13:19:01:E3:56:61:B8:BF:0D:B9:78:C9:D7:55:82:5B:17:28:9B 1
jabber3star.com 0B:FA:FA:B9:54:B5:66:1A:DD:A1:13:D7:9E:CB:2D:DB:2A:BC:9A:0A 1
Alexander Turenko D8:F0:E0:34:CF:C3:A2:E5:A5:FC:70:BA:74:4C:62:68:8E:91:93:43 1
iposerver-1974423365.avaya.com 90:71:30:ED:DA:97:36:3A:05:2E:D3:D0:EB:88:60:8B:2A:4B:DA:2F 1
bluemind.net D3:EB:01:9D:9D:38:EC:04:14:99:9E:24:80:3B:AC:12:DC:0C:AD:9D 1
*.bluemind.net D3:EB:01:9D:9D:38:EC:04:14:99:9E:24:80:3B:AC:12:DC:0C:AD:9D 1
*.blue-mind.net 5A:13:19:01:E3:56:61:B8:BF:0D:B9:78:C9:D7:55:82:5B:17:28:9B 1
ifuckthesystem.does-it.net 0E:E6:D3:C0:BC:6C:7A:67:6F:B1:83:B8:48:1E:94:68:3E:64:9C:F1 1
jabbex.net 50:EC:3E:BA:4B:E4:ED:8A:27:20:7B:EB:ED:A9:BB:14:87:A6:91:7E 1
tfs.today E0:C5:77:C9:7F:CF:74:F0:73:D7:B2:A5:5A:D0:B2:2D:57:21:F0:7F 1
ejabberd AE:2C:0D:9A:45:73:0A:23:CA:D1:7E:22:F4:EB:A4:64:3C:62:E2:2C 1
CA Cert Signing Authority DD:FC:DA:54:1E:75:77:AD:DC:A8:7E:88:27:A9:8A:50:60:32:52:A5 1
fujabber.com 15:AE:2C:E3:3A:5B:78:A3:78:8F:16:67:9E:DF:F0:AD:30:65:2E:C1 1
tmstec.tecnobit.es 96:82:29:5B:18:19:49:5A:B8:65:F8:6C:25:01:7E:8B:3C:07:05:E0 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 12 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer
blue-mind.net client to server *.blue-mind.net
blue-mind.net client to server blue-mind.net
blue-mind.net server to server *.blue-mind.net
blue-mind.net server to server blue-mind.net
bluemind.net client to server *.bluemind.net
bluemind.net client to server bluemind.net
bluemind.net server to server *.bluemind.net
bluemind.net server to server bluemind.net
im.bsquad.net client to server
im.bsquad.net server to server
totktonada.ru client to server Alexander Turenko
totktonada.ru server to server Alexander Turenko

Servers with DNSSEC signed SRV records 117 results

Target Type When
404.city client to server
404.city server to server
5222.de server to server
a3india.com client to server
akashaduocyen.nl client to server
akashaduocyen.nl server to server
alpha-labs.net client to server
beherit.pl client to server
beherit.pl server to server
biohazardous.de client to server
biohazardous.de server to server
bria.wf client to server
chinwag.org client to server
chinwag.org server to server
christiansaga.de client to server
christiansaga.de server to server
cloud.nosarcun.net client to server
core.mx client to server
core.radiosignal.net client to server
core.radiosignal.net server to server
cymaniac.net client to server
denstore.se client to server
denstore.se server to server
diebesban.de client to server
dismail.de client to server
dismail.de server to server
disroot.org client to server
disroot.org server to server
dpc.re client to server
dpc.re server to server
draugr.de client to server
draugr.de server to server
expx.net client to server
famion.eu client to server
famion.eu server to server
ghosttown-productions.de client to server
ghosttown-productions.de server to server
hlad.org client to server
hlad.org server to server
hot-chilli.net client to server
hot-chilli.net server to server
ikenmeyer.eu client to server
iluha.de client to server
iluha.de server to server
im.icttci.cz client to server
invy.at client to server
jabb3r.de client to server
jabb3r.org client to server
jabb3r.org server to server
jabber.5july.net client to server
jabber.5july.net server to server
jabber.calyxinstitute.org client to server
jabber.cat client to server
jabber.chaostreffbern.ch client to server
jabber.de client to server
jabber.fr client to server
jabber.hot-chilli.net client to server
jabber.kai.cz client to server
jabber.kai.cz server to server
jabberpl.org client to server
jabberpl.org server to server
jabber.systemausfall.org client to server
jabber.systemli.org client to server
jabber.uk client to server
kraushaar.io client to server
lightwitch.org client to server
lightwitch.org server to server
magicbroccoli.de client to server
mailbox.org client to server
masgalor.de client to server
masgalor.de server to server
mdosch.de client to server
mdosch.de server to server
mp.stlu.de client to server
mp.stlu.de server to server
nerdculture.de client to server
nerdculture.de server to server
niel.site client to server
nikel.me client to server
nixnet.xyz client to server
nlnet.nl client to server
null-pointer.eu client to server
null-pointer.eu server to server
ojab.ru client to server
ojab.ru server to server
online.osba.nl client to server
online.osba.nl server to server
os-k.eu server to server
pimux.de client to server
pimux.de server to server
p-pn.org client to server
projer.in client to server
riseup.net client to server
sanyi.nl client to server
sanyi.nl server to server
serafean.cz client to server
serafean.cz server to server
skynetcloud.site client to server
skynetcloud.site server to server
snopyta.org client to server
srv2.searacon.nl client to server
srv2.searacon.nl server to server
suchat.org client to server
suchat.org server to server
tarxjf.info client to server
tarxjf.info server to server
thesecure.biz client to server
tiuxo.com client to server
tiuxo.com server to server
trashserver.net client to server
vbf.one client to server
vbf.one server to server
wiuwiu.de client to server
xmpp-hosting.de client to server
xmpp.is client to server
zzzxxx.xyz client to server
zzzxxx.xyz server to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 1 results

Target Type When
jabber.calyxinstitute.org client to server

Servers not offering encryption 2 results

Target Type When
cock.li server to server
mpro.la client to server

Servers sharing private keys 19 results

Target SHA256(SPKI)
diebesban.de c2s 39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84
mdosch.de c2s 39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84
mdosch.de s2s 39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84
im.apinc.org c2s 8D:C0:62:5B:A8:4C:F5:FE:DB:6A:C8:40:EC:A6:05:6D:B0:92:F1:26:64:01:C0:16:51:D1:07:5A:C2:EE:22:E2
jabber.fr c2s 8D:C0:62:5B:A8:4C:F5:FE:DB:6A:C8:40:EC:A6:05:6D:B0:92:F1:26:64:01:C0:16:51:D1:07:5A:C2:EE:22:E2
jabber.osterbart.de c2s 99:59:98:77:71:B8:8B:AE:89:76:9C:7B:95:DE:EB:FE:A5:1C:99:F0:88:EB:60:28:75:FD:C3:76:08:A5:90:ED
talk-to.de c2s 99:59:98:77:71:B8:8B:AE:89:76:9C:7B:95:DE:EB:FE:A5:1C:99:F0:88:EB:60:28:75:FD:C3:76:08:A5:90:ED
109.230.199.180 c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
home.bakker.io c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
home.bakker.io s2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
jdcain.me c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
jdcain.me s2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
babak.cc c2s D1:02:02:9B:82:1D:8B:62:33:36:43:0B:F9:F6:6D:2F:77:EB:91:86:F7:BA:74:57:0D:D5:68:A5:0A:3E:B1:2F
xmpp.babak.cc c2s D1:02:02:9B:82:1D:8B:62:33:36:43:0B:F9:F6:6D:2F:77:EB:91:86:F7:BA:74:57:0D:D5:68:A5:0A:3E:B1:2F
it4freedom.net s2s EE:43:24:B0:2B:6C:AC:BA:42:8E:E2:7A:87:89:89:6D:88:1B:94:48:01:D9:91:46:60:84:C0:BC:5F:37:34:3D
lore.bra.it4freedom.net s2s EE:43:24:B0:2B:6C:AC:BA:42:8E:E2:7A:87:89:89:6D:88:1B:94:48:01:D9:91:46:60:84:C0:BC:5F:37:34:3D
guardianphone.net c2s EF:A2:8D:4C:7D:86:7F:65:8E:A6:2D:B4:09:87:48:80:CD:F2:EA:3B:A0:D1:CF:5D:91:19:77:B6:AB:B0:68:ED
guardianphone.net s2s EF:A2:8D:4C:7D:86:7F:65:8E:A6:2D:B4:09:87:48:80:CD:F2:EA:3B:A0:D1:CF:5D:91:19:77:B6:AB:B0:68:ED
guardianphone.org c2s EF:A2:8D:4C:7D:86:7F:65:8E:A6:2D:B4:09:87:48:80:CD:F2:EA:3B:A0:D1:CF:5D:91:19:77:B6:AB:B0:68:ED