SSL 2 | 0 0% |
SSL 3 | 3 2.6% |
TLS 1.0 | 40 34.5% |
TLS 1.1 | 44 37.9% |
TLS 1.2 | 116 100% |
A | 103 88.8% |
---|---|
B | 11 9.5% |
C | 2 1.7% |
D | 0 0% |
E | 0 0% |
F | 0 0% |
RSA key size | Count |
---|---|
2048 | 69 67% |
4096 | 34 33% |
Type | Client to server | Server to server |
---|---|---|
Required | 71 87.7% | 24 68.6% |
Allowed | 10 12.3% | 11 31.4% |
To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.
Trusted | Untrusted | |
---|---|---|
Valid | 29 22.1% | 97 74% |
Invalid | 1 0.8% | 4 3.1% |
Mechanism | # times offered before TLS | # times offered after TLS |
---|---|---|
PLAIN | 9 11.1% | 79 97.5% |
SCRAM-SHA-1 | 9 11.1% | 69 85.2% |
SCRAM-SHA-1-PLUS | 0 0% | 51 63% |
X-OAUTH2 | 2 2.5% | 15 18.5% |
DIGEST-MD5 | 7 8.6% | 12 14.8% |
SCRAM-SHA-512 | 0 0% | 7 8.6% |
SCRAM-SHA-512-PLUS | 0 0% | 7 8.6% |
SCRAM-SHA-256 | 0 0% | 6 7.4% |
SCRAM-SHA-256-PLUS | 0 0% | 6 7.4% |
CRAM-MD5 | 1 1.2% | 2 2.5% |
EXTERNAL | 0 0% | 1 1.2% |
X-GOOGLE-TOKEN | 1 1.2% | 1 1.2% |
LOGIN | 0 0% | 1 1.2% |
SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.
Target | Type | When |
---|
SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.
Target | Type | When |
---|
Name/Organization | SHA1 | Count |
---|---|---|
R3 | A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 | 75 |
ZeroSSL ECC Domain Secure Site CA | 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 | 2 |
E1 | 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 | 2 |
Go Daddy Secure Certificate Authority - G2 | 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 | 2 |
localhost | B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 | 1 |
GEANT OV RSA CA 4 | C2:82:6E:26:6D:74:05:D3:4E:F8:97:62:63:6A:E4:B3:6E:86:CB:5E | 1 |
Fraunhofer Service CA - G02 | 52:5D:93:4C:22:9B:60:89:44:49:69:F4:9B:D4:48:83:BD:0C:44:26 | 1 |
ZeroSSL RSA Domain Secure Site CA | C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 | 1 |
E-Kehat-Ru | 8C:7C:F9:14:B1:1F:33:E0:3D:B2:0C:61:68:46:F7:5F:88:A1:D9:53 | 1 |
Thawte RSA CA 2018 | 4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7 | 1 |
ejabberd | E6:2B:50:58:F1:ED:74:35:DA:15:FE:76:CA:8C:C1:04:D0:94:79:DA | 1 |
Starfield Secure Certificate Authority - G2 | 7E:DC:37:6D:CF:D4:5E:6D:DF:08:2C:16:0D:F6:AC:21:83:5B:95:D4 | 1 |
xmpp.svtux.fr | 3E:55:DB:7B:52:27:75:12:72:C5:DD:03:27:7A:1A:6F:B4:67:57:4A | 1 |
GeoTrust RSA CA 2018 | 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B | 1 |
GTS CA 1C3 | 1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC | 1 |
Thawte TLS RSA CA G1 | C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 | 1 |
As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.
Target | Type | When | Issuer |
---|
Target | Type | When |
---|---|---|
404.city | client to server | |
404.city | server to server | |
5222.de | client to server | |
anakojm.net | client to server | |
anakojm.net | server to server | |
bgjmpt.eu | client to server | |
cheogram.com | server to server | |
critiq.one | client to server | |
critiq.one | server to server | |
danwin1210.de | client to server | |
danwin1210.de | server to server | |
danwin1210.me | client to server | |
eu.prod.push.monal-im.org | server to server | |
gajim.org | server to server | |
invy.at | client to server | |
invy.at | server to server | |
jabber.absturztau.be | client to server | |
jabber.absturztau.be | server to server | |
jabber.calyxinstitute.org | client to server | |
jabber.calyxinstitute.org | server to server | |
jabber.de | client to server | |
jabber.systemli.org | client to server | |
jabber.systemli.org | server to server | |
mailbox.org | client to server | |
mastodont.cat | client to server | |
miharu.dedyn.io | client to server | |
monocles.de | client to server | |
monocles.de | server to server | |
monocles.eu | client to server | |
mrakonet.cz | client to server | |
nixnet.services | client to server | |
nixnet.services | server to server | |
parloteo.es | client to server | |
rm3811.net | client to server | |
skynetcloud.site | client to server | |
skynetcloud.site | server to server | |
snopyta.org | client to server | |
texto-plano.xyz | client to server | |
texto-plano.xyz | server to server | |
trashserver.net | client to server | |
trashserver.net | server to server | |
wiuwiu.de | client to server | |
xmpp.co | client to server |
Target | Type | When |
---|---|---|
5222.de | client to server | |
danwin1210.de | client to server | |
danwin1210.de | server to server | |
jabber.calyxinstitute.org | client to server | |
jabber.systemli.org | client to server | |
jabber.systemli.org | server to server | |
mailbox.org | client to server | |
monocles.de | client to server | |
monocles.de | server to server | |
monocles.eu | client to server | |
skynetcloud.site | client to server | |
skynetcloud.site | server to server | |
wiuwiu.de | client to server | |
yax.im | client to server |
Target | Type | When |
---|---|---|
jabber.calyxinstitute.org | client to server |
Target | Type | When |
---|
Target | SHA256(SPKI) |
---|---|
chat.pemlex.de c2s | 03:C6:93:19:FF:78:D5:FB:FD:AA:10:5D:59:21:50:2E:E0:1B:E0:69:B7:0C:03:F9:BC:2E:BA:DC:3B:C8:D0:75 |
pemlex.de c2s | 03:C6:93:19:FF:78:D5:FB:FD:AA:10:5D:59:21:50:2E:E0:1B:E0:69:B7:0C:03:F9:BC:2E:BA:DC:3B:C8:D0:75 |
monocles.de c2s | 35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC |
monocles.de s2s | 35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC |
monocles.eu c2s | 35:D7:A2:DD:D6:E9:4A:98:08:54:BD:E7:64:94:63:F0:73:AC:3D:DC:C3:65:9C:6E:CD:EF:00:DF:4B:4F:D4:DC |
xmpp-stg.way2cloud.gocurb.com c2s | 9D:E0:FC:6B:A6:3A:B3:7D:0D:65:F7:66:25:AB:58:79:D4:99:8F:64:F5:22:62:F0:00:B9:F5:54:AF:DA:96:A3 |
xmpp.way2cloud.gocurb.com c2s | 9D:E0:FC:6B:A6:3A:B3:7D:0D:65:F7:66:25:AB:58:79:D4:99:8F:64:F5:22:62:F0:00:B9:F5:54:AF:DA:96:A3 |