Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 239 results

SSL 2 0 0%
SSL 3 9 3.8%
TLS 1.0 152 63.6%
TLS 1.1 169 70.7%
TLS 1.2 236 98.7%

Grades 239 results

A 201 84.1%
B 28 11.7%
C 9 3.8%
D 1 0.4%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 2 0.8%
2048 131 54.8%
4096 106 44.4%

StartTLS

Type Client to server Server to server
Required 133 80.1% 38 52.1%
Allowed 33 19.9% 35 47.9%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 232 85.6% 22 8.1%
Invalid 5 1.8% 12 4.4%

SASL mechanisms 166 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 32 19.3% 165 99.4%
SCRAM-SHA-1 31 18.7% 140 84.3%
X-OAUTH2 11 6.6% 57 34.3%
SCRAM-SHA-1-PLUS 0 0% 54 32.5%
DIGEST-MD5 22 13.3% 42 25.3%
CRAM-MD5 11 6.6% 12 7.2%
ANONYMOUS 3 1.8% 3 1.8%
JIVE-SHAREDSECRET 3 1.8% 3 1.8%
X-GOOGLE-TOKEN 2 1.2% 2 1.2%
SCRAM-SHA-256 0 0% 1 0.6%
SCRAM-SHA-256-PLUS 0 0% 1 0.6%
SCRAM-SHA-384 0 0% 1 0.6%
SCRAM-SHA-384-PLUS 0 0% 1 0.6%
SCRAM-SHA-512 0 0% 1 0.6%
SCRAM-SHA-512-PLUS 0 0% 1 0.6%
TIKITOKEN 1 0.6% 1 0.6%
WEBEX-TOKEN 0 0% 1 0.6%
LOGIN 0 0% 1 0.6%
EXTERNAL 1 0.6% 1 0.6%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 127
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 13
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 4
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 3
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 2
Google Internet Authority G3 EE:AC:BD:0C:B4:52:81:95:77:91:1E:1E:62:03:DB:26:2F:84:A3:18 2
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 2
Encryption Everywhere DV TLS CA - G1 59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3 1
Entrust Certification Authority - L1K F2:1C:12:F4:6C:DB:6B:2E:16:F0:9F:94:19:CD:FF:32:84:37:B2:D7 1
fujabber.com 1F:1A:9E:4D:6C:C4:1C:1A:64:41:49:DE:6E:56:C0:C8:DD:48:EF:BF 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1
google.com 59:68:15:77:F7:D0:30:68:CE:02:7E:FC:88:5F:D3:5C:A3:27:E4:F0 1
Grayson Peddie Authority Certificate 5C:88:60:F2:52:73:0B:C8:6D:0E:A9:78:25:EA:55:2C:91:2B:01:FC 1
Hochschule Darmstadt F5:24:8E:32:7C:AC:50:97:75:84:8E:DC:A3:01:3F:D9:72:61:4E:B6 1
HydrantID SSL ICA G2 AC:4A:72:8B:4D:FC:35:60:1F:A3:4B:92:24:22:A4:2C:25:3F:75:6C 1
info-svyaz.net 2D:28:AF:56:3A:7B:C3:A4:85:74:82:1D:6F:AB:68:54:23:38:ED:33 1
li870-198.members.linode.com B6:C1:76:F5:18:8A:90:85:FE:2A:99:57:45:C5:32:35:5E:F1:F5:E8 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
NetLock Expressz (Class C) Tanúsítványkiadó 3F:6F:58:9F:5A:28:46:6A:E2:95:D5:E1:8E:BD:13:9C:57:C6:8D:B5 1
p4dvd 84:57:88:65:D5:1A:F6:DD:F5:54:E8:86:3B:3F:6D:BD:00:7E:83:B0 1
polxmpp.ml E7:CE:EF:5B:0E:00:15:DD:80:74:E2:DF:CD:07:2D:37:B9:9E:67:42 1
RapidSSL TLS RSA CA G1 CB:FE:9E:B4:3B:3B:37:FE:0D:FB:C4:C2:EB:2D:4E:07:D0:8B:D8:E8 1
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 1
Sectigo RSA Organization Validation Secure Server CA 40:CE:F3:04:6C:91:6E:D7:AE:55:7F:60:E7:68:42:82:8B:51:DE:53 1
SwissSign Server Silver CA 2014 - G22 55:BE:46:7A:A4:4B:F0:C1:5D:4B:CB:D0:6B:DC:A2:4B:BA:94:1E:13 1
Thawte RSA CA 2018 4D:EE:A7:06:0D:80:BA:BF:16:43:B4:E0:F0:10:4C:82:99:50:75:B7 1
thawte SSL CA - G2 2E:A7:1C:36:7D:17:8C:84:3F:D2:1D:B4:FD:B6:30:BA:54:A2:0D:C5 1
va-11-hall-a.cafe 45:CD:EB:4B:71:8A:AC:FB:A0:56:B2:06:C4:F0:AA:C8:06:42:30:9E 1
virtualpc 7A:B7:71:06:8D:B1:4E:BC:76:29:E0:06:7D:EA:D3:72:96:92:64:4A 1
www.aviana.co.id A4:9A:34:E6:1C:66:6D:04:8B:E6:3B:E8:04:61:BE:3D:47:58:2A:03 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 2 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer
info-svyaz.net client to server info-svyaz.net
info-svyaz.net server to server info-svyaz.net

Servers with DNSSEC signed SRV records 58 results

Target Type When
domob.eu client to server
fritze.org client to server
mailbox.org client to server
okaris.de client to server
xmpp.dk client to server
disroot.org client to server
jabb3r.org client to server
jabber.zone client to server
jab.cyberguerrilla.org client to server
nexum.hu client to server
phelps.rocks server to server
raccoon.army client to server
stefanfritze.de client to server
domob.eu server to server
flussence.eu client to server
gauron.fr client to server
jabber.at client to server
jabber.fr client to server
jabber.hot-chilli.net client to server
johncook.uk client to server
kitsune.one client to server
stefanfritze.de server to server
tuxone.ch client to server
wiuwiu.de client to server
dismail.de client to server
draugr.de client to server
fysh.in client to server
gleisnetze.de server to server
k8n.de client to server
the-construct.eu server to server
ubuntu-jabber.de client to server
xmpp.co client to server
4ept.net client to server
bit-ant.net client to server
flussence.eu server to server
gleisnetze.de client to server
jabber.de client to server
k8n.de server to server
mail.73er.ovh client to server
mail.de client to server
metacode.biz client to server
the-construct.eu client to server
xmpp.cx client to server
jabber.no-sense.net client to server
jabber.sytes24.pl server to server
nexum.hu server to server
omemox.de server to server
a3.pm client to server
babai.ru client to server
demouliere.eu server to server
null-pointer.eu server to server
raccoon.army server to server
xmpp.is client to server
babai.ru server to server
jabber.calyxinstitute.org client to server
lightwitch.org client to server
panelcontrol.jsxc.ch client to server
x0.chat client to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 5 results

Target Type When
18.136.71.133 client to server
alpha.limekast.com client to server
chat.werkbank.de client to server
dil.in client to server
discordia.ch client to server

Servers sharing private keys 11 results

Target SHA256(SPKI)
build.b2bedge.com c2s 6A:12:31:F1:91:C0:66:89:6E:05:CB:12:7C:16:37:44:C5:45:9B:0C:CB:F6:C6:3F:1D:DC:9E:F8:A9:3E:FF:31
li870-198.members.linode.com c2s 6A:12:31:F1:91:C0:66:89:6E:05:CB:12:7C:16:37:44:C5:45:9B:0C:CB:F6:C6:3F:1D:DC:9E:F8:A9:3E:FF:31
im.popsicletoes.biz c2s 79:59:CC:1E:48:B3:24:4D:B1:CC:96:58:02:7D:90:7A:F1:EA:DD:CF:31:FF:5C:C6:DD:47:04:2C:0A:14:B2:0D
popsicletoes.biz c2s 79:59:CC:1E:48:B3:24:4D:B1:CC:96:58:02:7D:90:7A:F1:EA:DD:CF:31:FF:5C:C6:DD:47:04:2C:0A:14:B2:0D
im.mexmail.de s2s 8E:5F:69:FE:3B:01:50:7C:5A:2B:2D:7A:DE:DD:82:42:19:10:6C:D2:84:AB:BF:3A:26:0E:A1:10:33:7F:6C:77
mexmail.de c2s 8E:5F:69:FE:3B:01:50:7C:5A:2B:2D:7A:DE:DD:82:42:19:10:6C:D2:84:AB:BF:3A:26:0E:A1:10:33:7F:6C:77
draugr.de c2s 95:E8:2A:4B:18:11:BD:6E:BD:8B:C1:A5:0A:A1:8F:07:80:9D:15:20:C9:95:7D:4A:72:0C:37:0F:2C:17:8E:75
ubuntu-jabber.de c2s 95:E8:2A:4B:18:11:BD:6E:BD:8B:C1:A5:0A:A1:8F:07:80:9D:15:20:C9:95:7D:4A:72:0C:37:0F:2C:17:8E:75
xmpp.co c2s A1:8F:05:3D:FD:37:51:47:C9:3C:3A:DC:E1:8A:7F:C9:B0:71:17:C1:50:AA:07:0A:35:4C:70:97:98:7D:1A:18
xmpp.cx c2s A1:8F:05:3D:FD:37:51:47:C9:3C:3A:DC:E1:8A:7F:C9:B0:71:17:C1:50:AA:07:0A:35:4C:70:97:98:7D:1A:18
xmpp.is c2s A1:8F:05:3D:FD:37:51:47:C9:3C:3A:DC:E1:8A:7F:C9:B0:71:17:C1:50:AA:07:0A:35:4C:70:97:98:7D:1A:18