Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 217 results

SSL 2 0 0%
SSL 3 4 1.8%
TLS 1.0 133 61.3%
TLS 1.1 142 65.4%
TLS 1.2 213 98.2%

Grades 217 results

A 184 84.8%
B 23 10.6%
C 10 4.6%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 109 50.7%
3072 1 0.5%
4096 105 48.8%

StartTLS

Type Client to server Server to server
Required 116 82.3% 60 78.9%
Allowed 25 17.7% 16 21.1%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 33 14%
Invalid 199 84.3% 4 1.7%

SASL mechanisms 141 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 25 17.7% 137 97.2%
SCRAM-SHA-1 20 14.2% 118 83.7%
SCRAM-SHA-1-PLUS 0 0% 52 36.9%
X-OAUTH2 7 5% 39 27.7%
DIGEST-MD5 17 12.1% 31 22%
CRAM-MD5 9 6.4% 10 7.1%
SCRAM-SHA-512 0 0% 1 0.7%
SCRAM-SHA-512-PLUS 0 0% 1 0.7%
SCRAM-SHA-256 0 0% 1 0.7%
LOGIN 0 0% 1 0.7%
ANONYMOUS 1 0.7% 1 0.7%
SCRAM-SHA-256-PLUS 0 0% 1 0.7%
SCRAM-SHA-384 0 0% 1 0.7%
SCRAM-SHA-384-PLUS 0 0% 1 0.7%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 115
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 4
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 3
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 3
StartCom Class 1 DV Server CA 39:8E:19:36:63:9B:A5:20:6D:F5:17:9B:FB:B7:01:09:33:96:94:00 2
Gandi Standard SSL CA 2 24:71:06:A4:05:B2:88:A4:6E:70:A0:26:27:17:16:2D:09:03:E7:34 2
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 2
DarkEngine B1:BD:DC:81:8B:E4:36:2F:4A:A8:36:B6:D9:5A:CA:0B:43:56:C3:B4 1
numeritech.fr DF:2F:B5:AA:B3:6D:12:47:C2:31:29:51:A5:1D:27:70:D0:7C:49:15 1
ejabberd E9:A2:65:D0:1C:EA:42:88:58:51:1F:5D:78:B4:19:77:33:EE:00:ED 1
thawte SSL CA - G2 2E:A7:1C:36:7D:17:8C:84:3F:D2:1D:B4:FD:B6:30:BA:54:A2:0D:C5 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
ijeeynrc6x2uy5ob.onion 83:B6:A3:D7:27:49:75:B6:7F:8D:73:9A:9A:8C:C1:A5:A1:9F:54:77 1
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 1
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 1
Certum Domain Validation CA SHA2 FF:9C:EB:13:C8:3F:15:B8:00:E6:EF:F9:87:B2:C7:2E:01:B4:B3:20 1
DigiCert SHA2 Secure Server CA 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4 1
tinigin.ru 92:C3:C9:3C:F9:8E:82:AC:7B:75:AE:12:C1:86:32:55:4A:28:EA:6E 1
Jabber Local CA 0F:FB:60:9B:A3:24:48:E4:A1:79:2E:CF:42:FD:04:F9:73:3F:40:79 1
odit.ml 94:5F:E3:FC:3F:B0:3F:8E:F4:74:86:83:FD:C1:77:E2:AD:01:37:52 1
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 1
okvm.de 23:5A:52:C3:1C:FC:4B:79:8F:1F:D0:DB:05:00:CE:27:E7:27:82:43 1
funkyroot-ca 0B:8B:6E:54:FD:5B:8A:06:5E:59:63:A9:A3:2D:98:C9:BF:8C:89:38 1
Thawte RSA CA 2018 4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7 1
SwissSign Server Silver CA 2014 - G22 55:BE:46:7A:A4:4B:F0:C1:5D:4B:CB:D0:6B:DC:A2:4B:BA:94:1E:13 1
Fake LE Intermediate X1 4E:EE:73:98:C1:A3:DA:F9:1D:A1:66:89:DB:82:43:92:7A:27:1B:9A 1
StartCom BR SSL ICA 37:7B:35:1C:CB:87:A4:F5:F1:D3:99:78:56:13:15:CD:46:0D:67:1A 1
germanyt366sirdc.onion F9:99:F2:02:D8:59:87:C2:2C:FA:26:D0:BB:A4:FE:DC:65:09:D6:54 1
jabber.banuareload.com 60:89:FA:C7:76:C6:83:49:00:0F:AD:2E:E3:2B:26:5E:45:77:6E:6B 1
IT and Media-Services root CA 01:49:6A:42:71:5A:9A:37:CC:57:BE:E7:35:F1:2D:4F:08:B9:21:4D 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 65 results

Target Type When
404.city client to server
404.city server to server
5222.de client to server
5222.de server to server
a3.pm client to server
alternanet.fr client to server
blug.moe client to server
calyxinstitute.org client to server
dismail.de client to server
dismail.de server to server
draugr.de client to server
draugr.de server to server
eckmul.net client to server
eckmul.net server to server
gajim.org server to server
honigdachse.de client to server
iluha.de client to server
iluha.de server to server
invy.at client to server
invy.at server to server
jabb3r.org client to server
jabb3r.org server to server
jabber.at client to server
jabber.at server to server
jabber.briehl.de client to server
jabber.briehl.de server to server
jabber.calyxinstitute.org client to server
jabber.cat server to server
jabber.chaostreffbern.ch client to server
jabber.cheetah85.ovh client to server
jabber.cheetah85.ovh server to server
jabber.de client to server
jabber.de server to server
jabber.hot-chilli.net client to server
jabber.no-sense.net client to server
jabber.no-sense.net server to server
jabberpl.org client to server
jabber.systemli.org client to server
jabber.zone client to server
juick.com server to server
lightwitch.org client to server
magicbroccoli.de client to server
magicbroccoli.de server to server
mailbox.org client to server
mdosch.de server to server
mindspl.at client to server
nwschat.weather.gov client to server
ofus.world client to server
pimux.de client to server
pimux.de server to server
riseup.net client to server
simplewire.de client to server
snopyta.org server to server
stusta.mhn.de server to server
trashserver.net client to server
trashserver.net server to server
ubuntu-jabber.net client to server
wiuwiu.de client to server
wiuwiu.de server to server
xmpp.co client to server
xmpp.is client to server
xmpp.lt client to server
xmpp.xyz client to server
zeroanarchy.com client to server
zeroanarchy.com server to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 3 results

Target Type When
germanyt366sirdc.onion client to server
ijeeynrc6x2uy5ob.onion client to server
jabber.calyxinstitute.org client to server

Servers not offering encryption 1 results

Target Type When
peacock.mithrai.com client to server

Servers sharing private keys 18 results

Target SHA256(SPKI)
core.mywire.org c2s 59:6F:18:C9:E8:27:CD:97:EF:86:51:61:06:D7:1E:34:7A:4B:9A:D5:4A:70:B6:04:10:DF:C1:98:EF:65:23:38
wallabag.hopto.org c2s 59:6F:18:C9:E8:27:CD:97:EF:86:51:61:06:D7:1E:34:7A:4B:9A:D5:4A:70:B6:04:10:DF:C1:98:EF:65:23:38
wallabag.hopto.org s2s 59:6F:18:C9:E8:27:CD:97:EF:86:51:61:06:D7:1E:34:7A:4B:9A:D5:4A:70:B6:04:10:DF:C1:98:EF:65:23:38
rimkus.it c2s 8D:98:E0:E1:4E:10:94:0E:5F:E2:97:AD:9D:8D:53:85:50:7A:74:0A:6D:E2:71:9C:51:43:02:7A:F7:5D:67:AE
rimkus.it s2s 8D:98:E0:E1:4E:10:94:0E:5F:E2:97:AD:9D:8D:53:85:50:7A:74:0A:6D:E2:71:9C:51:43:02:7A:F7:5D:67:AE
xmpp2.rimkus.it c2s 8D:98:E0:E1:4E:10:94:0E:5F:E2:97:AD:9D:8D:53:85:50:7A:74:0A:6D:E2:71:9C:51:43:02:7A:F7:5D:67:AE
xmpp2.rimkus.it s2s 8D:98:E0:E1:4E:10:94:0E:5F:E2:97:AD:9D:8D:53:85:50:7A:74:0A:6D:E2:71:9C:51:43:02:7A:F7:5D:67:AE
draugr.de c2s A5:99:DE:DE:0A:3F:7E:A7:AD:BD:60:A4:DC:53:45:0F:1A:BC:80:4C:A7:F8:61:DE:B4:B8:23:D3:FB:7C:DF:9D
draugr.de s2s A5:99:DE:DE:0A:3F:7E:A7:AD:BD:60:A4:DC:53:45:0F:1A:BC:80:4C:A7:F8:61:DE:B4:B8:23:D3:FB:7C:DF:9D
ubuntu-jabber.net c2s A5:99:DE:DE:0A:3F:7E:A7:AD:BD:60:A4:DC:53:45:0F:1A:BC:80:4C:A7:F8:61:DE:B4:B8:23:D3:FB:7C:DF:9D
odit.ml c2s C1:7C:04:DA:A8:21:74:DD:1E:59:23:83:15:3E:B5:5B:13:3F:BD:B3:31:00:5A:71:BF:9E:74:49:94:58:32:B2
www.odit.ml c2s C1:7C:04:DA:A8:21:74:DD:1E:59:23:83:15:3E:B5:5B:13:3F:BD:B3:31:00:5A:71:BF:9E:74:49:94:58:32:B2
jabber.tinigin.ru c2s C3:A4:83:8B:EB:8E:C2:FE:C2:AA:5C:98:0A:E7:60:F7:25:1B:66:CB:BE:3D:DB:4F:8E:66:1B:07:C2:3F:A4:FD
tinigin.ru c2s C3:A4:83:8B:EB:8E:C2:FE:C2:AA:5C:98:0A:E7:60:F7:25:1B:66:CB:BE:3D:DB:4F:8E:66:1B:07:C2:3F:A4:FD
tinigin.ru s2s C3:A4:83:8B:EB:8E:C2:FE:C2:AA:5C:98:0A:E7:60:F7:25:1B:66:CB:BE:3D:DB:4F:8E:66:1B:07:C2:3F:A4:FD
xmpp.co c2s E3:51:DF:8B:09:F5:87:8C:A8:C5:75:6D:E1:88:1B:01:16:99:0D:5A:E0:8F:01:28:D2:1C:55:7A:21:8C:B1:DB
xmpp.is c2s E3:51:DF:8B:09:F5:87:8C:A8:C5:75:6D:E1:88:1B:01:16:99:0D:5A:E0:8F:01:28:D2:1C:55:7A:21:8C:B1:DB
xmpp.xyz c2s E3:51:DF:8B:09:F5:87:8C:A8:C5:75:6D:E1:88:1B:01:16:99:0D:5A:E0:8F:01:28:D2:1C:55:7A:21:8C:B1:DB