Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 239 results

SSL 2	0 0%
SSL 3	9 3.8%
TLS 1.0	152 63.6%
TLS 1.1	169 70.7%
TLS 1.2	236 98.7%

Grades 239 results

A	201 84.1%
B	28 11.7%
C	9 3.8%
D	1 0.4%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
1024	2 0.8%
2048	131 54.8%
4096	106 44.4%

StartTLS

Type	Client to server	Server to server
Required	133 80.1%	38 52.1%
Allowed	33 19.9%	35 47.9%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	232 85.6%	22 8.1%
Invalid	5 1.8%	12 4.4%

SASL mechanisms 166 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	32 19.3%	165 99.4%
SCRAM-SHA-1	31 18.7%	140 84.3%
X-OAUTH2	11 6.6%	57 34.3%
SCRAM-SHA-1-PLUS	0 0%	54 32.5%
DIGEST-MD5	22 13.3%	42 25.3%
CRAM-MD5	11 6.6%	12 7.2%
ANONYMOUS	3 1.8%	3 1.8%
JIVE-SHAREDSECRET	3 1.8%	3 1.8%
X-GOOGLE-TOKEN	2 1.2%	2 1.2%
SCRAM-SHA-256	0 0%	1 0.6%
SCRAM-SHA-256-PLUS	0 0%	1 0.6%
SCRAM-SHA-384	0 0%	1 0.6%
SCRAM-SHA-384-PLUS	0 0%	1 0.6%
SCRAM-SHA-512	0 0%	1 0.6%
SCRAM-SHA-512-PLUS	0 0%	1 0.6%
TIKITOKEN	1 0.6%	1 0.6%
WEBEX-TOKEN	0 0%	1 0.6%
LOGIN	0 0%	1 0.6%
EXTERNAL	1 0.6%	1 0.6%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	127
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	13
AlphaSSL CA - SHA256 - G2	4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC	4
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	3
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	2
Google Internet Authority G3	EE:AC:BD:0C:B4:52:81:95:77:91:1E:1E:62:03:DB:26:2F:84:A3:18	2
Go Daddy Secure Certificate Authority - G2	27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8	2
Encryption Everywhere DV TLS CA - G1	59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3	1
Entrust Certification Authority - L1K	F2:1C:12:F4:6C:DB:6B:2E:16:F0:9F:94:19:CD:FF:32:84:37:B2:D7	1
fujabber.com	1F:1A:9E:4D:6C:C4:1C:1A:64:41:49:DE:6E:56:C0:C8:DD:48:EF:BF	1
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1
google.com	59:68:15:77:F7:D0:30:68:CE:02:7E:FC:88:5F:D3:5C:A3:27:E4:F0	1
Grayson Peddie Authority Certificate	5C:88:60:F2:52:73:0B:C8:6D:0E:A9:78:25:EA:55:2C:91:2B:01:FC	1
Hochschule Darmstadt	F5:24:8E:32:7C:AC:50:97:75:84:8E:DC:A3:01:3F:D9:72:61:4E:B6	1
HydrantID SSL ICA G2	AC:4A:72:8B:4D:FC:35:60:1F:A3:4B:92:24:22:A4:2C:25:3F:75:6C	1
info-svyaz.net	2D:28:AF:56:3A:7B:C3:A4:85:74:82:1D:6F:AB:68:54:23:38:ED:33	1
li870-198.members.linode.com	B6:C1:76:F5:18:8A:90:85:FE:2A:99:57:45:C5:32:35:5E:F1:F5:E8	1
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
NetLock Expressz (Class C) Tanúsítványkiadó	3F:6F:58:9F:5A:28:46:6A:E2:95:D5:E1:8E:BD:13:9C:57:C6:8D:B5	1
p4dvd	84:57:88:65:D5:1A:F6:DD:F5:54:E8:86:3B:3F:6D:BD:00:7E:83:B0	1
polxmpp.ml	E7:CE:EF:5B:0E:00:15:DD:80:74:E2:DF:CD:07:2D:37:B9:9E:67:42	1
RapidSSL TLS RSA CA G1	CB:FE:9E:B4:3B:3B:37:FE:0D:FB:C4:C2:EB:2D:4E:07:D0:8B:D8:E8	1
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	1
Sectigo RSA Organization Validation Secure Server CA	40:CE:F3:04:6C:91:6E:D7:AE:55:7F:60:E7:68:42:82:8B:51:DE:53	1
SwissSign Server Silver CA 2014 - G22	55:BE:46:7A:A4:4B:F0:C1:5D:4B:CB:D0:6B:DC:A2:4B:BA:94:1E:13	1
Thawte RSA CA 2018	4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7	1
thawte SSL CA - G2	2E:A7:1C:36:7D:17:8C:84:3F:D2:1D:B4:FD:B6:30:BA:54:A2:0D:C5	1
va-11-hall-a.cafe	45:CD:EB:4B:71:8A:AC:FB:A0:56:B2:06:C4:F0:AA:C8:06:42:30:9E	1
virtualpc	7A:B7:71:06:8D:B1:4E:BC:76:29:E0:06:7D:EA:D3:72:96:92:64:4A	1
www.aviana.co.id	A4:9A:34:E6:1C:66:6D:04:8B:E6:3B:E8:04:61:BE:3D:47:58:2A:03	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 2 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer
info-svyaz.net	client to server	2019-02-19T10:00:40+00:00	info-svyaz.net
info-svyaz.net	server to server	2019-02-19T11:33:54+00:00	info-svyaz.net

Servers with DNSSEC signed SRV records 58 results

Target	Type	When
domob.eu	client to server	2019-02-19T10:26:42+00:00
fritze.org	client to server	2019-02-22T08:14:09+00:00
mailbox.org	client to server	2019-02-21T11:24:39+00:00
okaris.de	client to server	2019-02-16T16:25:50+00:00
xmpp.dk	client to server	2019-02-17T10:42:31+00:00
disroot.org	client to server	2019-02-19T11:35:33+00:00
jabb3r.org	client to server	2019-02-20T06:23:49+00:00
jabber.zone	client to server	2019-02-17T02:22:54+00:00
jab.cyberguerrilla.org	client to server	2019-02-21T17:18:12+00:00
nexum.hu	client to server	2019-02-19T07:17:13+00:00
phelps.rocks	server to server	2019-02-19T16:43:12+00:00
raccoon.army	client to server	2019-02-18T04:55:51+00:00
stefanfritze.de	client to server	2019-02-22T07:17:12+00:00
domob.eu	server to server	2019-02-19T10:38:37+00:00
flussence.eu	client to server	2019-02-21T03:38:10+00:00
gauron.fr	client to server	2019-02-16T20:09:30+00:00
jabber.at	client to server	2019-02-18T13:03:32+00:00
jabber.fr	client to server	2019-02-23T15:40:50+00:00
jabber.hot-chilli.net	client to server	2019-02-23T01:29:37+00:00
johncook.uk	client to server	2019-02-23T12:23:35+00:00
kitsune.one	client to server	2019-02-17T04:53:18+00:00
stefanfritze.de	server to server	2019-02-22T07:38:50+00:00
tuxone.ch	client to server	2019-02-19T16:25:21+00:00
wiuwiu.de	client to server	2019-02-21T16:14:57+00:00
dismail.de	client to server	2019-02-22T20:06:51+00:00
draugr.de	client to server	2019-02-22T23:55:06+00:00
fysh.in	client to server	2019-02-17T14:39:06+00:00
gleisnetze.de	server to server	2019-02-18T17:42:13+00:00
k8n.de	client to server	2019-02-20T15:24:40+00:00
the-construct.eu	server to server	2019-02-20T00:26:33+00:00
ubuntu-jabber.de	client to server	2019-02-21T22:38:14+00:00
xmpp.co	client to server	2019-02-16T21:16:48+00:00
4ept.net	client to server	2019-02-17T04:45:29+00:00
bit-ant.net	client to server	2019-02-22T19:01:30+00:00
flussence.eu	server to server	2019-02-21T03:17:54+00:00
gleisnetze.de	client to server	2019-02-18T17:38:17+00:00
jabber.de	client to server	2019-02-23T12:59:30+00:00
k8n.de	server to server	2019-02-20T16:10:11+00:00
mail.73er.ovh	client to server	2019-02-22T08:52:45+00:00
mail.de	client to server	2019-02-21T11:24:02+00:00
metacode.biz	client to server	2019-02-18T12:29:53+00:00
the-construct.eu	client to server	2019-02-19T12:45:33+00:00
xmpp.cx	client to server	2019-02-16T21:17:21+00:00
jabber.no-sense.net	client to server	2019-02-23T04:05:03+00:00
jabber.sytes24.pl	server to server	2019-02-20T05:45:07+00:00
nexum.hu	server to server	2019-02-19T07:18:33+00:00
omemox.de	server to server	2019-02-20T17:22:15+00:00
a3.pm	client to server	2019-02-18T17:22:06+00:00
babai.ru	client to server	2019-02-19T19:39:13+00:00
demouliere.eu	server to server	2019-02-20T17:58:22+00:00
null-pointer.eu	server to server	2019-02-20T00:50:20+00:00
raccoon.army	server to server	2019-02-18T07:55:30+00:00
xmpp.is	client to server	2019-02-19T17:31:05+00:00
babai.ru	server to server	2019-02-19T19:42:46+00:00
jabber.calyxinstitute.org	client to server	2019-02-22T01:14:12+00:00
lightwitch.org	client to server	2019-02-17T04:55:54+00:00
panelcontrol.jsxc.ch	client to server	2019-02-18T15:23:29+00:00
x0.chat	client to server	2019-02-18T10:54:30+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 5 results

Target	Type	When
18.136.71.133	client to server	2019-02-20T08:53:52+00:00
alpha.limekast.com	client to server	2019-02-19T13:28:36+00:00
chat.werkbank.de	client to server	2019-02-18T09:18:36+00:00
dil.in	client to server	2019-02-22T15:30:43+00:00
discordia.ch	client to server	2019-02-21T16:57:22+00:00

Servers sharing private keys 11 results

Target	SHA256(SPKI)
build.b2bedge.com c2s	6A:12:31:F1:91:C0:66:89:6E:05:CB:12:7C:16:37:44:C5:45:9B:0C:CB:F6:C6:3F:1D:DC:9E:F8:A9:3E:FF:31
li870-198.members.linode.com c2s	6A:12:31:F1:91:C0:66:89:6E:05:CB:12:7C:16:37:44:C5:45:9B:0C:CB:F6:C6:3F:1D:DC:9E:F8:A9:3E:FF:31
im.popsicletoes.biz c2s	79:59:CC:1E:48:B3:24:4D:B1:CC:96:58:02:7D:90:7A:F1:EA:DD:CF:31:FF:5C:C6:DD:47:04:2C:0A:14:B2:0D
popsicletoes.biz c2s	79:59:CC:1E:48:B3:24:4D:B1:CC:96:58:02:7D:90:7A:F1:EA:DD:CF:31:FF:5C:C6:DD:47:04:2C:0A:14:B2:0D
im.mexmail.de s2s	8E:5F:69:FE:3B:01:50:7C:5A:2B:2D:7A:DE:DD:82:42:19:10:6C:D2:84:AB:BF:3A:26:0E:A1:10:33:7F:6C:77
mexmail.de c2s	8E:5F:69:FE:3B:01:50:7C:5A:2B:2D:7A:DE:DD:82:42:19:10:6C:D2:84:AB:BF:3A:26:0E:A1:10:33:7F:6C:77
draugr.de c2s	95:E8:2A:4B:18:11:BD:6E:BD:8B:C1:A5:0A:A1:8F:07:80:9D:15:20:C9:95:7D:4A:72:0C:37:0F:2C:17:8E:75
ubuntu-jabber.de c2s	95:E8:2A:4B:18:11:BD:6E:BD:8B:C1:A5:0A:A1:8F:07:80:9D:15:20:C9:95:7D:4A:72:0C:37:0F:2C:17:8E:75
xmpp.co c2s	A1:8F:05:3D:FD:37:51:47:C9:3C:3A:DC:E1:8A:7F:C9:B0:71:17:C1:50:AA:07:0A:35:4C:70:97:98:7D:1A:18
xmpp.cx c2s	A1:8F:05:3D:FD:37:51:47:C9:3C:3A:DC:E1:8A:7F:C9:B0:71:17:C1:50:AA:07:0A:35:4C:70:97:98:7D:1A:18
xmpp.is c2s	A1:8F:05:3D:FD:37:51:47:C9:3C:3A:DC:E1:8A:7F:C9:B0:71:17:C1:50:AA:07:0A:35:4C:70:97:98:7D:1A:18