Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 81 results

SSL 2	0 0%
SSL 3	1 1.2%
TLS 1.0	32 39.5%
TLS 1.1	32 39.5%
TLS 1.2	81 100%

Grades 81 results

A	78 96.3%
B	2 2.5%
C	1 1.2%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
2048	53 75.7%
3072	3 4.3%
4096	14 20%

StartTLS

Type	Client to server	Server to server
Required	50 90.9%	24 92.3%
Allowed	5 9.1%	2 7.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	0%	50 58.1%
Invalid	35 40.7%	1 1.2%

SASL mechanisms 55 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	7 12.7%	53 96.4%
SCRAM-SHA-1	8 14.5%	47 85.5%
SCRAM-SHA-1-PLUS	0 0%	36 65.5%
X-OAUTH2	1 1.8%	12 21.8%
DIGEST-MD5	3 5.5%	8 14.5%
SCRAM-SHA-256	2 3.6%	6 10.9%
SCRAM-SHA-256-PLUS	0 0%	6 10.9%
SCRAM-SHA-512	1 1.8%	6 10.9%
SCRAM-SHA-512-PLUS	0 0%	6 10.9%
LOGIN	0 0%	1 1.8%
CRAM-MD5	0 0%	1 1.8%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
R3	A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05	42
ZeroSSL RSA Domain Secure Site CA	C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34	3
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	2
ZeroSSL ECC Domain Secure Site CA	7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78	2
jabbercentra.com	E5:54:DE:04:D2:13:E8:F9:90:1E:C0:5E:05:E9:55:B3:D7:BD:FA:B3	1
xmpp.die-schlegels.net	56:04:66:F8:8D:B2:5D:F6:5D:5B:F8:84:6F:9C:B9:D3:0B:EE:F6:A2	1
outlaws.im	E8:C9:8C:9D:5B:6E:9A:17:FA:84:83:3F:2A:D4:72:F7:20:93:7B:4D	1
Encryption Everywhere DV TLS CA - G1	59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3	1
10.10.20.105	6F:4B:40:6A:F6:3F:BC:0B:F6:62:C9:6E:DC:1B:26:6B:9E:C7:BD:28	1
Conversations CA	F9:87:0B:66:B3:81:01:6F:E3:F3:F2:C4:B2:9E:3D:64:54:FA:E5:E8	1
E1	09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer

Servers with DNSSEC signed SRV records 24 results

Target	Type	When
404.city	client to server	2022-09-28T21:45:00+00:00
danwin1210.de	client to server	2022-09-29T09:22:12+00:00
danwin1210.me	client to server	2022-09-29T09:15:18+00:00
eatthebugs.cc	client to server	2022-10-04T17:35:29+00:00
eatthebugs.cc	server to server	2022-10-04T17:35:24+00:00
helvetica.fm	client to server	2022-10-03T01:18:43+00:00
jabb3r.org	client to server	2022-10-04T18:57:24+00:00
jabber.calyxinstitute.org	client to server	2022-10-02T04:45:51+00:00
jmqc.nl	client to server	2022-09-30T20:10:50+00:00
jmqc.nl	server to server	2022-09-30T19:35:09+00:00
lain.sh	client to server	2022-10-03T04:59:19+00:00
lain.sh	server to server	2022-10-03T04:59:24+00:00
mat-hill.xyz	client to server	2022-09-29T22:17:13+00:00
parloteo.es	client to server	2022-10-03T22:53:54+00:00
parloteo.es	server to server	2022-10-03T22:54:58+00:00
suchat.org	client to server	2022-10-03T22:53:43+00:00
suchat.org	server to server	2022-10-03T22:55:12+00:00
uuuvn.space	client to server	2022-09-30T16:48:39+00:00
uuuvn.space	server to server	2022-09-30T16:52:34+00:00
wyderki.ovh	client to server	2022-10-03T13:31:03+00:00
xm.nidzica.net	client to server	2022-10-03T13:47:58+00:00
xmpp.is	server to server	2022-09-30T10:24:20+00:00
xmpp.mailpush.one	client to server	2022-09-30T05:44:32+00:00
xmpp.mailpush.one	server to server	2022-09-30T05:19:03+00:00

Servers with DNSSEC signed DANE records 8 results

Target	Type	When
danwin1210.de	client to server	2022-09-29T09:22:12+00:00
jabb3r.org	client to server	2022-10-04T18:57:24+00:00
jabber.calyxinstitute.org	client to server	2022-10-02T04:45:51+00:00
jmqc.nl	client to server	2022-09-30T20:10:50+00:00
jmqc.nl	server to server	2022-09-30T19:35:09+00:00
suchat.org	client to server	2022-10-03T22:53:43+00:00
suchat.org	server to server	2022-10-03T22:55:12+00:00
yax.im	client to server	2022-09-30T11:20:19+00:00

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 6 results

Target	SHA256(SPKI)
draugr.de c2s	25:92:08:14:89:00:CD:CD:18:CA:09:1E:41:CA:AB:AD:5C:2E:0C:97:C4:A3:2F:84:9D:48:BF:67:4A:B2:28:03
xabber.de c2s	25:92:08:14:89:00:CD:CD:18:CA:09:1E:41:CA:AB:AD:5C:2E:0C:97:C4:A3:2F:84:9D:48:BF:67:4A:B2:28:03
quollwriter.com c2s	6E:18:2A:B1:33:60:64:F5:60:A3:BF:91:68:B0:E7:4B:16:67:A3:0F:C1:99:AA:33:EB:68:43:23:D5:EF:E5:D6
www.quollwriter.com c2s	6E:18:2A:B1:33:60:64:F5:60:A3:BF:91:68:B0:E7:4B:16:67:A3:0F:C1:99:AA:33:EB:68:43:23:D5:EF:E5:D6
01337.io c2s	73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
darknet.im c2s	73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3