Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 108 results

SSL 2 0 0%
SSL 3 0 0%
TLS 1.0 64 59.3%
TLS 1.1 73 67.6%
TLS 1.2 108 100%

Grades 108 results

A 102 94.4%
B 5 4.6%
C 1 0.9%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 64 59.3%
4096 44 40.7%

StartTLS

Type Client to server Server to server
Required 68 86.1% 21 72.4%
Allowed 11 13.9% 8 27.6%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 11 9%
Invalid 110 90.2% 1 0.8%

SASL mechanisms 79 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 9 11.4% 78 98.7%
SCRAM-SHA-1 10 12.7% 64 81%
SCRAM-SHA-1-PLUS 0 0% 31 39.2%
X-OAUTH2 4 5.1% 23 29.1%
DIGEST-MD5 6 7.6% 10 12.7%
CRAM-MD5 1 1.3% 2 2.5%
LOGIN 0 0% 1 1.3%
JIVE-SHAREDSECRET 1 1.3% 1 1.3%
ANONYMOUS 0 0% 1 1.3%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 68
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 2
Entrust Certification Authority - L1K F2:1C:12:F4:6C:DB:6B:2E:16:F0:9F:94:19:CD:FF:32:84:37:B2:D7 2
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 2
ddosed.org 86:F3:A7:AB:6F:7C:8B:5B:28:E8:E1:E0:F9:4B:BA:4C:F8:5A:FD:1D 1
xmpp.frostworks.in 97:A2:B4:67:DC:8D:B2:9F:50:1B:F1:D2:C3:D9:15:AB:25:B4:05:6A 1
opentrux.fr 35:83:35:D2:F6:F7:F5:8B:CA:E1:AA:4A:C5:9F:5F:EB:CE:09:AE:6F 1
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 1
StartCom Class 1 DV Server CA 39:8E:19:36:63:9B:A5:20:6D:F5:17:9B:FB:B7:01:09:33:96:94:00 1
p4dvd 84:57:88:65:D5:1A:F6:DD:F5:54:E8:86:3B:3F:6D:BD:00:7E:83:B0 1
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 1
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 1
Fake LE Intermediate X1 4E:EE:73:98:C1:A3:DA:F9:1D:A1:66:89:DB:82:43:92:7A:27:1B:9A 1
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 1
SwissSign Server Gold CA 2014 - G22 AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 37 results

Target Type When
5222.de client to server
aquilatech.com client to server
chat.tiuxo.com client to server
chat.tiuxo.com server to server
cookiechat.de client to server
cookiechat.de server to server
debian.org client to server
dismail.de client to server
forum.friendi.ca server to server
gideonkuijt.nl client to server
gideonkuijt.nl server to server
gr4v.net client to server
gr4v.net server to server
hillmeier.net client to server
im.cyberjinh.fr client to server
im.cyberjinh.fr server to server
imfreedom.org client to server
jabb3r.de client to server
jabber.systemli.org server to server
libretux.com client to server
mailbox.org client to server
myxmpp.inthe.eu client to server
myxmpp.inthe.eu server to server
nerv.tech server to server
opentrux.fr client to server
pirati.ca client to server
rednull.org client to server
rednull.org server to server
snopyta.org server to server
thfree.ru client to server
thfree.ru server to server
tiuxo.com client to server
tiuxo.com server to server
x0.chat client to server
xmpp-hosting.de client to server
xmpp-hosting.de server to server
xmpp.is client to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 1 results

Target Type When
matrix.org server to server

Servers sharing private keys 4 results

Target SHA256(SPKI)
chat.tiuxo.com c2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
chat.tiuxo.com s2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
tiuxo.com c2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05
tiuxo.com s2s 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05