Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 81 results

SSL 2 0 0%
SSL 3 1 1.2%
TLS 1.0 32 39.5%
TLS 1.1 32 39.5%
TLS 1.2 81 100%

Grades 81 results

A 78 96.3%
B 2 2.5%
C 1 1.2%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 53 75.7%
3072 3 4.3%
4096 14 20%

StartTLS

Type Client to server Server to server
Required 50 90.9% 24 92.3%
Allowed 5 9.1% 2 7.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 50 58.1%
Invalid 35 40.7% 1 1.2%

SASL mechanisms 55 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 7 12.7% 53 96.4%
SCRAM-SHA-1 8 14.5% 47 85.5%
SCRAM-SHA-1-PLUS 0 0% 36 65.5%
X-OAUTH2 1 1.8% 12 21.8%
DIGEST-MD5 3 5.5% 8 14.5%
SCRAM-SHA-256 2 3.6% 6 10.9%
SCRAM-SHA-256-PLUS 0 0% 6 10.9%
SCRAM-SHA-512 1 1.8% 6 10.9%
SCRAM-SHA-512-PLUS 0 0% 6 10.9%
LOGIN 0 0% 1 1.8%
CRAM-MD5 0 0% 1 1.8%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 42
ZeroSSL RSA Domain Secure Site CA C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 3
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 2
ZeroSSL ECC Domain Secure Site CA 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 2
jabbercentra.com E5:54:DE:04:D2:13:E8:F9:90:1E:C0:5E:05:E9:55:B3:D7:BD:FA:B3 1
xmpp.die-schlegels.net 56:04:66:F8:8D:B2:5D:F6:5D:5B:F8:84:6F:9C:B9:D3:0B:EE:F6:A2 1
outlaws.im E8:C9:8C:9D:5B:6E:9A:17:FA:84:83:3F:2A:D4:72:F7:20:93:7B:4D 1
Encryption Everywhere DV TLS CA - G1 59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3 1
10.10.20.105 6F:4B:40:6A:F6:3F:BC:0B:F6:62:C9:6E:DC:1B:26:6B:9E:C7:BD:28 1
Conversations CA F9:87:0B:66:B3:81:01:6F:E3:F3:F2:C4:B2:9E:3D:64:54:FA:E5:E8 1
E1 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 24 results

Target Type When
404.city client to server
danwin1210.de client to server
danwin1210.me client to server
eatthebugs.cc client to server
eatthebugs.cc server to server
helvetica.fm client to server
jabb3r.org client to server
jabber.calyxinstitute.org client to server
jmqc.nl client to server
jmqc.nl server to server
lain.sh client to server
lain.sh server to server
mat-hill.xyz client to server
parloteo.es client to server
parloteo.es server to server
suchat.org client to server
suchat.org server to server
uuuvn.space client to server
uuuvn.space server to server
wyderki.ovh client to server
xm.nidzica.net client to server
xmpp.is server to server
xmpp.mailpush.one client to server
xmpp.mailpush.one server to server

Servers with DNSSEC signed DANE records 8 results

Target Type When
danwin1210.de client to server
jabb3r.org client to server
jabber.calyxinstitute.org client to server
jmqc.nl client to server
jmqc.nl server to server
suchat.org client to server
suchat.org server to server
yax.im client to server

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 0 results

Target Type When

Servers sharing private keys 6 results

Target SHA256(SPKI)
draugr.de c2s 25:92:08:14:89:00:CD:CD:18:CA:09:1E:41:CA:AB:AD:5C:2E:0C:97:C4:A3:2F:84:9D:48:BF:67:4A:B2:28:03
xabber.de c2s 25:92:08:14:89:00:CD:CD:18:CA:09:1E:41:CA:AB:AD:5C:2E:0C:97:C4:A3:2F:84:9D:48:BF:67:4A:B2:28:03
quollwriter.com c2s 6E:18:2A:B1:33:60:64:F5:60:A3:BF:91:68:B0:E7:4B:16:67:A3:0F:C1:99:AA:33:EB:68:43:23:D5:EF:E5:D6
www.quollwriter.com c2s 6E:18:2A:B1:33:60:64:F5:60:A3:BF:91:68:B0:E7:4B:16:67:A3:0F:C1:99:AA:33:EB:68:43:23:D5:EF:E5:D6
01337.io c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3
darknet.im c2s 73:27:9E:3F:78:4F:F6:FE:6C:38:25:0E:D7:A6:CE:07:8A:B4:B0:43:9D:EA:41:ED:24:FF:D1:1A:C9:6C:F7:A3