Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 163 results

SSL 2 0 0%
SSL 3 2 1.2%
TLS 1.0 99 60.7%
TLS 1.1 109 66.9%
TLS 1.2 162 99.4%

Grades 163 results

A 141 86.5%
B 20 12.3%
C 2 1.2%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 3 1.8%
2048 82 50%
3072 2 1.2%
4096 77 47%

StartTLS

Type Client to server Server to server
Required 82 76.6% 34 60.7%
Allowed 25 23.4% 22 39.3%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 152 84.4% 15 8.3%
Invalid 2 1.1% 11 6.1%

SASL mechanisms 107 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 22 20.6% 99 92.5%
SCRAM-SHA-1 20 18.7% 87 81.3%
X-OAUTH2 6 5.6% 31 29%
SCRAM-SHA-1-PLUS 0 0% 30 28%
DIGEST-MD5 14 13.1% 26 24.3%
CRAM-MD5 7 6.5% 8 7.5%
ANONYMOUS 3 2.8% 3 2.8%
LOGIN 0 0% 1 0.9%
OFMEET 1 0.9% 1 0.9%
TIKITOKEN 1 0.9% 1 0.9%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 100
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 4
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 2
getbabyscripts.com 68:81:01:9E:95:5D:D1:64:51:A1:9B:3F:DE:4E:CF:34:E7:0E:51:85 1
localhost 7B:36:15:C0:87:3A:FB:9B:22:FE:33:BE:A4:CC:1E:00:8C:10:59:4B 1
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 1
weaver 75:0B:E7:F1:32:6C:EE:4B:AD:52:4E:F1:6B:BB:53:BB:A7:87:E7:EB 1
proc.ru BC:BC:D8:21:38:07:BC:5C:71:B1:CA:E1:F0:9C:42:F8:C1:7A:3B:87 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1
CAcert Class 3 Root AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE 1
GlobalSign Organization Validation CA - SHA256 - G2 90:2E:F2:DE:EB:3C:5B:13:EA:4C:3D:51:93:62:93:09:E2:31:AE:55 1
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 1
srv-107.nx7.net 27:3A:84:1B:67:15:2A:51:F0:61:7F:CC:82:A4:78:57:16:72:35:FC 1
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 1
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 1
xtribeopenfire100.xtribe.local D1:14:29:98:93:84:F1:94:4A:81:5C:8B:DE:A5:F8:F7:7B:E7:8E:F8 1
Network Solutions OV Server CA 2 44:0F:F6:8A:35:E0:39:95:AC:55:E4:57:A6:7E:B1:68:0F:9A:7C:DD 1
admin@idalgo.es D9:F8:DB:9A:BE:E9:15:15:92:02:CE:B9:FD:9E:A2:82:A5:D3:A4:52 1
carding.network 5D:F9:57:0A:33:C2:59:EF:38:1A:CF:91:22:FE:25:AC:67:F2:45:80 1
chat.rosetta.ovh C3:B9:C7:AB:11:0D:E2:3B:B8:CB:7A:47:01:5B:D4:6B:46:89:41:8F 1
SwissSign Server Silver CA 2014 - G22 55:BE:46:7A:A4:4B:F0:C1:5D:4B:CB:D0:6B:DC:A2:4B:BA:94:1E:13 1
savpol.local 2E:5C:32:28:27:3E:D8:EB:DD:D6:B0:B7:15:89:AE:D2:B7:FE:ED:C9 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 3 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer
bunin.im server to server admin@idalgo.es
jabber.proc.ru client to server proc.ru
jabber.proc.ru server to server proc.ru

Servers with DNSSEC signed SRV records 48 results

Target Type When
404.city server to server
coders-nemesis.eu client to server
core.mx client to server
death.social client to server
death.social server to server
dismail.de client to server
faceless.city server to server
faui2k9.de client to server
faui2k9.de server to server
huskyno.se client to server
huskyno.se server to server
intelfx.name client to server
intelfx.name server to server
invy.at server to server
jabb3r.org client to server
jabber.calyxinstitute.org client to server
jabber.de client to server
jabber.hot-chilli.eu client to server
jabber.hot-chilli.net client to server
jabber.systemli.org client to server
jabber.tcpreset.net client to server
levelsystems.eu client to server
magicbroccoli.de client to server
mailbox.org client to server
mailbox.org server to server
nologs.at client to server
nologs.at server to server
nologs.be client to server
nologs.be server to server
pywy.fr server to server
simplewire.de client to server
skynetcloud.site client to server
skynetcloud.site server to server
suchat.org client to server
thesecure.biz client to server
transitiv.net client to server
trashserver.net client to server
tuxli.ch client to server
tuxli.ch server to server
valentin-vidic.from.hr client to server
vanderwarker.family client to server
wiuwiu.de client to server
xmpp.cc client to server
xmpp.cc server to server
xmpp.is client to server
xmpp.lt client to server
xmpp.lt server to server
xmpp.skynetcloud.site client to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 1 results

Target Type When
jabber.calyxinstitute.org client to server

Servers not offering encryption 2 results

Target Type When
ejabberd-dev.slatch.io client to server
selfnet.at client to server

Servers sharing private keys 16 results

Target SHA256(SPKI)
carding.network c2s 2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
carding.network s2s 2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
chknet.io c2s 2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
chknet.io s2s 2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
chatn.app c2s 54:05:02:CA:5E:E3:E7:38:48:32:55:72:A9:8A:7A:C9:47:42:67:DD:6C:AE:AE:DF:DE:BA:79:89:78:5F:0A:7D
dev.chatn.app c2s 54:05:02:CA:5E:E3:E7:38:48:32:55:72:A9:8A:7A:C9:47:42:67:DD:6C:AE:AE:DF:DE:BA:79:89:78:5F:0A:7D
chat.sum7.eu c2s 88:F2:80:CD:9D:8B:0E:02:9E:71:01:2C:74:61:FC:91:30:03:CF:7F:76:56:BA:FE:2A:E6:7C:42:87:D1:FF:2D
meckerspace.de c2s 88:F2:80:CD:9D:8B:0E:02:9E:71:01:2C:74:61:FC:91:30:03:CF:7F:76:56:BA:FE:2A:E6:7C:42:87:D1:FF:2D
jabjab.de c2s 89:E6:2D:9B:6F:1B:46:AC:62:9D:07:AB:6B:BE:94:0B:60:AD:7B:16:2E:75:61:34:79:7B:F6:7C:84:2A:C4:D4
planetjabber.de c2s 89:E6:2D:9B:6F:1B:46:AC:62:9D:07:AB:6B:BE:94:0B:60:AD:7B:16:2E:75:61:34:79:7B:F6:7C:84:2A:C4:D4
testxms.xtribeapp.com c2s ED:D7:8F:16:71:2D:07:E0:60:99:9B:BE:76:63:19:83:18:73:07:D2:50:55:C3:BC:33:BE:BE:19:7E:34:95:1F
xms.xtribeapp.com c2s ED:D7:8F:16:71:2D:07:E0:60:99:9B:BE:76:63:19:83:18:73:07:D2:50:55:C3:BC:33:BE:BE:19:7E:34:95:1F
usstaging.restcomm.com s2s F5:E7:9D:A6:04:70:77:39:01:AD:28:60:0B:F5:BE:70:B7:F0:78:E4:B6:51:AC:CA:56:EE:B2:80:E5:3E:24:C4
usstaging-xmpp-synth-monitoring.restcomm.com s2s F5:E7:9D:A6:04:70:77:39:01:AD:28:60:0B:F5:BE:70:B7:F0:78:E4:B6:51:AC:CA:56:EE:B2:80:E5:3E:24:C4
it.ecec.com c2s F7:73:D5:04:41:9E:F3:8B:44:FF:2D:C8:8A:CD:C8:3D:92:1A:DA:70:CF:04:82:EE:8E:17:FB:5E:3D:74:9D:8A
spark.ecec.com c2s F7:73:D5:04:41:9E:F3:8B:44:FF:2D:C8:8A:CD:C8:3D:92:1A:DA:70:CF:04:82:EE:8E:17:FB:5E:3D:74:9D:8A