Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 116 results

SSL 2	0 0%
SSL 3	3 2.6%
TLS 1.0	40 34.5%
TLS 1.1	44 37.9%
TLS 1.2	116 100%

Grades 116 results

A	103 88.8%
B	11 9.5%
C	2 1.7%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	69 67%
4096	34 33%

StartTLS

Type	Client to server	Server to server
Required	71 87.7%	24 68.6%
Allowed	10 12.3%	11 31.4%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	29 22.1%	97 74%
Invalid	1 0.8%	4 3.1%

SASL mechanisms 81 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	9 11.1%	79 97.5%
SCRAM-SHA-1	9 11.1%	69 85.2%
SCRAM-SHA-1-PLUS	0 0%	51 63%
X-OAUTH2	2 2.5%	15 18.5%
DIGEST-MD5	7 8.6%	12 14.8%
SCRAM-SHA-512	0 0%	7 8.6%
SCRAM-SHA-512-PLUS	0 0%	7 8.6%
SCRAM-SHA-256	0 0%	6 7.4%
SCRAM-SHA-256-PLUS	0 0%	6 7.4%
CRAM-MD5	1 1.2%	2 2.5%
EXTERNAL	0 0%	1 1.2%
X-GOOGLE-TOKEN	1 1.2%	1 1.2%
LOGIN	0 0%	1 1.2%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
R3	A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05	75
ZeroSSL ECC Domain Secure Site CA	7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78	2
E1	09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3	2
Go Daddy Secure Certificate Authority - G2	27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8	2
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
GEANT OV RSA CA 4	C2:82:6E:26:6D:74:05:D3:4E:F8:97:62:63:6A:E4:B3:6E:86:CB:5E	1
Fraunhofer Service CA - G02	52:5D:93:4C:22:9B:60:89:44:49:69:F4:9B:D4:48:83:BD:0C:44:26	1
ZeroSSL RSA Domain Secure Site CA	C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34	1
E-Kehat-Ru	8C:7C:F9:14:B1:1F:33:E0:3D:B2:0C:61:68:46:F7:5F:88:A1:D9:53	1
Thawte RSA CA 2018	4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7	1
ejabberd	E6:2B:50:58:F1:ED:74:35:DA:15:FE:76:CA:8C:C1:04:D0:94:79:DA	1
Starfield Secure Certificate Authority - G2	7E:DC:37:6D:CF:D4:5E:6D:DF:08:2C:16:0D:F6:AC:21:83:5B:95:D4	1
xmpp.svtux.fr	3E:55:DB:7B:52:27:75:12:72:C5:DD:03:27:7A:1A:6F:B4:67:57:4A	1
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1
GTS CA 1C3	1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC	1
Thawte TLS RSA CA G1	C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 43 results

Target	Type	When
404.city	client to server	2022-05-12T21:10:54+00:00
404.city	server to server	2022-05-14T20:02:45+00:00
5222.de	client to server	2022-05-11T06:47:38+00:00
anakojm.net	client to server	2022-05-11T19:16:37+00:00
anakojm.net	server to server	2022-05-11T20:06:48+00:00
bgjmpt.eu	client to server	2022-05-13T12:26:07+00:00
cheogram.com	server to server	2022-05-15T12:49:25+00:00
critiq.one	client to server	2022-05-13T15:19:00+00:00
critiq.one	server to server	2022-05-13T15:28:21+00:00
danwin1210.de	client to server	2022-05-13T15:28:50+00:00
danwin1210.de	server to server	2022-05-13T15:29:05+00:00
danwin1210.me	client to server	2022-05-12T21:11:08+00:00
eu.prod.push.monal-im.org	server to server	2022-05-14T08:19:34+00:00
gajim.org	server to server	2022-05-12T16:30:32+00:00
invy.at	client to server	2022-05-11T20:10:04+00:00
invy.at	server to server	2022-05-11T20:10:21+00:00
jabber.absturztau.be	client to server	2022-05-12T09:14:50+00:00
jabber.absturztau.be	server to server	2022-05-12T09:14:54+00:00
jabber.calyxinstitute.org	client to server	2022-05-16T13:33:40+00:00
jabber.calyxinstitute.org	server to server	2022-05-16T13:33:34+00:00
jabber.de	client to server	2022-05-14T09:44:35+00:00
jabber.systemli.org	client to server	2022-05-16T19:01:39+00:00
jabber.systemli.org	server to server	2022-05-12T08:37:38+00:00
mailbox.org	client to server	2022-05-17T14:29:19+00:00
mastodont.cat	client to server	2022-05-12T16:26:38+00:00
miharu.dedyn.io	client to server	2022-05-13T05:10:20+00:00
monocles.de	client to server	2022-05-14T16:06:11+00:00
monocles.de	server to server	2022-05-14T16:08:27+00:00
monocles.eu	client to server	2022-05-14T16:03:31+00:00
mrakonet.cz	client to server	2022-05-15T10:55:21+00:00
nixnet.services	client to server	2022-05-12T14:59:36+00:00
nixnet.services	server to server	2022-05-12T14:59:42+00:00
parloteo.es	client to server	2022-05-14T08:59:21+00:00
rm3811.net	client to server	2022-05-16T16:11:55+00:00
skynetcloud.site	client to server	2022-05-15T10:56:11+00:00
skynetcloud.site	server to server	2022-05-15T10:56:14+00:00
snopyta.org	client to server	2022-05-14T21:01:48+00:00
texto-plano.xyz	client to server	2022-05-15T17:26:33+00:00
texto-plano.xyz	server to server	2022-05-15T17:29:39+00:00
trashserver.net	client to server	2022-05-15T22:10:42+00:00
trashserver.net	server to server	2022-05-15T22:11:27+00:00
wiuwiu.de	client to server	2022-05-12T08:46:39+00:00
xmpp.co	client to server	2022-05-11T09:51:15+00:00

Servers with DNSSEC signed DANE records 14 results

Target	Type	When
5222.de	client to server	2022-05-11T06:47:38+00:00
danwin1210.de	client to server	2022-05-13T15:28:50+00:00
danwin1210.de	server to server	2022-05-13T15:29:05+00:00
jabber.calyxinstitute.org	client to server	2022-05-16T13:33:40+00:00
jabber.systemli.org	client to server	2022-05-16T19:01:39+00:00
jabber.systemli.org	server to server	2022-05-12T08:37:38+00:00
mailbox.org	client to server	2022-05-17T14:29:19+00:00
monocles.de	client to server	2022-05-14T16:06:11+00:00
monocles.de	server to server	2022-05-14T16:08:27+00:00
monocles.eu	client to server	2022-05-14T16:03:31+00:00
skynetcloud.site	client to server	2022-05-15T10:56:11+00:00
skynetcloud.site	server to server	2022-05-15T10:56:14+00:00
wiuwiu.de	client to server	2022-05-12T08:46:39+00:00
yax.im	client to server	2022-05-12T11:42:58+00:00

Servers with a hidden service 1 results

Target	Type	When
jabber.calyxinstitute.org	client to server	2022-05-16T13:33:40+00:00

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 7 results

Target	SHA256(SPKI)
chat.pemlex.de c2s	03:C6:93:19:FF:78:D5:FB:FD:AA:10:5D:59:21:50:2E:E0:1B:E0:69:B7:0C:03:F9:BC:2E:BA:DC:3B:C8:D0:75
pemlex.de c2s	03:C6:93:19:FF:78:D5:FB:FD:AA:10:5D:59:21:50:2E:E0:1B:E0:69:B7:0C:03:F9:BC:2E:BA:DC:3B:C8:D0:75
monocles.de c2s	35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC
monocles.de s2s	35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC
monocles.eu c2s	35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC
xmpp-stg.way2cloud.gocurb.com c2s	9D:E0:FC:6B:A6:3A:B3:7D:0D:65:F7:66:25:AB:58:79:D4:99:8F:64:F5:22:62:F0:00:B9:F5:54:AF:DA:96:A3
xmpp.way2cloud.gocurb.com c2s	9D:E0:FC:6B:A6:3A:B3:7D:0D:65:F7:66:25:AB:58:79:D4:99:8F:64:F5:22:62:F0:00:B9:F5:54:AF:DA:96:A3