| SSL 2 | 0 0% |
| SSL 3 | 0 0% |
| TLS 1.0 | 64 59.3% |
| TLS 1.1 | 73 67.6% |
| TLS 1.2 | 108 100% |
| A | 102 94.4% |
|---|---|
| B | 5 4.6% |
| C | 1 0.9% |
| D | 0 0% |
| E | 0 0% |
| F | 0 0% |
| RSA key size | Count |
|---|---|
| 2048 | 64 59.3% |
| 4096 | 44 40.7% |
| Type | Client to server | Server to server |
|---|---|---|
| Required | 68 86.1% | 21 72.4% |
| Allowed | 11 13.9% | 8 27.6% |
To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.
| Trusted | Untrusted | |
|---|---|---|
| Valid | 0% | 11 9% |
| Invalid | 110 90.2% | 1 0.8% |
| Mechanism | # times offered before TLS | # times offered after TLS |
|---|---|---|
| PLAIN | 9 11.4% | 78 98.7% |
| SCRAM-SHA-1 | 10 12.7% | 64 81% |
| SCRAM-SHA-1-PLUS | 0 0% | 31 39.2% |
| X-OAUTH2 | 4 5.1% | 23 29.1% |
| DIGEST-MD5 | 6 7.6% | 10 12.7% |
| CRAM-MD5 | 1 1.3% | 2 2.5% |
| LOGIN | 0 0% | 1 1.3% |
| JIVE-SHAREDSECRET | 1 1.3% | 1 1.3% |
| ANONYMOUS | 0 0% | 1 1.3% |
SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.
| Target | Type | When |
|---|
SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.
| Target | Type | When |
|---|
| Name/Organization | SHA1 | Count |
|---|---|---|
| Let's Encrypt Authority X3 | E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB | 68 |
| COMODO RSA Domain Validation Secure Server CA | 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 | 2 |
| Entrust Certification Authority - L1K | F2:1C:12:F4:6C:DB:6B:2E:16:F0:9F:94:19:CD:FF:32:84:37:B2:D7 | 2 |
| Let's Encrypt Authority X3 | 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 | 2 |
| ddosed.org | 86:F3:A7:AB:6F:7C:8B:5B:28:E8:E1:E0:F9:4B:BA:4C:F8:5A:FD:1D | 1 |
| xmpp.frostworks.in | 97:A2:B4:67:DC:8D:B2:9F:50:1B:F1:D2:C3:D9:15:AB:25:B4:05:6A | 1 |
| opentrux.fr | 35:83:35:D2:F6:F7:F5:8B:CA:E1:AA:4A:C5:9F:5F:EB:CE:09:AE:6F | 1 |
| AlphaSSL CA - SHA256 - G2 | 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC | 1 |
| StartCom Class 1 DV Server CA | 39:8E:19:36:63:9B:A5:20:6D:F5:17:9B:FB:B7:01:09:33:96:94:00 | 1 |
| p4dvd | 84:57:88:65:D5:1A:F6:DD:F5:54:E8:86:3B:3F:6D:BD:00:7E:83:B0 | 1 |
| Sectigo RSA Domain Validation Secure Server CA | 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB | 1 |
| DFN-Verein Global Issuing CA | C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 | 1 |
| Fake LE Intermediate X1 | 4E:EE:73:98:C1:A3:DA:F9:1D:A1:66:89:DB:82:43:92:7A:27:1B:9A | 1 |
| Go Daddy Secure Certificate Authority - G2 | 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 | 1 |
| SwissSign Server Gold CA 2014 - G22 | AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98 | 1 |
| GeoTrust RSA CA 2018 | 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B | 1 |
As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.
| Target | Type | When | Issuer |
|---|
| Target | Type | When |
|---|---|---|
| 5222.de | client to server | |
| aquilatech.com | client to server | |
| chat.tiuxo.com | client to server | |
| chat.tiuxo.com | server to server | |
| cookiechat.de | client to server | |
| cookiechat.de | server to server | |
| debian.org | client to server | |
| dismail.de | client to server | |
| forum.friendi.ca | server to server | |
| gideonkuijt.nl | client to server | |
| gideonkuijt.nl | server to server | |
| gr4v.net | client to server | |
| gr4v.net | server to server | |
| hillmeier.net | client to server | |
| im.cyberjinh.fr | client to server | |
| im.cyberjinh.fr | server to server | |
| imfreedom.org | client to server | |
| jabb3r.de | client to server | |
| jabber.systemli.org | server to server | |
| libretux.com | client to server | |
| mailbox.org | client to server | |
| myxmpp.inthe.eu | client to server | |
| myxmpp.inthe.eu | server to server | |
| nerv.tech | server to server | |
| opentrux.fr | client to server | |
| pirati.ca | client to server | |
| rednull.org | client to server | |
| rednull.org | server to server | |
| snopyta.org | server to server | |
| thfree.ru | client to server | |
| thfree.ru | server to server | |
| tiuxo.com | client to server | |
| tiuxo.com | server to server | |
| x0.chat | client to server | |
| xmpp-hosting.de | client to server | |
| xmpp-hosting.de | server to server | |
| xmpp.is | client to server |
| Target | Type | When |
|---|
| Target | Type | When |
|---|
| Target | Type | When |
|---|---|---|
| matrix.org | server to server |
| Target | SHA256(SPKI) |
|---|---|
| chat.tiuxo.com c2s | 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05 |
| chat.tiuxo.com s2s | 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05 |
| tiuxo.com c2s | 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05 |
| tiuxo.com s2s | 65:B8:B7:5B:6C:E6:B1:91:5C:E5:A5:D3:E2:CA:28:26:AC:54:22:30:D3:EB:C9:35:4E:F4:C0:45:7B:EB:D8:05 |