| SSL 2 | 0 0% |
| SSL 3 | 1 0.5% |
| TLS 1.0 | 69 35.2% |
| TLS 1.1 | 74 37.8% |
| TLS 1.2 | 194 99% |
| A | 179 91.3% |
|---|---|
| B | 14 7.1% |
| C | 3 1.5% |
| D | 0 0% |
| E | 0 0% |
| F | 0 0% |
| RSA key size | Count |
|---|---|
| 2048 | 113 64.6% |
| 3072 | 2 1.1% |
| 4096 | 58 33.1% |
| 8192 | 2 1.1% |
| Type | Client to server | Server to server |
|---|---|---|
| Required | 116 88.5% | 47 72.3% |
| Allowed | 15 11.5% | 18 27.7% |
To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.
| Trusted | Untrusted | |
|---|---|---|
| Valid | 0% | 164 75.6% |
| Invalid | 50 23% | 3 1.4% |
| Mechanism | # times offered before TLS | # times offered after TLS |
|---|---|---|
| PLAIN | 15 11.5% | 129 98.5% |
| SCRAM-SHA-1 | 17 13% | 117 89.3% |
| SCRAM-SHA-1-PLUS | 0 0% | 85 64.9% |
| X-OAUTH2 | 7 5.3% | 34 26% |
| DIGEST-MD5 | 12 9.2% | 19 14.5% |
| SCRAM-SHA-256 | 0 0% | 9 6.9% |
| CRAM-MD5 | 8 6.1% | 9 6.9% |
| SCRAM-SHA-256-PLUS | 0 0% | 9 6.9% |
| SCRAM-SHA-512 | 0 0% | 9 6.9% |
| SCRAM-SHA-512-PLUS | 0 0% | 9 6.9% |
| ANONYMOUS | 1 0.8% | 1 0.8% |
| EXTERNAL | 0 0% | 1 0.8% |
| SCRAM-SHA3-512 | 0 0% | 1 0.8% |
| SCRAM-SHA3-512-PLUS | 0 0% | 1 0.8% |
| SCRAM-SHA-384 | 0 0% | 1 0.8% |
| SCRAM-SHA-384-PLUS | 0 0% | 1 0.8% |
| X-GOOGLE-TOKEN | 1 0.8% | 1 0.8% |
| NTLM | 1 0.8% | 1 0.8% |
| LOGIN | 0 0% | 1 0.8% |
| JIVE-SHAREDSECRET | 1 0.8% | 1 0.8% |
SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.
| Target | Type | When |
|---|
SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.
| Target | Type | When |
|---|
| Name/Organization | SHA1 | Count |
|---|---|---|
| R3 | A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 | 124 |
| Sectigo RSA Domain Validation Secure Server CA | 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB | 3 |
| Buypass Class 2 CA 5 | EB:3E:49:D2:73:44:52:AB:B9:98:BC:F7:89:11:AA:47:8F:0D:2E:20 | 3 |
| E1 | 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 | 2 |
| GTS CA 1C3 | 1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC | 1 |
| habarkost.ru | 2E:F8:22:9C:C3:22:76:9E:50:60:32:4F:EE:A4:00:43:50:22:DA:4F | 1 |
| Thawte TLS RSA CA G1 | C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 | 1 |
| localhost | B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 | 1 |
| ZeroSSL ECC Domain Secure Site CA | 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 | 1 |
| flutterz.de | 24:AD:7D:F1:19:AE:AA:6D:85:E1:41:47:56:5E:26:F8:F5:F6:DB:11 | 1 |
| Starfield Secure Certificate Authority - G2 | 7E:DC:37:6D:CF:D4:5E:6D:DF:08:2C:16:0D:F6:AC:21:83:5B:95:D4 | 1 |
| d2w.io | 95:BE:5E:F9:58:A9:70:CC:63:C4:0A:D1:AB:7A:8B:27:78:48:15:56 | 1 |
| login.woxmpp.site | B4:9E:EA:7C:17:95:68:EE:D6:47:27:E2:9C:7E:8A:A7:6B:AB:F1:9E | 1 |
| chat.avianet.cu | B8:ED:73:B6:09:C0:01:29:1B:FA:B9:D1:3A:2E:6C:A1:60:90:5A:0C | 1 |
| xmpp.sysmaster.com | 7F:93:27:5B:1F:75:67:DA:33:3F:1E:0B:25:DE:A7:D0:F9:3C:A4:2F | 1 |
As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.
| Target | Type | When | Issuer |
|---|
| Target | Type | When |
|---|---|---|
| 04d.co | client to server | |
| 04d.co | server to server | |
| 2718282.net | server to server | |
| 404.city | client to server | |
| 404.city | server to server | |
| 5222.de | client to server | |
| autistici.org | client to server | |
| beherit.pl | client to server | |
| danwin1210.me | client to server | |
| danwin1210.me | server to server | |
| dismail.de | client to server | |
| edgoo.com | client to server | |
| edgoo.com | server to server | |
| frogeater.eu | client to server | |
| frogeater.eu | server to server | |
| hookipa.net | client to server | |
| hookipa.net | server to server | |
| im.mikrocon.de | client to server | |
| impfpush.de | client to server | |
| impfpush.de | server to server | |
| jabber.5july.net | client to server | |
| jabber.at | client to server | |
| jabber.calyxinstitute.org | client to server | |
| jabber.calyxinstitute.org | server to server | |
| jabber.de | client to server | |
| jabber.pestnagel.org | client to server | |
| jabber.pestnagel.org | server to server | |
| jabber.plaguelands.de | client to server | |
| jabber.plaguelands.de | server to server | |
| jabber.systemli.org | client to server | |
| kdetalk.net | client to server | |
| lightwitch.org | client to server | |
| m6wiq.uk | client to server | |
| magicbroccoli.de | client to server | |
| magicbroccoli.de | server to server | |
| mailbox.org | client to server | |
| mdosch.de | client to server | |
| mycr.de | server to server | |
| nakanai.de | client to server | |
| nakanai.de | server to server | |
| nixnet.services | client to server | |
| nixnet.services | server to server | |
| politicalsciences.eu | client to server | |
| pwned.life | client to server | |
| sec7.eu | client to server | |
| sec7.eu | server to server | |
| skynetcloud.site | client to server | |
| skynetcloud.site | server to server | |
| snopyta.org | client to server | |
| suchat.org | client to server | |
| trashserver.net | client to server | |
| trashserver.net | server to server | |
| valek.net | client to server | |
| valek.net | server to server | |
| xmpp.co | server to server | |
| xmpp.is | client to server | |
| xmpp.social | client to server | |
| xmpp.social | server to server | |
| xmpp.xyz | client to server | |
| zecircle.xyz | client to server |
| Target | Type | When |
|---|
| Target | Type | When |
|---|
| Target | Type | When |
|---|---|---|
| jabber.od.ua | client to server | |
| sysmaster.com | client to server |
| Target | SHA256(SPKI) |
|---|---|
| libus.pro c2s | 12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6 |
| valek.net c2s | 12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6 |
| valek.net s2s | 12:33:60:83:66:CA:E1:41:57:CB:68:0B:C9:BA:03:B3:C2:06:D4:DB:BA:08:C1:9D:A8:04:E5:99:DC:48:86:A6 |
| groups.xmpp.dedikerad.org s2s | 23:17:FA:42:DF:E7:4F:F4:60:24:C5:5D:40:1B:A6:04:41:F6:12:C8:FE:C1:4C:AB:FD:9C:52:50:03:A2:F7:69 |
| xmpp.dedikerad.org c2s | 23:17:FA:42:DF:E7:4F:F4:60:24:C5:5D:40:1B:A6:04:41:F6:12:C8:FE:C1:4C:AB:FD:9C:52:50:03:A2:F7:69 |
| xmpp.co s2s | 6A:65:1E:BB:AB:80:A3:55:C7:30:08:B2:F7:5B:AA:01:03:41:97:39:FB:24:BE:87:6A:4C:CC:4B:84:44:DB:B4 |
| xmpp.is c2s | 6A:65:1E:BB:AB:80:A3:55:C7:30:08:B2:F7:5B:AA:01:03:41:97:39:FB:24:BE:87:6A:4C:CC:4B:84:44:DB:B4 |
| xmpp.xyz c2s | 6A:65:1E:BB:AB:80:A3:55:C7:30:08:B2:F7:5B:AA:01:03:41:97:39:FB:24:BE:87:6A:4C:CC:4B:84:44:DB:B4 |
| jabberx.net c2s | 83:1A:F9:55:1D:DF:A1:2E:0A:0A:46:A8:E5:C5:5A:4B:B8:F1:73:AE:E1:22:93:DF:B9:F1:EE:6D:36:30:67:08 |
| xmppx.io c2s | 83:1A:F9:55:1D:DF:A1:2E:0A:0A:46:A8:E5:C5:5A:4B:B8:F1:73:AE:E1:22:93:DF:B9:F1:EE:6D:36:30:67:08 |