Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 216 results

SSL 2	0 0%
SSL 3	11 5.1%
TLS 1.0	149 69%
TLS 1.1	157 72.7%
TLS 1.2	209 96.8%

Grades 216 results

A	176 81.5%
B	25 11.6%
C	15 6.9%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
1024	3 1.4%
2048	114 53.5%
3072	2 0.9%
4096	94 44.1%

StartTLS

Type	Client to server	Server to server
Required	100 74.1%	48 59.3%
Allowed	35 25.9%	33 40.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	209 86.7%	14 5.8%
Invalid	5 2.1%	13 5.4%

SASL mechanisms 135 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	34 25.2%	132 97.8%
SCRAM-SHA-1	30 22.2%	116 85.9%
X-OAUTH2	14 10.4%	49 36.3%
SCRAM-SHA-1-PLUS	0 0%	42 31.1%
DIGEST-MD5	23 17%	37 27.4%
CRAM-MD5	7 5.2%	8 5.9%
ANONYMOUS	2 1.5%	2 1.5%
JIVE-SHAREDSECRET	2 1.5%	2 1.5%
OFMEET	1 0.7%	1 0.7%
NTLM	1 0.7%	1 0.7%
LOGIN	0 0%	1 0.7%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	122
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	3
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	3
DFN-Verein Global Issuing CA	C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45	2
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	2
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	2
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	2
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
localhost	0E:B9:94:69:38:03:5B:F0:B6:62:84:08:DD:5C:B6:1C:45:5B:E7:92	1
localhost	74:46:37:BB:92:F3:2F:EA:A1:88:BE:AA:48:61:DD:6B:4D:13:40:49	1
octavianonline.com	41:48:80:0B:33:B0:55:33:0A:98:B8:D9:6F:CF:AB:94:4B:49:F1:DE	1
onex	CB:EA:86:1C:04:74:43:9B:97:43:64:34:46:43:0A:4A:39:E8:D8:24	1
qt.is	09:9B:BA:7C:28:0F:A4:45:CF:75:29:0E:EC:FF:A6:6A:22:FE:5A:44	1
RWTH Aachen CA	37:14:A5:0B:4C:96:04:6D:57:CD:6D:36:E1:79:E9:76:2B:F7:DB:5F	1
syriabuzz.org	2E:65:57:97:88:3F:1F:87:02:3D:54:9B:10:BF:B4:DD:66:50:21:50	1
TWCA Secure SSL Certification Authority	0A:72:EF:D6:60:FD:34:F2:54:E6:6A:85:95:BA:81:E6:0A:75:4E:68	1
52.37.225.132	AD:B0:53:D1:55:7A:9D:11:CB:0E:13:6A:F7:7A:A2:BD:17:00:2C:F9	1
(Unknown)	F4:C8:6F:7B:89:57:6B:EE:13:5D:E7:5D:76:5E:04:F4:0C:23:79:B3	1
AlphaSSL CA - SHA256 - G2	4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC	1
COMODO ECC Domain Validation Secure Server CA	16:EE:54:E4:8C:76:EA:A1:05:2E:09:01:0D:8F:AE:FE:E9:5E:5E:BB	1
DigiCert SHA2 Extended Validation Server CA	7E:2F:3A:4F:8F:E8:FA:8A:57:30:AE:CA:02:96:96:63:7E:98:6F:3F	1
ejabberd	21:F5:83:EE:6A:07:73:53:CA:E7:CA:84:34:F7:36:09:53:37:2B:7D	1
Go Daddy Secure Certificate Authority - G2	27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8	1
jabber.masternetdon.ru	7B:80:EA:1A:7C:C0:66:F8:D5:AD:E1:82:D4:93:C5:F8:CD:40:BE:7F	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 3 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer
migtalk.com	server to server	2019-04-17T12:31:37+00:00	syriabuzz.org
segin.ru	client to server	2019-04-16T06:08:05+00:00
segin.ru	server to server	2019-04-16T06:09:41+00:00

Servers with DNSSEC signed SRV records 50 results

Target	Type	When
disroot.org	server to server	2019-04-14T12:36:37+00:00
fossgalaxy.com	client to server	2019-04-15T13:02:26+00:00
jabber.at	client to server	2019-04-19T19:26:50+00:00
simplewire.de	client to server	2019-04-19T14:02:17+00:00
x0.chat	client to server	2019-04-20T08:13:22+00:00
xmpp.trshnet.de	server to server	2019-04-19T00:57:50+00:00
federez.net	client to server	2019-04-20T11:11:07+00:00
autistici.org	client to server	2019-04-18T03:58:51+00:00
beijinglug.club	client to server	2019-04-15T07:00:54+00:00
blug.moe	client to server	2019-04-20T11:23:30+00:00
ssji.net	client to server	2019-04-16T10:21:15+00:00
0x00.nz	server to server	2019-04-14T19:58:10+00:00
dismail.de	client to server	2019-04-19T14:03:26+00:00
jabber.de	client to server	2019-04-20T09:08:10+00:00
jabberpl.org	client to server	2019-04-15T17:08:43+00:00
jabber.systemli.org	client to server	2019-04-19T14:04:54+00:00
spemaus.de	client to server	2019-04-14T12:27:28+00:00
xmpp.lt	server to server	2019-04-19T21:45:30+00:00
0x00.nz	client to server	2019-04-14T19:58:04+00:00
domob.eu	server to server	2019-04-13T14:31:41+00:00
gaf.fs.lmu.de	server to server	2019-04-19T00:58:29+00:00
gajim.org	client to server	2019-04-16T13:14:59+00:00
xmpp.is	client to server	2019-04-17T07:17:42+00:00
4ept.net	client to server	2019-04-14T19:16:16+00:00
core.mx	client to server	2019-04-19T12:00:35+00:00
fysh.in	client to server	2019-04-19T12:17:54+00:00
gajim.org	server to server	2019-04-14T12:55:36+00:00
jabber.olden.ch	server to server	2019-04-15T19:00:52+00:00
jabberpl.org	server to server	2019-04-15T17:11:32+00:00
jabber.tcpreset.net	client to server	2019-04-14T15:51:15+00:00
kupschke.net	client to server	2019-04-15T05:36:01+00:00
strobeto.de	client to server	2019-04-14T09:10:14+00:00
wollu.xyz	client to server	2019-04-19T04:32:15+00:00
xmpp.trshnet.de	client to server	2019-04-19T08:41:12+00:00
404.city	server to server	2019-04-19T13:38:07+00:00
5222.de	client to server	2019-04-19T14:01:32+00:00
jabber.zone	client to server	2019-04-17T17:11:09+00:00
riseup.net	client to server	2019-04-18T03:58:19+00:00
trashserver.net	server to server	2019-04-15T21:20:51+00:00
wollu.xyz	server to server	2019-04-18T20:44:16+00:00
xmpp-hosting.de	client to server	2019-04-18T22:21:55+00:00
disroot.org	client to server	2019-04-18T04:00:48+00:00
domob.eu	client to server	2019-04-13T14:25:48+00:00
gaf.fs.lmu.de	client to server	2019-04-19T00:57:10+00:00
jabb3r.org	client to server	2019-04-14T02:45:48+00:00
jabber.zone	server to server	2019-04-17T17:10:42+00:00
kupschke.net	server to server	2019-04-15T05:37:33+00:00
magicbroccoli.de	client to server	2019-04-19T14:00:55+00:00
trashserver.net	client to server	2019-04-15T21:16:52+00:00
xmpp.lt	client to server	2019-04-19T21:45:17+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 0 results

Target	Type	When

Servers not offering encryption 2 results

Target	Type	When
asguard.pro	client to server	2019-04-15T11:51:15+00:00
migtalk.com	client to server	2019-04-17T12:30:46+00:00

Servers sharing private keys 15 results

Target	SHA256(SPKI)
chat.octavianonline.com c2s	33:7F:57:39:A7:3D:B5:C5:04:BB:B4:C7:DD:69:58:4C:28:5C:66:42:0D:1E:98:D8:00:CE:6D:15:74:9D:4B:85
octavianonline.com c2s	33:7F:57:39:A7:3D:B5:C5:04:BB:B4:C7:DD:69:58:4C:28:5C:66:42:0D:1E:98:D8:00:CE:6D:15:74:9D:4B:85
octavianonline.com s2s	33:7F:57:39:A7:3D:B5:C5:04:BB:B4:C7:DD:69:58:4C:28:5C:66:42:0D:1E:98:D8:00:CE:6D:15:74:9D:4B:85
netdock.i234.me c2s	3C:42:24:5A:19:26:AE:BE:12:8C:4F:88:9A:15:F6:6C:F5:90:64:AF:1C:51:60:95:8E:AC:F7:78:41:9D:62:6B
netdock.i234.me s2s	3C:42:24:5A:19:26:AE:BE:12:8C:4F:88:9A:15:F6:6C:F5:90:64:AF:1C:51:60:95:8E:AC:F7:78:41:9D:62:6B
netdock.servehttp.com s2s	3C:42:24:5A:19:26:AE:BE:12:8C:4F:88:9A:15:F6:6C:F5:90:64:AF:1C:51:60:95:8E:AC:F7:78:41:9D:62:6B
0x00.nz c2s	5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
0x00.nz s2s	5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
xmpp.lt c2s	5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
xmpp.lt s2s	5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
beijinglug.club c2s	9F:71:E2:62:E8:17:A7:83:3C:03:DD:BA:96:F9:7F:85:C8:ED:BE:15:3A:AB:8A:BE:B1:9A:02:7D:46:28:26:08
blug.moe c2s	9F:71:E2:62:E8:17:A7:83:3C:03:DD:BA:96:F9:7F:85:C8:ED:BE:15:3A:AB:8A:BE:B1:9A:02:7D:46:28:26:08
medusa.priv.at c2s	ED:CF:93:1C:3A:6B:7D:D6:B2:3A:FA:C2:A2:C8:42:1D:8D:63:A6:87:FB:09:83:DD:7F:CF:5E:77:41:CF:62:0E
xmpp.medusa.priv.at c2s	ED:CF:93:1C:3A:6B:7D:D6:B2:3A:FA:C2:A2:C8:42:1D:8D:63:A6:87:FB:09:83:DD:7F:CF:5E:77:41:CF:62:0E
xmpp.medusa.priv.at s2s	ED:CF:93:1C:3A:6B:7D:D6:B2:3A:FA:C2:A2:C8:42:1D:8D:63:A6:87:FB:09:83:DD:7F:CF:5E:77:41:CF:62:0E