Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 150 results

SSL 2 0 0%
SSL 3 0 0%
TLS 1.0 65 43.3%
TLS 1.1 68 45.3%
TLS 1.2 150 100%

Grades 150 results

A 140 93.3%
B 10 6.7%
C 0 0%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 95 62.5%
3072 3 2%
4096 54 35.5%

StartTLS

Type Client to server Server to server
Required 92 86.8% 33 75%
Allowed 14 13.2% 11 25%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 5 2.9%
Invalid 162 94.7% 4 2.3%

SASL mechanisms 106 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 14 13.2% 104 98.1%
SCRAM-SHA-1 11 10.4% 88 83%
SCRAM-SHA-1-PLUS 0 0% 58 54.7%
X-OAUTH2 5 4.7% 21 19.8%
DIGEST-MD5 9 8.5% 21 19.8%
SCRAM-SHA-512-PLUS 0 0% 10 9.4%
SCRAM-SHA-512 1 0.9% 10 9.4%
SCRAM-SHA-256 1 0.9% 9 8.5%
SCRAM-SHA-256-PLUS 0 0% 9 8.5%
EXTERNAL 0 0% 3 2.8%
CRAM-MD5 3 2.8% 3 2.8%
ANONYMOUS 2 1.9% 2 1.9%
SCRAM-SHA-384 0 0% 1 0.9%
JIVE-SHAREDSECRET 1 0.9% 1 0.9%
OFMEET 1 0.9% 1 0.9%
SCRAM-SHA-384-PLUS 0 0% 1 0.9%
X-GOOGLE-TOKEN 1 0.9% 1 0.9%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 48:50:4E:97:4C:0D:AC:5B:5C:D4:76:C8:20:22:74:B2:4C:8C:71:72 75
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 22
GTS CA 1O1 DF:E2:07:0C:79:E7:FF:36:A9:25:FF:A3:27:FF:E3:DE:EC:F8:F9:C2 2
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 2
jitsi.metitech.eu 0F:0C:0E:4A:B8:CF:24:57:EF:4B:81:E5:75:B0:22:0F:37:72:49:E2 1
lhndev.com 19:90:E9:33:48:A0:77:B3:D5:A7:95:79:D0:A2:26:59:DA:B4:BE:3B 1
XMPP server 75:77:77:BC:2E:E0:9D:12:05:65:B1:2A:7D:21:16:63:39:91:73:30 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
server01.bioclever.local F5:85:5F:79:E1:1E:57:07:72:F1:33:D7:17:00:1B:38:43:06:30:89 1
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 1
DigiCert SHA2 Secure Server CA 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4 1
fujabber.com 15:AE:2C:E3:3A:5B:78:A3:78:8F:16:67:9E:DF:F0:AD:30:65:2E:C1 1
nazwaSSL A9:CE:8E:88:79:AB:0C:CB:17:A1:FE:EE:D8:3E:72:0F:3D:92:5D:F8 1
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 1
Encryption Everywhere DV TLS CA - G1 59:4F:2D:D1:03:52:C2:36:01:38:EE:35:AA:90:6F:97:3A:A3:0B:D3 1
DigiCert SHA2 High Assurance Server CA A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E 1
ZeroSSL RSA Domain Secure Site CA C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 1
choszting.hu DD:9E:64:A7:D1:E7:24:1A:EF:B6:5E:C7:7C:00:2A:E6:4D:F7:7E:DC 1
SwissSign Server Gold CA 2014 - G22 AD:F2:89:73:16:71:8B:45:25:CE:37:00:82:D9:F1:23:D4:93:8F:98 1
GeoTrust EV RSA CA 2018 A3:99:04:64:17:B6:7E:32:0D:3E:FA:69:D7:DC:E6:B8:BF:E8:A9:F2 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 44 results

Target Type When
404.city server to server
4ept.net client to server
5222.de client to server
anoxinon.me client to server
bells23.org.uk server to server
benny.de server to server
campanella.org client to server
campanella.org server to server
charl.eu client to server
cloudfiles.at client to server
cloudfiles.at server to server
danwin1210.me client to server
dismail.de client to server
disroot.org client to server
eckmul.net client to server
handb.xyz client to server
handb.xyz server to server
im.icttci.cz client to server
jabber.5july.net client to server
jabber.5july.net server to server
jabber.at client to server
jabber.at server to server
jabber.calyxinstitute.org client to server
jabber.de client to server
jabber.fr client to server
jabber.pestnagel.org client to server
jabber.pestnagel.org server to server
jabber.systemli.org client to server
lightwitch.org client to server
lightwitch.org server to server
mailbox.org client to server
mevogt.de client to server
nologs.at server to server
parloteo.es client to server
parloteo.es server to server
pepta.net client to server
pimux.de client to server
pimux.de server to server
riseup.net client to server
suchat.org client to server
trashserver.net client to server
xmpp.is client to server
xmpp.social client to server
xmpp.social server to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 1 results

Target Type When
jabber.calyxinstitute.org client to server

Servers not offering encryption 1 results

Target Type When
campanella.org server to server

Servers sharing private keys 8 results

Target SHA256(SPKI)
draugr.de c2s B4:CD:AD:11:76:DE:12:6B:77:2C:40:5E:AC:A5:42:5D:4D:84:4B:5C:47:C1:98:12:A9:79:06:21:2A:0D:60:8C
ubuntu-jabber.de c2s B4:CD:AD:11:76:DE:12:6B:77:2C:40:5E:AC:A5:42:5D:4D:84:4B:5C:47:C1:98:12:A9:79:06:21:2A:0D:60:8C
95.85.114.218 c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
imexgrand.com c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
ironjanowar.hopto.org c2s B7:79:B5:65:0E:B0:DA:0C:38:62:45:D4:4C:29:09:B4:8D:89:8B:49:57:21:ED:67:E4:9D:AF:71:A5:13:5F:66
imkerei.wien s2s E4:7F:47:AA:AB:4E:BF:6A:F9:84:10:FA:18:3B:E3:E0:65:35:EB:7F:85:4D:DD:64:3B:5E:7E:F7:6E:31:48:E0
niemeczek.at c2s E4:7F:47:AA:AB:4E:BF:6A:F9:84:10:FA:18:3B:E3:E0:65:35:EB:7F:85:4D:DD:64:3B:5E:7E:F7:6E:31:48:E0
niemeczek.at s2s E4:7F:47:AA:AB:4E:BF:6A:F9:84:10:FA:18:3B:E3:E0:65:35:EB:7F:85:4D:DD:64:3B:5E:7E:F7:6E:31:48:E0