Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 166 results

SSL 2	0 0%
SSL 3	3 1.8%
TLS 1.0	90 54.2%
TLS 1.1	99 59.6%
TLS 1.2	165 99.4%

Grades 166 results

A	141 84.9%
B	23 13.9%
C	2 1.2%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
1024	2 1.2%
2048	98 60.9%
3072	8 5%
4096	53 32.9%

StartTLS

Type	Client to server	Server to server
Required	93 82.3%	29 54.7%
Allowed	20 17.7%	24 45.3%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	150 84.7%	19 10.7%
Invalid	2 1.1%	6 3.4%

SASL mechanisms 113 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	19 16.8%	112 99.1%
SCRAM-SHA-1	16 14.2%	96 85%
SCRAM-SHA-1-PLUS	0 0%	41 36.3%
X-OAUTH2	6 5.3%	30 26.5%
DIGEST-MD5	11 9.7%	23 20.4%
CRAM-MD5	7 6.2%	8 7.1%
LOGIN	0 0%	1 0.9%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	97
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	6
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	4
AlphaSSL CA - SHA256 - G2	4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC	2
Go Daddy Secure Certificate Authority - G2	27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8	1
SwissSign Server Gold CA 2014 - G22	AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98	1
PositiveSSL CA 2	94:80:7B:1C:78:8D:D2:FC:BE:19:C8:48:1C:E4:1C:FA:B8:A4:C1:7F	1
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1
internal-CA	59:9E:14:F2:E9:00:6D:02:AF:23:3C:68:50:7C:63:36:DC:CA:9D:75	1
anggichanger.org	DF:4B:F5:BF:2E:5B:D7:1E:E2:FC:A8:00:C5:78:15:58:8D:E4:72:EC	1
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
Alexander Turenko	D8:F0:E0:34:CF:C3:A2:E5:A5:FC:70:BA:74:4C:62:68:8E:91:93:43	1
iposerver-1974423365.avaya.com	90:71:30:ED:DA:97:36:3A:05:2E:D3:D0:EB:88:60:8B:2A:4B:DA:2F	1
jabbex.net	50:EC:3E:BA:4B:E4:ED:8A:27:20:7B:EB:ED:A9:BB:14:87:A6:91:7E	1
tfs.today	E0:C5:77:C9:7F:CF:74:F0:73:D7:B2:A5:5A:D0:B2:2D:57:21:F0:7F	1
carding.network	5D:F9:57:0A:33:C2:59:EF:38:1A:CF:91:22:FE:25:AC:67:F2:45:80	1
fujabber.com	15:AE:2C:E3:3A:5B:78:A3:78:8F:16:67:9E:DF:F0:AD:30:65:2E:C1	1
jrxmpp.com	44:DC:44:7C:6D:D8:33:49:F2:E6:D5:63:A4:6E:59:A6:8F:5D:5D:55	1
xmpp.m01.info	EC:E0:00:87:BB:ED:E0:A2:19:5D:D2:83:4C:32:4B:DA:5A:79:34:BB	1
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 2 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer
totktonada.ru	client to server	2020-05-30T16:05:05+00:00	Alexander Turenko
totktonada.ru	server to server	2020-05-30T16:18:00+00:00	Alexander Turenko

Servers with DNSSEC signed SRV records 49 results

Target	Type	When
404.city	client to server	2020-06-04T17:31:46+00:00
5222.de	server to server	2020-05-30T14:15:59+00:00
akashaduocyen.nl	client to server	2020-05-29T21:50:42+00:00
akashaduocyen.nl	server to server	2020-05-29T22:54:37+00:00
bria.wf	client to server	2020-05-29T10:19:15+00:00
core.radiosignal.net	client to server	2020-06-04T09:10:23+00:00
core.radiosignal.net	server to server	2020-06-04T09:29:49+00:00
diebesban.de	client to server	2020-06-04T17:25:11+00:00
dismail.de	client to server	2020-06-04T08:01:52+00:00
dismail.de	server to server	2020-05-30T17:09:53+00:00
dpc.re	client to server	2020-06-01T07:18:15+00:00
dpc.re	server to server	2020-06-01T07:22:34+00:00
draugr.de	client to server	2020-06-01T18:57:36+00:00
expx.net	client to server	2020-06-01T20:02:29+00:00
ikenmeyer.eu	client to server	2020-06-01T18:40:05+00:00
im.icttci.cz	client to server	2020-06-04T14:00:35+00:00
jabb3r.de	client to server	2020-06-03T01:10:00+00:00
jabber.5july.net	client to server	2020-05-30T17:11:53+00:00
jabber.5july.net	server to server	2020-05-30T17:11:01+00:00
jabber.de	client to server	2020-06-04T16:42:17+00:00
jabber.hot-chilli.net	client to server	2020-06-01T23:37:38+00:00
jabber.kai.cz	client to server	2020-06-03T21:04:23+00:00
jabber.kai.cz	server to server	2020-06-03T21:15:40+00:00
jabberpl.org	server to server	2020-06-02T13:39:58+00:00
jabber.uk	client to server	2020-06-01T00:06:02+00:00
kraushaar.io	client to server	2020-06-02T23:09:29+00:00
mailbox.org	client to server	2020-05-30T17:21:41+00:00
mdosch.de	client to server	2020-06-04T16:58:40+00:00
mdosch.de	server to server	2020-06-04T17:17:25+00:00
mp.stlu.de	client to server	2020-06-03T15:33:16+00:00
mp.stlu.de	server to server	2020-06-03T15:02:50+00:00
nixnet.xyz	client to server	2020-05-29T17:35:26+00:00
online.osba.nl	client to server	2020-05-29T21:49:30+00:00
online.osba.nl	server to server	2020-05-29T22:16:43+00:00
os-k.eu	server to server	2020-06-03T15:45:15+00:00
p-pn.org	client to server	2020-06-03T23:54:47+00:00
projer.in	client to server	2020-05-29T14:43:20+00:00
riseup.net	client to server	2020-06-01T16:21:25+00:00
sanyi.nl	client to server	2020-05-30T20:19:33+00:00
sanyi.nl	server to server	2020-05-30T20:26:43+00:00
skynetcloud.site	client to server	2020-06-04T07:56:01+00:00
skynetcloud.site	server to server	2020-06-04T07:56:05+00:00
srv2.searacon.nl	client to server	2020-05-31T18:14:07+00:00
srv2.searacon.nl	server to server	2020-05-31T18:36:24+00:00
suchat.org	client to server	2020-05-30T08:42:05+00:00
thesecure.biz	client to server	2020-06-01T11:56:35+00:00
vbf.one	client to server	2020-05-29T13:15:50+00:00
vbf.one	server to server	2020-05-29T13:02:42+00:00
xmpp.is	client to server	2020-06-01T15:42:53+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 8 results

Target	SHA256(SPKI)
diebesban.de c2s	39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84
mdosch.de c2s	39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84
mdosch.de s2s	39:E1:A1:AD:ED:B3:01:4E:A0:8F:35:A7:83:A8:0A:6E:45:F6:CA:40:9B:C5:4A:51:2A:2F:2E:0F:32:E7:7E:84
109.230.199.180 c2s	B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
home.bakker.io c2s	B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
home.bakker.io s2s	B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
it4freedom.net s2s	EE:43:24:B0:2B:6C:AC:BA:42:8E:E2:7A:87:89:89:6D:88:1B:94:48:01:D9:91:46:60:84:C0:BC:5F:37:34:3D
lore.bra.it4freedom.net s2s	EE:43:24:B0:2B:6C:AC:BA:42:8E:E2:7A:87:89:89:6D:88:1B:94:48:01:D9:91:46:60:84:C0:BC:5F:37:34:3D