Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 216 results

SSL 2 0 0%
SSL 3 11 5.1%
TLS 1.0 149 69%
TLS 1.1 157 72.7%
TLS 1.2 209 96.8%

Grades 216 results

A 176 81.5%
B 25 11.6%
C 15 6.9%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 3 1.4%
2048 114 53.5%
3072 2 0.9%
4096 94 44.1%

StartTLS

Type Client to server Server to server
Required 100 74.1% 48 59.3%
Allowed 35 25.9% 33 40.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 209 86.7% 14 5.8%
Invalid 5 2.1% 13 5.4%

SASL mechanisms 135 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 34 25.2% 132 97.8%
SCRAM-SHA-1 30 22.2% 116 85.9%
X-OAUTH2 14 10.4% 49 36.3%
SCRAM-SHA-1-PLUS 0 0% 42 31.1%
DIGEST-MD5 23 17% 37 27.4%
CRAM-MD5 7 5.2% 8 5.9%
ANONYMOUS 2 1.5% 2 1.5%
JIVE-SHAREDSECRET 2 1.5% 2 1.5%
OFMEET 1 0.7% 1 0.7%
NTLM 1 0.7% 1 0.7%
LOGIN 0 0% 1 0.7%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
Let's Encrypt Authority X3 E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB 122
COMODO RSA Domain Validation Secure Server CA 33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39 3
Let's Encrypt Authority X3 1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8 3
DFN-Verein Global Issuing CA C9:DC:B0:47:AC:8C:5F:09:05:ED:77:52:8C:BD:4B:84:D9:46:3C:45 2
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 2
RapidSSL RSA CA 2018 98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D 2
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 2
localhost B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83 1
localhost 0E:B9:94:69:38:03:5B:F0:B6:62:84:08:DD:5C:B6:1C:45:5B:E7:92 1
localhost 74:46:37:BB:92:F3:2F:EA:A1:88:BE:AA:48:61:DD:6B:4D:13:40:49 1
octavianonline.com 41:48:80:0B:33:B0:55:33:0A:98:B8:D9:6F:CF:AB:94:4B:49:F1:DE 1
onex CB:EA:86:1C:04:74:43:9B:97:43:64:34:46:43:0A:4A:39:E8:D8:24 1
qt.is 09:9B:BA:7C:28:0F:A4:45:CF:75:29:0E:EC:FF:A6:6A:22:FE:5A:44 1
RWTH Aachen CA 37:14:A5:0B:4C:96:04:6D:57:CD:6D:36:E1:79:E9:76:2B:F7:DB:5F 1
syriabuzz.org 2E:65:57:97:88:3F:1F:87:02:3D:54:9B:10:BF:B4:DD:66:50:21:50 1
TWCA Secure SSL Certification Authority 0A:72:EF:D6:60:FD:34:F2:54:E6:6A:85:95:BA:81:E6:0A:75:4E:68 1
52.37.225.132 AD:B0:53:D1:55:7A:9D:11:CB:0E:13:6A:F7:7A:A2:BD:17:00:2C:F9 1
(Unknown) F4:C8:6F:7B:89:57:6B:EE:13:5D:E7:5D:76:5E:04:F4:0C:23:79:B3 1
AlphaSSL CA - SHA256 - G2 4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC 1
COMODO ECC Domain Validation Secure Server CA 16:EE:54:E4:8C:76:EA:A1:05:2E:09:01:0D:8F:AE:FE:E9:5E:5E:BB 1
DigiCert SHA2 Extended Validation Server CA 7E:2F:3A:4F:8F:E8:FA:8A:57:30:AE:CA:02:96:96:63:7E:98:6F:3F 1
ejabberd 21:F5:83:EE:6A:07:73:53:CA:E7:CA:84:34:F7:36:09:53:37:2B:7D 1
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 1
jabber.masternetdon.ru 7B:80:EA:1A:7C:C0:66:F8:D5:AD:E1:82:D4:93:C5:F8:CD:40:BE:7F 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 3 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer
migtalk.com server to server syriabuzz.org
segin.ru client to server
segin.ru server to server

Servers with DNSSEC signed SRV records 50 results

Target Type When
disroot.org server to server
fossgalaxy.com client to server
jabber.at client to server
simplewire.de client to server
x0.chat client to server
xmpp.trshnet.de server to server
federez.net client to server
autistici.org client to server
beijinglug.club client to server
blug.moe client to server
ssji.net client to server
0x00.nz server to server
dismail.de client to server
jabber.de client to server
jabberpl.org client to server
jabber.systemli.org client to server
spemaus.de client to server
xmpp.lt server to server
0x00.nz client to server
domob.eu server to server
gaf.fs.lmu.de server to server
gajim.org client to server
xmpp.is client to server
4ept.net client to server
core.mx client to server
fysh.in client to server
gajim.org server to server
jabber.olden.ch server to server
jabberpl.org server to server
jabber.tcpreset.net client to server
kupschke.net client to server
strobeto.de client to server
wollu.xyz client to server
xmpp.trshnet.de client to server
404.city server to server
5222.de client to server
jabber.zone client to server
riseup.net client to server
trashserver.net server to server
wollu.xyz server to server
xmpp-hosting.de client to server
disroot.org client to server
domob.eu client to server
gaf.fs.lmu.de client to server
jabb3r.org client to server
jabber.zone server to server
kupschke.net server to server
magicbroccoli.de client to server
trashserver.net client to server
xmpp.lt client to server

Servers with DNSSEC signed DANE records 0 results

Target Type When

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 2 results

Target Type When
asguard.pro client to server
migtalk.com client to server

Servers sharing private keys 15 results

Target SHA256(SPKI)
chat.octavianonline.com c2s 33:7F:57:39:A7:3D:B5:C5:04:BB:B4:C7:DD:69:58:4C:28:5C:66:42:0D:1E:98:D8:00:CE:6D:15:74:9D:4B:85
octavianonline.com c2s 33:7F:57:39:A7:3D:B5:C5:04:BB:B4:C7:DD:69:58:4C:28:5C:66:42:0D:1E:98:D8:00:CE:6D:15:74:9D:4B:85
octavianonline.com s2s 33:7F:57:39:A7:3D:B5:C5:04:BB:B4:C7:DD:69:58:4C:28:5C:66:42:0D:1E:98:D8:00:CE:6D:15:74:9D:4B:85
netdock.i234.me c2s 3C:42:24:5A:19:26:AE:BE:12:8C:4F:88:9A:15:F6:6C:F5:90:64:AF:1C:51:60:95:8E:AC:F7:78:41:9D:62:6B
netdock.i234.me s2s 3C:42:24:5A:19:26:AE:BE:12:8C:4F:88:9A:15:F6:6C:F5:90:64:AF:1C:51:60:95:8E:AC:F7:78:41:9D:62:6B
netdock.servehttp.com s2s 3C:42:24:5A:19:26:AE:BE:12:8C:4F:88:9A:15:F6:6C:F5:90:64:AF:1C:51:60:95:8E:AC:F7:78:41:9D:62:6B
0x00.nz c2s 5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
0x00.nz s2s 5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
xmpp.lt c2s 5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
xmpp.lt s2s 5C:D7:4D:95:7C:54:33:BF:DD:92:69:56:68:35:91:C0:B7:53:E0:F3:4C:E8:10:DA:AD:82:E6:6D:B4:D8:C7:AB
beijinglug.club c2s 9F:71:E2:62:E8:17:A7:83:3C:03:DD:BA:96:F9:7F:85:C8:ED:BE:15:3A:AB:8A:BE:B1:9A:02:7D:46:28:26:08
blug.moe c2s 9F:71:E2:62:E8:17:A7:83:3C:03:DD:BA:96:F9:7F:85:C8:ED:BE:15:3A:AB:8A:BE:B1:9A:02:7D:46:28:26:08
medusa.priv.at c2s ED:CF:93:1C:3A:6B:7D:D6:B2:3A:FA:C2:A2:C8:42:1D:8D:63:A6:87:FB:09:83:DD:7F:CF:5E:77:41:CF:62:0E
xmpp.medusa.priv.at c2s ED:CF:93:1C:3A:6B:7D:D6:B2:3A:FA:C2:A2:C8:42:1D:8D:63:A6:87:FB:09:83:DD:7F:CF:5E:77:41:CF:62:0E
xmpp.medusa.priv.at s2s ED:CF:93:1C:3A:6B:7D:D6:B2:3A:FA:C2:A2:C8:42:1D:8D:63:A6:87:FB:09:83:DD:7F:CF:5E:77:41:CF:62:0E