Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 150 results

SSL 2	0 0%
SSL 3	0 0%
TLS 1.0	65 43.3%
TLS 1.1	68 45.3%
TLS 1.2	150 100%

Grades 150 results

A	140 93.3%
B	10 6.7%
C	0 0%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	95 62.5%
3072	3 2%
4096	54 35.5%

StartTLS

Type	Client to server	Server to server
Required	92 86.8%	33 75%
Allowed	14 13.2%	11 25%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	0%	5 2.9%
Invalid	162 94.7%	4 2.3%

SASL mechanisms 106 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	14 13.2%	104 98.1%
SCRAM-SHA-1	11 10.4%	88 83%
SCRAM-SHA-1-PLUS	0 0%	58 54.7%
X-OAUTH2	5 4.7%	21 19.8%
DIGEST-MD5	9 8.5%	21 19.8%
SCRAM-SHA-512-PLUS	0 0%	10 9.4%
SCRAM-SHA-512	1 0.9%	10 9.4%
SCRAM-SHA-256	1 0.9%	9 8.5%
SCRAM-SHA-256-PLUS	0 0%	9 8.5%
EXTERNAL	0 0%	3 2.8%
CRAM-MD5	3 2.8%	3 2.8%
ANONYMOUS	2 1.9%	2 1.9%
SCRAM-SHA-384	0 0%	1 0.9%
JIVE-SHAREDSECRET	1 0.9%	1 0.9%
OFMEET	1 0.9%	1 0.9%
SCRAM-SHA-384-PLUS	0 0%	1 0.9%
X-GOOGLE-TOKEN	1 0.9%	1 0.9%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
R3	48:50:4E:97:4C:0D:AC:5B:5C:D4:76:C8:20:22:74:B2:4C:8C:71:72	75
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	22
GTS CA 1O1	DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2	2
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	2
jitsi.metitech.eu	0F:0C:0E:4A:B8:CF:24:57:EF:4B:81:E5:75:B0:22:0F:37:72:49:E2	1
lhndev.com	19:90:E9:33:48:A0:77:B3:D5:A7:95:79:D0:A2:26:59:DA:B4:BE:3B	1
XMPP server	75:77:77:BC:2E:E0:9D:12:05:65:B1:2A:7D:21:16:63:39:91:73:30	1
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
server01.bioclever.local	F5:85:5F:79:E1:1E:57:07:72:F1:33:D7:17:00:1B:38:43:06:30:89	1
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	1
DigiCert SHA2 Secure Server CA	1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4	1
fujabber.com	15:AE:2C:E3:3A:5B:78:A3:78:8F:16:67:9E:DF:F0:AD:30:65:2E:C1	1
nazwaSSL	A9:CE:8E:88:79:AB:0C:CB:17:A1:FE:EE:D8:3E:72:0F:3D:92:5D:F8	1
DFN-Verein Global Issuing CA	C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45	1
Encryption Everywhere DV TLS CA - G1	59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3	1
DigiCert SHA2 High Assurance Server CA	A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E	1
ZeroSSL RSA Domain Secure Site CA	C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34	1
choszting.hu	DD:9E:64:A7:D1:E7:24:1A:EF:B6:5E:C7:7C:00:2A:E6:4D:F7:7E:DC	1
SwissSign Server Gold CA 2014 - G22	AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98	1
GeoTrust EV RSA CA 2018	A3:99:04:64:17:B6:7E:32:0D:3E:FA:69:D7:DC:E6:B8:BF:E8:A9:F2	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 44 results

Target	Type	When
404.city	server to server	2021-01-20T17:20:00+00:00
4ept.net	client to server	2021-01-19T03:15:52+00:00
5222.de	client to server	2021-01-18T20:26:47+00:00
anoxinon.me	client to server	2021-01-18T12:46:51+00:00
bells23.org.uk	server to server	2021-01-18T21:23:07+00:00
benny.de	server to server	2021-01-18T09:08:40+00:00
campanella.org	client to server	2021-01-24T23:18:29+00:00
campanella.org	server to server	2021-01-24T23:18:02+00:00
charl.eu	client to server	2021-01-19T21:38:22+00:00
cloudfiles.at	client to server	2021-01-18T23:23:26+00:00
cloudfiles.at	server to server	2021-01-18T23:28:22+00:00
danwin1210.me	client to server	2021-01-22T03:17:35+00:00
dismail.de	client to server	2021-01-20T22:32:08+00:00
disroot.org	client to server	2021-01-22T03:12:26+00:00
eckmul.net	client to server	2021-01-19T12:52:17+00:00
handb.xyz	client to server	2021-01-25T00:34:51+00:00
handb.xyz	server to server	2021-01-25T00:42:47+00:00
im.icttci.cz	client to server	2021-01-18T16:37:09+00:00
jabber.5july.net	client to server	2021-01-22T06:10:22+00:00
jabber.5july.net	server to server	2021-01-18T17:37:23+00:00
jabber.at	client to server	2021-01-22T00:54:17+00:00
jabber.at	server to server	2021-01-22T00:54:26+00:00
jabber.calyxinstitute.org	client to server	2021-01-24T23:23:39+00:00
jabber.de	client to server	2021-01-21T20:54:04+00:00
jabber.fr	client to server	2021-01-24T15:46:25+00:00
jabber.pestnagel.org	client to server	2021-01-18T16:59:04+00:00
jabber.pestnagel.org	server to server	2021-01-18T16:59:02+00:00
jabber.systemli.org	client to server	2021-01-20T14:44:00+00:00
lightwitch.org	client to server	2021-01-18T02:46:02+00:00
lightwitch.org	server to server	2021-01-18T02:49:19+00:00
mailbox.org	client to server	2021-01-18T12:33:45+00:00
mevogt.de	client to server	2021-01-22T08:33:44+00:00
nologs.at	server to server	2021-01-20T10:39:47+00:00
parloteo.es	client to server	2021-01-19T23:54:58+00:00
parloteo.es	server to server	2021-01-19T23:59:15+00:00
pepta.net	client to server	2021-01-20T12:14:42+00:00
pimux.de	client to server	2021-01-21T23:34:00+00:00
pimux.de	server to server	2021-01-22T00:01:20+00:00
riseup.net	client to server	2021-01-22T03:14:35+00:00
suchat.org	client to server	2021-01-21T22:07:33+00:00
trashserver.net	client to server	2021-01-19T12:58:54+00:00
xmpp.is	client to server	2021-01-24T16:58:13+00:00
xmpp.social	client to server	2021-01-18T19:46:16+00:00
xmpp.social	server to server	2021-01-18T20:14:45+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 1 results

Target	Type	When
jabber.calyxinstitute.org	client to server	2021-01-24T23:23:39+00:00

Servers not offering encryption 1 results

Target	Type	When
campanella.org	server to server	2021-01-24T23:18:02+00:00

Servers sharing private keys 8 results

Target	SHA256(SPKI)
draugr.de c2s	B4:CD:AD:11:76:DE:12:6B:77:2C:40:5E:AC:A5:42:5D:4D:84:4B:5C:47:C1:98:12:A9:79:06:21:2A:0D:60:8C
ubuntu-jabber.de c2s	B4:CD:AD:11:76:DE:12:6B:77:2C:40:5E:AC:A5:42:5D:4D:84:4B:5C:47:C1:98:12:A9:79:06:21:2A:0D:60:8C
95.85.114.218 c2s	B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
imexgrand.com c2s	B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
ironjanowar.hopto.org c2s	B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
imkerei.wien s2s	E4:7F:47:AA:AB:4E:BF:6A:F9:84:10:FA:18:3B:E3:E0:65:35:EB:7F:85:4D:DD:64:3B:5E:7E:F7:6E:31:48:E0
niemeczek.at c2s	E4:7F:47:AA:AB:4E:BF:6A:F9:84:10:FA:18:3B:E3:E0:65:35:EB:7F:85:4D:DD:64:3B:5E:7E:F7:6E:31:48:E0
niemeczek.at s2s	E4:7F:47:AA:AB:4E:BF:6A:F9:84:10:FA:18:3B:E3:E0:65:35:EB:7F:85:4D:DD:64:3B:5E:7E:F7:6E:31:48:E0