Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 157 results

SSL 2	0 0%
SSL 3	1 0.6%
TLS 1.0	98 62.4%
TLS 1.1	110 70.1%
TLS 1.2	157 100%

Grades 157 results

A	134 85.4%
B	22 14%
C	1 0.6%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
1024	1 0.7%
2048	87 56.9%
4096	63 41.2%
8192	2 1.3%

StartTLS

Type	Client to server	Server to server
Required	78 79.6%	37 62.7%
Allowed	20 20.4%	22 37.3%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	150 86.7%	14 8.1%
Invalid	3 1.7%	6 3.5%

SASL mechanisms 98 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	23 23.5%	98 100%
SCRAM-SHA-1	21 21.4%	86 87.8%
X-OAUTH2	7 7.1%	32 32.7%
SCRAM-SHA-1-PLUS	0 0%	30 30.6%
DIGEST-MD5	16 16.3%	22 22.4%
CRAM-MD5	6 6.1%	7 7.1%
ANONYMOUS	1 1%	2 2%
LOGIN	0 0%	1 1%
JIVE-SHAREDSECRET	1 1%	1 1%
X-OAUTH	1 1%	1 1%
GSSAPI	1 1%	1 1%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	96
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	6
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	2
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	2
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
*.muc.tigase.org	76:48:B0:A9:BF:67:2E:D7:E9:17:01:60:64:DD:A1:55:5B:5E:5F:2E	1
muc.tigase.org	76:48:B0:A9:BF:67:2E:D7:E9:17:01:60:64:DD:A1:55:5B:5E:5F:2E	1
openfire.southindia.cloudapp.azure.com	FC:7F:7E:2E:FC:2E:C5:B0:CA:2D:52:69:18:2E:C7:30:78:5B:BC:AA	1
RapidSSL SHA256 CA	C8:6E:DB:C7:1A:B0:50:78:F6:1A:CD:F3:D8:DC:5D:B6:1E:B7:5F:B6	1
Starfield Secure Certificate Authority - G2	7E:DC:37:6D:CF:D4:5E:6D:DF:08:2C:16:0D:F6:AC:21:83:5B:95:D4	1
tfs.today	E0:C5:77:C9:7F:CF:74:F0:73:D7:B2:A5:5A:D0:B2:2D:57:21:F0:7F	1
vitor.guia.nom.br	3C:5B:BE:07:55:4E:82:C3:57:9B:45:D1:0E:76:44:E2:95:D1:FE:01	1
AlphaSSL CA - SHA256 - G2	4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC	1
xmpp-chat-server	9D:64:03:2A:26:25:9A:AD:27:AF:68:20:A6:DA:25:64:54:C6:93:93	1
CA Cert Signing Authority	13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33	1
ejabberd	D3:15:3D:8E:44:48:3C:E5:71:91:17:35:1C:6B:08:1A:C3:20:9C:3F	1
Fachhochschule Aachen CA - G01	1E:40:27:3D:8B:B9:58:38:5F:3B:70:1F:F0:70:EE:23:0A:79:65:97	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 2 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer
muc.tigase.org	server to server	2019-06-14T08:03:48+00:00	*.muc.tigase.org
muc.tigase.org	server to server	2019-06-14T08:03:48+00:00	muc.tigase.org

Servers with DNSSEC signed SRV records 46 results

Target	Type	When
404.city	client to server	2019-06-17T00:49:48+00:00
elaon.de	client to server	2019-06-12T11:27:14+00:00
jabb3r.org	client to server	2019-06-15T11:20:02+00:00
xmpp.is	client to server	2019-06-17T15:11:58+00:00
xmpp.taiga-san.net	server to server	2019-06-16T17:05:24+00:00
blesmrt.net	server to server	2019-06-14T08:58:15+00:00
dark-alexandr.net	server to server	2019-06-14T15:43:38+00:00
elaon.de	server to server	2019-06-12T11:34:41+00:00
jabber.de	client to server	2019-06-16T03:51:52+00:00
trashserver.net	client to server	2019-06-16T02:29:03+00:00
trashserver.net	server to server	2019-06-16T02:30:32+00:00
volatile.bz	client to server	2019-06-13T09:00:14+00:00
xmpp.mynet.fr	server to server	2019-06-15T16:45:24+00:00
dark-alexandr.net	client to server	2019-06-14T15:29:28+00:00
jalogisch.de	server to server	2019-06-13T12:08:11+00:00
tbk112.com	client to server	2019-06-18T09:23:50+00:00
thesecure.biz	client to server	2019-06-17T19:58:21+00:00
volatile.bz	server to server	2019-06-13T08:19:14+00:00
jabber.de	server to server	2019-06-17T14:31:36+00:00
jabber.ordinatis.de	client to server	2019-06-17T17:21:23+00:00
sharezen.de	client to server	2019-06-11T21:16:49+00:00
5222.de	client to server	2019-06-16T10:01:02+00:00
dismail.de	server to server	2019-06-13T12:19:12+00:00
serafean.cz	server to server	2019-06-17T09:39:33+00:00
sharezen.de	server to server	2019-06-11T21:17:15+00:00
x0.chat	client to server	2019-06-17T19:41:24+00:00
xmpp.is	server to server	2019-06-17T15:23:13+00:00
disroot.org	client to server	2019-06-17T08:12:07+00:00
draugr.de	client to server	2019-06-17T13:40:22+00:00
knop.eu	client to server	2019-06-18T10:21:44+00:00
knop.eu	server to server	2019-06-18T10:23:30+00:00
petko.me	server to server	2019-06-12T21:19:40+00:00
xmpp.mynet.fr	client to server	2019-06-15T16:46:00+00:00
barfoo.eu	client to server	2019-06-18T18:39:33+00:00
dismail.de	client to server	2019-06-16T17:56:55+00:00
maurice-walker.com	client to server	2019-06-18T17:27:30+00:00
maurice-walker.com	server to server	2019-06-18T17:59:08+00:00
omemo.ca	client to server	2019-06-13T14:08:20+00:00
petko.me	client to server	2019-06-12T21:15:29+00:00
serafean.cz	client to server	2019-06-17T10:20:00+00:00
im.cyberjinh.fr	client to server	2019-06-15T12:40:28+00:00
im.cyberjinh.fr	server to server	2019-06-15T12:31:23+00:00
jabber.cat	client to server	2019-06-12T03:58:41+00:00
pouet.ovh	client to server	2019-06-17T21:02:14+00:00
rooms.kitsune.one	server to server	2019-06-13T14:35:40+00:00
wowana.me	server to server	2019-06-13T09:02:10+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 1 results

Target	Type	When
webex.com	server to server	2019-06-18T15:21:25+00:00

Servers sharing private keys 6 results

Target	SHA256(SPKI)
push.tigase.im s2s	57:88:30:BC:82:FB:AA:23:A2:4E:74:4B:C8:85:D8:42:22:93:82:4C:80:00:03:4E:FC:83:CD:C4:D8:76:67:7D
tigase.im c2s	57:88:30:BC:82:FB:AA:23:A2:4E:74:4B:C8:85:D8:42:22:93:82:4C:80:00:03:4E:FC:83:CD:C4:D8:76:67:7D
tigase.im s2s	57:88:30:BC:82:FB:AA:23:A2:4E:74:4B:C8:85:D8:42:22:93:82:4C:80:00:03:4E:FC:83:CD:C4:D8:76:67:7D
muc.volatile.bz s2s	FD:1F:2B:A1:5C:44:93:EC:3A:68:5C:12:97:1E:A0:EC:19:B5:4A:B6:EB:38:1E:9E:97:DE:87:7D:BE:4C:9A:B5
volatile.bz c2s	FD:1F:2B:A1:5C:44:93:EC:3A:68:5C:12:97:1E:A0:EC:19:B5:4A:B6:EB:38:1E:9E:97:DE:87:7D:BE:4C:9A:B5
volatile.bz s2s	FD:1F:2B:A1:5C:44:93:EC:3A:68:5C:12:97:1E:A0:EC:19:B5:4A:B6:EB:38:1E:9E:97:DE:87:7D:BE:4C:9A:B5