Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 93 results

SSL 2	0 0%
SSL 3	1 1.1%
TLS 1.0	46 49.5%
TLS 1.1	49 52.7%
TLS 1.2	92 98.9%

Grades 93 results

A	88 94.6%
B	4 4.3%
C	0 0%
D	0 0%
E	0 0%
F	1 1.1%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
1024	2 2.2%
2048	43 47.8%
4096	45 50%

StartTLS

Type	Client to server	Server to server
Required	51 83.6%	23 71.9%
Allowed	10 16.4%	9 28.1%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	92 89.3%	7 6.8%
Invalid	1 1%	3 2.9%

SASL mechanisms 61 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	6 9.8%	59 96.7%
SCRAM-SHA-1	9 14.8%	55 90.2%
SCRAM-SHA-1-PLUS	0 0%	23 37.7%
X-OAUTH2	2 3.3%	15 24.6%
DIGEST-MD5	4 6.6%	10 16.4%
CRAM-MD5	1 1.6%	2 3.3%
LOGIN	0 0%	1 1.6%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	56
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	2
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	2
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	1
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1
new-swankton.net	A3:BF:22:D3:EE:44:6E:65:B0:F8:25:80:89:89:81:56:99:B9:7B:E7	1
ejabberd	C1:8B:AF:97:16:64:64:71:DA:50:8A:1C:7E:DC:E6:E6:FA:42:4F:68	1
John Doe	4B:EB:B2:62:42:70:4B:2D:1A:A6:A6:47:F3:E5:B1:E7:54:8C:11:FD	1
live.web-connected.com	EA:67:28:78:88:7A:38:5C:3A:D3:F9:9A:0F:43:3F:1C:A1:DC:42:6A	1
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	1
Conversations CA	F9:87:0B:66:B3:81:01:6F:E3:F3:F2:C4:B2:9E:3D:64:54:FA:E5:E8	1
RapidSSL SHA256 CA - G3	0E:34:14:18:46:E7:42:3D:37:F2:0D:C0:AB:06:C9:BB:D8:43:DC:24	1
blikon.ddns.net	3E:B5:2C:F0:4A:D9:A4:39:90:56:A4:38:DA:E5:C4:0C:21:49:C4:0C	1
Go Daddy Secure Certificate Authority - G2	27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8	1
SwissSign Server Gold CA 2014 - G22	AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 1 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer
new-swankton.net	server to server	2020-08-06T20:28:19+00:00	new-swankton.net

Servers with DNSSEC signed SRV records 30 results

Target	Type	When
404.city	client to server	2020-08-08T12:46:08+00:00
a3.pm	client to server	2020-08-08T16:32:32+00:00
anoxinon.me	client to server	2020-08-09T10:38:33+00:00
beherit.pl	client to server	2020-08-10T20:04:08+00:00
beherit.pl	server to server	2020-08-10T20:03:58+00:00
dismail.de	client to server	2020-08-09T22:29:44+00:00
disroot.org	client to server	2020-08-08T07:14:18+00:00
erewhon.in	client to server	2020-08-06T16:30:32+00:00
im.in-ulm.de	client to server	2020-08-05T20:00:08+00:00
jabber.briehl.de	client to server	2020-08-07T08:07:00+00:00
jabber.calyxinstitute.org	client to server	2020-08-06T18:00:30+00:00
jabber.de	client to server	2020-08-07T19:18:56+00:00
jabber.fr	client to server	2020-08-05T22:41:04+00:00
jabber.systemli.org	client to server	2020-08-09T16:07:33+00:00
jabber.uk	server to server	2020-08-06T02:09:05+00:00
juniorjpdj.pl	client to server	2020-08-06T17:30:42+00:00
juniorjpdj.pl	server to server	2020-08-06T17:30:46+00:00
mailbox.org	client to server	2020-08-12T07:29:15+00:00
nlnet.nl	client to server	2020-08-10T12:42:48+00:00
savemy.name	client to server	2020-08-08T21:10:21+00:00
snopyta.org	client to server	2020-08-07T09:29:35+00:00
snopyta.org	server to server	2020-08-07T09:30:15+00:00
suchat.org	client to server	2020-08-12T07:10:31+00:00
thesecure.biz	client to server	2020-08-11T09:39:41+00:00
tm-t.ca	client to server	2020-08-10T16:18:13+00:00
tm-t.ca	server to server	2020-08-10T16:03:26+00:00
van-donselaar.nl	client to server	2020-08-07T21:38:34+00:00
van-donselaar.nl	server to server	2020-08-07T21:42:50+00:00
wiuwiu.de	client to server	2020-08-07T11:28:11+00:00
xmpp.is	client to server	2020-08-06T15:53:19+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 1 results

Target	Type	When
jabber.calyxinstitute.org	client to server	2020-08-06T18:00:30+00:00

Servers not offering encryption 0 results

Target	Type	When

Servers sharing private keys 2 results

Target	SHA256(SPKI)
draugr.de c2s	9D:E8:C7:2E:58:A9:F5:18:63:BA:4A:9C:AA:9B:C3:D1:03:DF:A1:5F:00:C6:49:9A:EB:20:FB:C5:39:EB:13:6B
ubuntu-jabber.net s2s	9D:E8:C7:2E:58:A9:F5:18:63:BA:4A:9C:AA:9B:C3:D1:03:DF:A1:5F:00:C6:49:9A:EB:20:FB:C5:39:EB:13:6B