Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 163 results

SSL 2	0 0%
SSL 3	2 1.2%
TLS 1.0	99 60.7%
TLS 1.1	109 66.9%
TLS 1.2	162 99.4%

Grades 163 results

A	141 86.5%
B	20 12.3%
C	2 1.2%
D	0 0%
E	0 0%
F	0 0%

Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size	Count
1024	3 1.8%
2048	82 50%
3072	2 1.2%
4096	77 47%

StartTLS

Type	Client to server	Server to server
Required	82 76.6%	34 60.7%
Allowed	25 23.4%	22 39.3%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

	Trusted	Untrusted
Valid	152 84.4%	15 8.3%
Invalid	2 1.1%	11 6.1%

SASL mechanisms 107 results

Mechanism	# times offered before TLS	# times offered after TLS
PLAIN	22 20.6%	99 92.5%
SCRAM-SHA-1	20 18.7%	87 81.3%
X-OAUTH2	6 5.6%	31 29%
SCRAM-SHA-1-PLUS	0 0%	30 28%
DIGEST-MD5	14 13.1%	26 24.3%
CRAM-MD5	7 6.5%	8 7.5%
ANONYMOUS	3 2.8%	3 2.8%
LOGIN	0 0%	1 0.9%
OFMEET	1 0.9%	1 0.9%
TIKITOKEN	1 0.9%	1 0.9%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target	Type	When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target	Type	When

CAs used Top 30

Name/Organization	SHA1	Count
Let's Encrypt Authority X3	E6:A3:B4:5B:06:2D:50:9B:33:82:28:2D:19:6E:FE:97:D5:95:6C:CB	100
Go Daddy Secure Certificate Authority - G2	27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8	4
Let's Encrypt Authority X3	1B:23:67:53:54:FC:AD:90:11:9D:88:07:50:15:EA:17:AD:D5:27:D8	2
getbabyscripts.com	68:81:01:9E:95:5D:D1:64:51:A1:9B:3F:DE:4E:CF:34:E7:0E:51:85	1
localhost	7B:36:15:C0:87:3A:FB:9B:22:FE:33:BE:A4:CC:1E:00:8C:10:59:4B	1
COMODO RSA Domain Validation Secure Server CA	33:9C:DD:57:CF:D5:B1:41:16:9B:61:5F:F3:14:28:78:2D:1D:A6:39	1
weaver	75:0B:E7:F1:32:6C:EE:4B:AD:52:4E:F1:6B:BB:53:BB:A7:87:E7:EB	1
proc.ru	BC:BC:D8:21:38:07:BC:5C:71:B1:CA:E1:F0:9C:42:F8:C1:7A:3B:87	1
GeoTrust RSA CA 2018	7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B	1
CAcert Class 3 Root	AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE	1
GlobalSign Organization Validation CA - SHA256 - G2	90:2E:F2:DE:EB:3C:5B:13:EA:4C:3D:51:93:62:93:09:E2:31:AE:55	1
localhost	B9:B3:E3:1F:26:CC:BF:DF:1E:78:9D:CA:61:A7:40:C5:FF:9C:E9:83	1
RapidSSL RSA CA 2018	98:C6:A8:DC:88:79:63:BA:3C:F9:C2:73:1C:BD:D3:F7:DE:05:AC:2D	1
srv-107.nx7.net	27:3A:84:1B:67:15:2A:51:F0:61:7F:CC:82:A4:78:57:16:72:35:FC	1
AlphaSSL CA - SHA256 - G2	4C:27:43:17:17:56:5A:3A:07:F3:E6:D0:03:2C:42:58:94:9C:F9:EC	1
Sectigo RSA Domain Validation Secure Server CA	33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB	1
xtribeopenfire100.xtribe.local	D1:14:29:98:93:84:F1:94:4A:81:5C:8B:DE:A5:F8:F7:7B:E7:8E:F8	1
Network Solutions OV Server CA 2	44:0F:F6:8A:35:E0:39:95:AC:55:E4:57:A6:7E:B1:68:0F:9A:7C:DD	1
admin@idalgo.es	D9:F8:DB:9A:BE:E9:15:15:92:02:CE:B9:FD:9E:A2:82:A5:D3:A4:52	1
carding.network	5D:F9:57:0A:33:C2:59:EF:38:1A:CF:91:22:FE:25:AC:67:F2:45:80	1
chat.rosetta.ovh	C3:B9:C7:AB:11:0D:E2:3B:B8:CB:7A:47:01:5B:D4:6B:46:89:41:8F	1
SwissSign Server Silver CA 2014 - G22	55:BE:46:7A:A4:4B:F0:C1:5D:4B:CB:D0:6B:DC:A2:4B:BA:94:1E:13	1
savpol.local	2E:5C:32:28:27:3E:D8:EB:DD:D6:B0:B7:15:89:AE:D2:B7:FE:ED:C9	1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 3 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target	Type	When	Issuer
bunin.im	server to server	2019-10-10T11:49:54+00:00	admin@idalgo.es
jabber.proc.ru	client to server	2019-10-11T12:11:16+00:00	proc.ru
jabber.proc.ru	server to server	2019-10-11T12:12:00+00:00	proc.ru

Servers with DNSSEC signed SRV records 48 results

Target	Type	When
404.city	server to server	2019-10-16T05:00:33+00:00
coders-nemesis.eu	client to server	2019-10-13T12:36:14+00:00
core.mx	client to server	2019-10-16T05:31:24+00:00
death.social	client to server	2019-10-14T19:12:08+00:00
death.social	server to server	2019-10-14T19:19:18+00:00
dismail.de	client to server	2019-10-15T21:17:47+00:00
faceless.city	server to server	2019-10-16T08:58:50+00:00
faui2k9.de	client to server	2019-10-13T12:29:16+00:00
faui2k9.de	server to server	2019-10-13T13:07:55+00:00
huskyno.se	client to server	2019-10-15T17:39:16+00:00
huskyno.se	server to server	2019-10-15T17:48:13+00:00
intelfx.name	client to server	2019-10-12T17:44:36+00:00
intelfx.name	server to server	2019-10-12T17:44:47+00:00
invy.at	server to server	2019-10-13T10:31:03+00:00
jabb3r.org	client to server	2019-10-13T13:57:17+00:00
jabber.calyxinstitute.org	client to server	2019-10-14T19:47:56+00:00
jabber.de	client to server	2019-10-12T21:18:50+00:00
jabber.hot-chilli.eu	client to server	2019-10-16T17:35:07+00:00
jabber.hot-chilli.net	client to server	2019-10-16T19:30:14+00:00
jabber.systemli.org	client to server	2019-10-10T23:18:01+00:00
jabber.tcpreset.net	client to server	2019-10-16T15:49:14+00:00
levelsystems.eu	client to server	2019-10-17T01:35:57+00:00
magicbroccoli.de	client to server	2019-10-11T07:38:47+00:00
mailbox.org	client to server	2019-10-16T12:28:10+00:00
mailbox.org	server to server	2019-10-14T22:54:02+00:00
nologs.at	client to server	2019-10-16T19:25:56+00:00
nologs.at	server to server	2019-10-16T18:32:26+00:00
nologs.be	client to server	2019-10-16T05:29:06+00:00
nologs.be	server to server	2019-10-16T05:38:41+00:00
pywy.fr	server to server	2019-10-11T12:11:26+00:00
simplewire.de	client to server	2019-10-16T06:29:53+00:00
skynetcloud.site	client to server	2019-10-16T12:32:19+00:00
skynetcloud.site	server to server	2019-10-16T12:32:31+00:00
suchat.org	client to server	2019-10-16T19:27:49+00:00
thesecure.biz	client to server	2019-10-10T14:06:21+00:00
transitiv.net	client to server	2019-10-11T18:17:14+00:00
trashserver.net	client to server	2019-10-14T20:09:47+00:00
tuxli.ch	client to server	2019-10-16T19:42:37+00:00
tuxli.ch	server to server	2019-10-16T19:42:54+00:00
valentin-vidic.from.hr	client to server	2019-10-12T17:29:33+00:00
vanderwarker.family	client to server	2019-10-13T17:09:26+00:00
wiuwiu.de	client to server	2019-10-16T06:22:43+00:00
xmpp.cc	client to server	2019-10-16T05:48:51+00:00
xmpp.cc	server to server	2019-10-16T05:50:20+00:00
xmpp.is	client to server	2019-10-13T02:47:15+00:00
xmpp.lt	client to server	2019-10-16T05:44:16+00:00
xmpp.lt	server to server	2019-10-16T05:42:20+00:00
xmpp.skynetcloud.site	client to server	2019-10-11T10:50:04+00:00

Servers with DNSSEC signed DANE records 0 results

Target	Type	When

Servers with a hidden service 1 results

Target	Type	When
jabber.calyxinstitute.org	client to server	2019-10-14T19:47:56+00:00

Servers not offering encryption 2 results

Target	Type	When
ejabberd-dev.slatch.io	client to server	2019-10-15T13:25:48+00:00
selfnet.at	client to server	2019-10-12T21:36:52+00:00

Servers sharing private keys 16 results

Target	SHA256(SPKI)
carding.network c2s	2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
carding.network s2s	2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
chknet.io c2s	2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
chknet.io s2s	2B:40:BB:79:F6:50:BD:1A:87:EA:9C:1B:AA:E5:F1:2F:C2:25:E2:AC:98:45:E5:F9:E3:3B:8D:70:F8:2A:E7:FC
chatn.app c2s	54:05:02:CA:5E:E3:E7:38:48:32:55:72:A9:8A:7A:C9:47:42:67:DD:6C:AE:AE:DF:DE:BA:79:89:78:5F:0A:7D
dev.chatn.app c2s	54:05:02:CA:5E:E3:E7:38:48:32:55:72:A9:8A:7A:C9:47:42:67:DD:6C:AE:AE:DF:DE:BA:79:89:78:5F:0A:7D
chat.sum7.eu c2s	88:F2:80:CD:9D:8B:0E:02:9E:71:01:2C:74:61:FC:91:30:03:CF:7F:76:56:BA:FE:2A:E6:7C:42:87:D1:FF:2D
meckerspace.de c2s	88:F2:80:CD:9D:8B:0E:02:9E:71:01:2C:74:61:FC:91:30:03:CF:7F:76:56:BA:FE:2A:E6:7C:42:87:D1:FF:2D
jabjab.de c2s	89:E6:2D:9B:6F:1B:46:AC:62:9D:07:AB:6B:BE:94:0B:60:AD:7B:16:2E:75:61:34:79:7B:F6:7C:84:2A:C4:D4
planetjabber.de c2s	89:E6:2D:9B:6F:1B:46:AC:62:9D:07:AB:6B:BE:94:0B:60:AD:7B:16:2E:75:61:34:79:7B:F6:7C:84:2A:C4:D4
testxms.xtribeapp.com c2s	ED:D7:8F:16:71:2D:07:E0:60:99:9B:BE:76:63:19:83:18:73:07:D2:50:55:C3:BC:33:BE:BE:19:7E:34:95:1F
xms.xtribeapp.com c2s	ED:D7:8F:16:71:2D:07:E0:60:99:9B:BE:76:63:19:83:18:73:07:D2:50:55:C3:BC:33:BE:BE:19:7E:34:95:1F
usstaging.restcomm.com s2s	F5:E7:9D:A6:04:70:77:39:01:AD:28:60:0B:F5:BE:70:B7:F0:78:E4:B6:51:AC:CA:56:EE:B2:80:E5:3E:24:C4
usstaging-xmpp-synth-monitoring.restcomm.com s2s	F5:E7:9D:A6:04:70:77:39:01:AD:28:60:0B:F5:BE:70:B7:F0:78:E4:B6:51:AC:CA:56:EE:B2:80:E5:3E:24:C4
it.ecec.com c2s	F7:73:D5:04:41:9E:F3:8B:44:FF:2D:C8:8A:CD:C8:3D:92:1A:DA:70:CF:04:82:EE:8E:17:FB:5E:3D:74:9D:8A
spark.ecec.com c2s	F7:73:D5:04:41:9E:F3:8B:44:FF:2D:C8:8A:CD:C8:3D:92:1A:DA:70:CF:04:82:EE:8E:17:FB:5E:3D:74:9D:8A