Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 116 results

SSL 2 0 0%
SSL 3 3 2.6%
TLS 1.0 40 34.5%
TLS 1.1 44 37.9%
TLS 1.2 116 100%

Grades 116 results

A 103 88.8%
B 11 9.5%
C 2 1.7%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 69 67%
4096 34 33%

StartTLS

Type Client to server Server to server
Required 71 87.7% 24 68.6%
Allowed 10 12.3% 11 31.4%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 29 22.1% 97 74%
Invalid 1 0.8% 4 3.1%

SASL mechanisms 81 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 9 11.1% 79 97.5%
SCRAM-SHA-1 9 11.1% 69 85.2%
SCRAM-SHA-1-PLUS 0 0% 51 63%
X-OAUTH2 2 2.5% 15 18.5%
DIGEST-MD5 7 8.6% 12 14.8%
SCRAM-SHA-512 0 0% 7 8.6%
SCRAM-SHA-512-PLUS 0 0% 7 8.6%
SCRAM-SHA-256 0 0% 6 7.4%
SCRAM-SHA-256-PLUS 0 0% 6 7.4%
CRAM-MD5 1 1.2% 2 2.5%
EXTERNAL 0 0% 1 1.2%
X-GOOGLE-TOKEN 1 1.2% 1 1.2%
LOGIN 0 0% 1 1.2%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 75
ZeroSSL ECC Domain Secure Site CA 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 2
E1 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 2
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 2
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
GEANT OV RSA CA 4 C2:82:6E:26:6D:74:05:D3:4E:F8:97:62:63:6A:E4:B3:6E:86:CB:5E 1
Fraunhofer Service CA - G02 52:5D:93:4C:22:9B:60:89:44:49:69:F4:9B:D4:48:83:BD:0C:44:26 1
ZeroSSL RSA Domain Secure Site CA C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 1
E-Kehat-Ru 8C:7C:F9:14:B1:1F:33:E0:3D:B2:0C:61:68:46:F7:5F:88:A1:D9:53 1
Thawte RSA CA 2018 4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7 1
ejabberd E6:2B:50:58:F1:ED:74:35:DA:15:FE:76:CA:8C:C1:04:D0:94:79:DA 1
Starfield Secure Certificate Authority - G2 7E:DC:37:6D:CF:D4:5E:6D:DF:08:2C:16:0D:F6:AC:21:83:5B:95:D4 1
xmpp.svtux.fr 3E:55:DB:7B:52:27:75:12:72:C5:DD:03:27:7A:1A:6F:B4:67:57:4A 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1
GTS CA 1C3 1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC 1
Thawte TLS RSA CA G1 C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 43 results

Target Type When
404.city client to server
404.city server to server
5222.de client to server
anakojm.net client to server
anakojm.net server to server
bgjmpt.eu client to server
cheogram.com server to server
critiq.one client to server
critiq.one server to server
danwin1210.de client to server
danwin1210.de server to server
danwin1210.me client to server
eu.prod.push.monal-im.org server to server
gajim.org server to server
invy.at client to server
invy.at server to server
jabber.absturztau.be client to server
jabber.absturztau.be server to server
jabber.calyxinstitute.org client to server
jabber.calyxinstitute.org server to server
jabber.de client to server
jabber.systemli.org client to server
jabber.systemli.org server to server
mailbox.org client to server
mastodont.cat client to server
miharu.dedyn.io client to server
monocles.de client to server
monocles.de server to server
monocles.eu client to server
mrakonet.cz client to server
nixnet.services client to server
nixnet.services server to server
parloteo.es client to server
rm3811.net client to server
skynetcloud.site client to server
skynetcloud.site server to server
snopyta.org client to server
texto-plano.xyz client to server
texto-plano.xyz server to server
trashserver.net client to server
trashserver.net server to server
wiuwiu.de client to server
xmpp.co client to server

Servers with DNSSEC signed DANE records 14 results

Target Type When
5222.de client to server
danwin1210.de client to server
danwin1210.de server to server
jabber.calyxinstitute.org client to server
jabber.systemli.org client to server
jabber.systemli.org server to server
mailbox.org client to server
monocles.de client to server
monocles.de server to server
monocles.eu client to server
skynetcloud.site client to server
skynetcloud.site server to server
wiuwiu.de client to server
yax.im client to server

Servers with a hidden service 1 results

Target Type When
jabber.calyxinstitute.org client to server

Servers not offering encryption 0 results

Target Type When

Servers sharing private keys 7 results

Target SHA256(SPKI)
chat.pemlex.de c2s 03:C6:93:19:FF:78:D5:FB:FD:AA:10:5D:59:21:50:2E:E0:1B:E0:69:B7:0C:03:F9:BC:2E:BA:DC:3B:C8:D0:75
pemlex.de c2s 03:C6:93:19:FF:78:D5:FB:FD:AA:10:5D:59:21:50:2E:E0:1B:E0:69:B7:0C:03:F9:BC:2E:BA:DC:3B:C8:D0:75
monocles.de c2s 35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC
monocles.de s2s 35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC
monocles.eu c2s 35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC
xmpp-stg.way2cloud.gocurb.com c2s 9D:E0:FC:6B:A6:3A:B3:7D:0D:65:F7:66:25:AB:58:79:D4:99:8F:64:F5:22:62:F0:00:B9:F5:54:AF:DA:96:A3
xmpp.way2cloud.gocurb.com c2s 9D:E0:FC:6B:A6:3A:B3:7D:0D:65:F7:66:25:AB:58:79:D4:99:8F:64:F5:22:62:F0:00:B9:F5:54:AF:DA:96:A3