Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 196 results

SSL 2 0 0%
SSL 3 1 0.5%
TLS 1.0 69 35.2%
TLS 1.1 74 37.8%
TLS 1.2 194 99%

Grades 196 results

A 179 91.3%
B 14 7.1%
C 3 1.5%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 113 64.6%
3072 2 1.1%
4096 58 33.1%
8192 2 1.1%

StartTLS

Type Client to server Server to server
Required 116 88.5% 47 72.3%
Allowed 15 11.5% 18 27.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 164 75.6%
Invalid 50 23% 3 1.4%

SASL mechanisms 131 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 15 11.5% 129 98.5%
SCRAM-SHA-1 17 13% 117 89.3%
SCRAM-SHA-1-PLUS 0 0% 85 64.9%
X-OAUTH2 7 5.3% 34 26%
DIGEST-MD5 12 9.2% 19 14.5%
SCRAM-SHA-256 0 0% 9 6.9%
CRAM-MD5 8 6.1% 9 6.9%
SCRAM-SHA-256-PLUS 0 0% 9 6.9%
SCRAM-SHA-512 0 0% 9 6.9%
SCRAM-SHA-512-PLUS 0 0% 9 6.9%
ANONYMOUS 1 0.8% 1 0.8%
EXTERNAL 0 0% 1 0.8%
SCRAM-SHA3-512 0 0% 1 0.8%
SCRAM-SHA3-512-PLUS 0 0% 1 0.8%
SCRAM-SHA-384 0 0% 1 0.8%
SCRAM-SHA-384-PLUS 0 0% 1 0.8%
X-GOOGLE-TOKEN 1 0.8% 1 0.8%
NTLM 1 0.8% 1 0.8%
LOGIN 0 0% 1 0.8%
JIVE-SHAREDSECRET 1 0.8% 1 0.8%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 124
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 3
Buypass Class 2 CA 5 EB:3E:49:D2:73:44:52:AB:B9:98:BC:F7:89:11:AA:47:8F:0D:2E:20 3
E1 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 2
GTS CA 1C3 1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC 1
habarkost.ru 2E:F8:22:9C:C3:22:76:9E:50:60:32:4F:EE:A4:00:43:50:22:DA:4F 1
Thawte TLS RSA CA G1 C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
ZeroSSL ECC Domain Secure Site CA 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 1
flutterz.de 24:AD:7D:F1:19:AE:AA:6D:85:E1:41:47:56:5E:26:F8:F5:F6:DB:11 1
Starfield Secure Certificate Authority - G2 7E:DC:37:6D:CF:D4:5E:6D:DF:08:2C:16:0D:F6:AC:21:83:5B:95:D4 1
d2w.io 95:BE:5E:F9:58:A9:70:CC:63:C4:0A:D1:AB:7A:8B:27:78:48:15:56 1
login.woxmpp.site B4:9E:EA:7C:17:95:68:EE:D6:47:27:E2:9C:7E:8A:A7:6B:AB:F1:9E 1
chat.avianet.cu B8:ED:73:B6:09:C0:01:29:1B:FA:B9:D1:3A:2E:6C:A1:60:90:5A:0C 1
xmpp.sysmaster.com 7F:93:27:5B:1F:75:67:DA:33:3F:1E:0B:25:DE:A7:D0:F9:3C:A4:2F 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 60 results

Target Type When
04d.co client to server
04d.co server to server
2718282.net server to server
404.city client to server
404.city server to server
5222.de client to server
autistici.org client to server
beherit.pl client to server
danwin1210.me client to server
danwin1210.me server to server
dismail.de client to server
edgoo.com client to server
edgoo.com server to server
frogeater.eu client to server
frogeater.eu server to server
hookipa.net client to server
hookipa.net server to server
im.mikrocon.de client to server
impfpush.de client to server
impfpush.de server to server
jabber.5july.net client to server
jabber.at client to server
jabber.calyxinstitute.org client to server
jabber.calyxinstitute.org server to server
jabber.de client to server
jabber.pestnagel.org client to server
jabber.pestnagel.org server to server
jabber.plaguelands.de client to server
jabber.plaguelands.de server to server
jabber.systemli.org client to server
kdetalk.net client to server
lightwitch.org client to server
m6wiq.uk client to server
magicbroccoli.de client to server
magicbroccoli.de server to server
mailbox.org client to server
mdosch.de client to server
mycr.de server to server
nakanai.de client to server
nakanai.de server to server
nixnet.services client to server
nixnet.services server to server
politicalsciences.eu client to server
pwned.life client to server
sec7.eu client to server
sec7.eu server to server
skynetcloud.site client to server
skynetcloud.site server to server
snopyta.org client to server
suchat.org client to server
trashserver.net client to server
trashserver.net server to server
valek.net client to server
valek.net server to server
xmpp.co server to server
xmpp.is client to server
xmpp.social client to server
xmpp.social server to server
xmpp.xyz client to server
zecircle.xyz client to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 2 results

Target Type When
jabber.od.ua client to server
sysmaster.com client to server

Servers sharing private keys 10 results

Target SHA256(SPKI)
libus.pro c2s 12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6
valek.net c2s 12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6
valek.net s2s 12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6
groups.xmpp.dedikerad.org s2s 23:17:FA:42:DF:E7:4F:F4:60:24:C5:5D:40:1B:A6:04:41:F6:12:C8:FE:C1:4C:AB:FD:9C:52:50:03:A2:F7:69
xmpp.dedikerad.org c2s 23:17:FA:42:DF:E7:4F:F4:60:24:C5:5D:40:1B:A6:04:41:F6:12:C8:FE:C1:4C:AB:FD:9C:52:50:03:A2:F7:69
xmpp.co s2s 6A:65:1E:BB:AB:80:A3:55:C7:30:08:B2:F7:5B:AA:01:03:41:97:39:FB:24:BE:87:6A:4C:CC:4B:84:44:DB:B4
xmpp.is c2s 6A:65:1E:BB:AB:80:A3:55:C7:30:08:B2:F7:5B:AA:01:03:41:97:39:FB:24:BE:87:6A:4C:CC:4B:84:44:DB:B4
xmpp.xyz c2s 6A:65:1E:BB:AB:80:A3:55:C7:30:08:B2:F7:5B:AA:01:03:41:97:39:FB:24:BE:87:6A:4C:CC:4B:84:44:DB:B4
jabberx.net c2s 83:1A:F9:55:1D:DF:A1:2E:0A:0A:46:A8:E5:C5:5A:4B:B8:F1:73:AE:E1:22:93:DF:B9:F1:EE:6D:36:30:67:08
xmppx.io c2s 83:1A:F9:55:1D:DF:A1:2E:0A:0A:46:A8:E5:C5:5A:4B:B8:F1:73:AE:E1:22:93:DF:B9:F1:EE:6D:36:30:67:08