Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 281 results

SSL 2 0 0%
SSL 3 2 0.7%
TLS 1.0 103 36.7%
TLS 1.1 107 38.1%
TLS 1.2 281 100%

Grades 281 results

A 259 92.2%
B 20 7.1%
C 2 0.7%
D 0 0%
E 0 0%
F 0 0%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
2048 167 65%
3072 4 1.6%
4096 86 33.5%

StartTLS

Type Client to server Server to server
Required 187 90.8% 49 65.3%
Allowed 19 9.2% 26 34.7%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 0% 216 70.4%
Invalid 87 28.3% 4 1.3%

SASL mechanisms 206 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 22 10.7% 202 98.1%
SCRAM-SHA-1 23 11.2% 183 88.8%
SCRAM-SHA-1-PLUS 0 0% 148 71.8%
X-OAUTH2 6 2.9% 47 22.8%
DIGEST-MD5 15 7.3% 33 16%
SCRAM-SHA-512-PLUS 0 0% 22 10.7%
SCRAM-SHA-512 1 0.5% 22 10.7%
SCRAM-SHA-256 1 0.5% 20 9.7%
SCRAM-SHA-256-PLUS 0 0% 20 9.7%
CRAM-MD5 8 3.9% 9 4.4%
JIVE-SHAREDSECRET 4 1.9% 4 1.9%
SCRAM-SHA-384 0 0% 2 1%
SCRAM-SHA-384-PLUS 0 0% 2 1%
ANONYMOUS 1 0.5% 1 0.5%
LOGIN 0 0% 1 0.5%
EXTERNAL 0 0% 1 0.5%
TIKITOKEN 1 0.5% 1 0.5%
X-GOOGLE-TOKEN 1 0.5% 1 0.5%

Servers supporting SSL 3, but not TLS 1.0 0 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count
R3 A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 181
Sectigo RSA Domain Validation Secure Server CA 33:E4:E8:08:07:20:4C:2B:61:82:A3:A1:4B:59:1A:CD:25:B5:F0:DB 5
ZeroSSL RSA Domain Secure Site CA C8:1A:8B:D1:F9:CF:6D:84:C5:25:F3:78:CA:1D:3F:8C:30:77:0E:34 4
ZeroSSL ECC Domain Secure Site CA 7F:95:27:6D:49:51:49:9F:D7:56:DF:34:4A:A2:4F:B3:8C:EA:F6:78 2
Go Daddy Secure Certificate Authority - G2 27:AC:93:69:FA:F2:52:07:BB:26:27:CE:FA:CC:BE:4E:F9:C3:19:B8 2
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 9B:D0:8A:58:87:6F:6C:84:9D:B6:BB:99:A8:B1:94:89:26:47:86:0E 2
DigiCert TLS RSA SHA256 2020 CA1 1C:58:A3:A8:51:8E:87:59:BF:07:5B:76:B7:50:D4:F2:DF:26:4F:CD 2
silverteam.pro A4:74:C2:C8:D5:DD:4A:1B:B6:2B:99:FA:30:58:93:15:0A:C5:D8:CD 1
GEANT OV RSA CA 4 C2:82:6E:26:6D:74:05:D3:4E:F8:97:62:63:6A:E4:B3:6E:86:CB:5E 1
id.tigaputri.asia F6:CE:D8:6F:F2:0B:1B:ED:C6:79:85:7A:FA:B3:D3:39:96:11:42:96 1
E1 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 1
CA02 15:24:F9:D3:86:14:6A:6F:3F:A3:F8:91:98:91:D6:34:41:87:F9:18 1
reckless.network 28:2A:7A:58:DC:75:E2:CD:6D:7C:79:59:EE:A4:CC:A7:6E:9E:2C:C9 1
srv005.legisweb.com.br 99:80:94:8F:1D:43:2E:D6:77:9D:85:E0:78:91:EB:CA:E3:1C:A8:2A 1
reckless.chat 02:20:84:01:BC:C7:D3:C4:AD:1B:56:12:ED:43:C8:D6:39:6B:6F:BA 1
stagechat.baxtapets.com ED:AD:42:A2:04:A7:6C:11:90:D7:02:67:B7:95:65:26:6C:4D:10:E8 1
self-signed-certificate E6:9D:CC:5A:B1:F3:B9:66:F3:F0:A2:3E:BB:26:83:31:74:4A:91:76 1
(STAGING) Ersatz Edamame E1 F9:4F:5D:8C:BC:DD:46:80:A5:A4:D8:DE:8E:27:0B:F9:EB:C5:B9:EB 1
213.230.66.90 97:BA:2D:97:16:5A:A7:E4:EE:16:9E:D2:C4:34:67:FE:BF:8A:64:6C 1
R3 48:50:4E:97:4C:0D:AC:5B:5C:D4:76:C8:20:22:74:B2:4C:8C:71:72 1
outlaw.chat 7C:A9:34:81:07:5C:A5:DF:2D:F9:0C:6B:55:E5:BE:38:01:84:6B:89 1
GeoTrust RSA CA 2018 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B 1
GlobalSign GCC R3 DV TLS CA 2020 1C:61:0A:0A:87:D4:92:F4:83:22:C2:AF:D3:BE:9B:6A:D3:6B:6B:EE 1
GTS CA 1C3 1E:7E:F6:47:CB:A1:50:28:1C:60:89:72:57:10:28:78:C4:BD:8C:DC 1
(STAGING) Artificial Apricot R3 EF:C3:E6:6B:01:D3:73:F3:2D:AB:9B:DC:58:1B:59:C1:86:0C:DD:C4 1
Thawte TLS RSA CA G1 C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 1

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 71 results

Target Type When
07f.de client to server
101.wf client to server
404.city client to server
5222.de client to server
a11k.net client to server
a3.pm client to server
a3.pm server to server
be3.ovh client to server
beherit.pl client to server
bignet.bid client to server
blug.moe client to server
chat.mebious.net client to server
chat.mebious.net server to server
cislik.de server to server
cloudfiles.at server to server
colloquy.ca client to server
colloquy.ca server to server
core.radiosignal.net client to server
core.radiosignal.net server to server
debian.org client to server
dismail.de client to server
disroot.org client to server
elcentral.de client to server
hactrn.ch client to server
hookipa.net client to server
hookipa.net server to server
hulegarden.dedyn.io client to server
im.mikrocon.de client to server
jabb3r.org client to server
jabber.5july.net client to server
jabber.at client to server
jabber.calyxinstitute.org client to server
jabber.chaosbern.ch client to server
jabber.chaostreff-bern.ch client to server
jabber.chaostreffbern.ch client to server
jabber.de client to server
jabber.de server to server
jabber.eniehack.net client to server
jabber.fr server to server
jabber.hot-chilli.net client to server
jabber.ovh client to server
jabber.tcpreset.net client to server
lightwitch.org client to server
magicbroccoli.de client to server
mailbox.org client to server
mailneumann.de client to server
mailneumann.de server to server
mdosch.de client to server
nixnet.services client to server
nomsis.de client to server
outlaw.chat client to server
paratus.club client to server
parloteo.es client to server
psynet.su client to server
r2.rm3811.net client to server
rm3811.net client to server
rm3811.net server to server
secluded.site client to server
stingbyte.com client to server
stingbyte.com server to server
suchat.org client to server
telephony.network client to server
trashserver.net client to server
uni-bremen.de client to server
wiuwiu.de client to server
xmpp.indigoindustries.xyz server to server
xmpp.is client to server
xmpp.lv client to server
xmpp.lv server to server
xmpp.mebious.net client to server
xmpp.social server to server

Servers with DNSSEC signed DANE records 19 results

Target Type When
5222.de client to server
beherit.pl client to server
blug.moe client to server
cloudfiles.at server to server
debian.org client to server
hookipa.net client to server
hookipa.net server to server
jabb3r.org client to server
jabber.at client to server
jabber.calyxinstitute.org client to server
jabber.hot-chilli.net client to server
lightwitch.org client to server
mailbox.org client to server
mdosch.de client to server
psynet.su client to server
suchat.org client to server
wiuwiu.de client to server
xmpp.social server to server
yax.im client to server

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 1 results

Target Type When
id.tigaputri.asia client to server

Servers sharing private keys 25 results

Target SHA256(SPKI)
01337.io c2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
0day.im c2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
darknet.im c2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
darknet.im s2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
shad0w.io c2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
shad0w.la s2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
sqli.io c2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
sqli.io s2s 28:BB:4E:BD:B4:77:A3:D6:E8:30:03:9E:F5:B7:23:B5:1A:89:A4:EB:C1:2D:A2:09:34:FD:47:91:92:88:46:65
conference.chaostreffbern.ch s2s 79:3C:43:05:78:80:D2:83:35:BA:AD:DE:D7:55:82:C3:FF:37:E6:1F:A8:22:16:80:42:28:D5:05:5C:61:D9:F9
jabber.chaosbern.ch c2s 79:3C:43:05:78:80:D2:83:35:BA:AD:DE:D7:55:82:C3:FF:37:E6:1F:A8:22:16:80:42:28:D5:05:5C:61:D9:F9
jabber.chaostreff-bern.ch c2s 79:3C:43:05:78:80:D2:83:35:BA:AD:DE:D7:55:82:C3:FF:37:E6:1F:A8:22:16:80:42:28:D5:05:5C:61:D9:F9
jabber.chaostreffbern.ch c2s 79:3C:43:05:78:80:D2:83:35:BA:AD:DE:D7:55:82:C3:FF:37:E6:1F:A8:22:16:80:42:28:D5:05:5C:61:D9:F9
garfield.city c2s AC:56:95:C8:3A:86:31:C0:FE:21:AB:B3:99:4D:79:6A:02:D2:6B:2A:34:97:0A:6C:AF:2C:B9:48:84:FD:CA:4B
garfield.city s2s AC:56:95:C8:3A:86:31:C0:FE:21:AB:B3:99:4D:79:6A:02:D2:6B:2A:34:97:0A:6C:AF:2C:B9:48:84:FD:CA:4B
xmpp.garfield.city c2s AC:56:95:C8:3A:86:31:C0:FE:21:AB:B3:99:4D:79:6A:02:D2:6B:2A:34:97:0A:6C:AF:2C:B9:48:84:FD:CA:4B
r2.rm3811.net c2s BC:07:B2:26:2B:AB:AB:8F:99:B2:51:E5:DE:D6:74:29:85:AE:29:34:90:D7:42:87:BF:ED:40:F1:5D:AB:7E:B3
rm3811.net c2s BC:07:B2:26:2B:AB:AB:8F:99:B2:51:E5:DE:D6:74:29:85:AE:29:34:90:D7:42:87:BF:ED:40:F1:5D:AB:7E:B3
rm3811.net s2s BC:07:B2:26:2B:AB:AB:8F:99:B2:51:E5:DE:D6:74:29:85:AE:29:34:90:D7:42:87:BF:ED:40:F1:5D:AB:7E:B3
im.apinc.org c2s E8:F8:76:67:90:D9:F1:4E:B1:9E:90:B6:AB:B4:1E:7C:E8:EA:CC:E1:72:5C:2D:3E:DB:18:BF:DE:59:44:A0:04
jabber.fr s2s E8:F8:76:67:90:D9:F1:4E:B1:9E:90:B6:AB:B4:1E:7C:E8:EA:CC:E1:72:5C:2D:3E:DB:18:BF:DE:59:44:A0:04
1jabber.com c2s F3:83:B5:A8:E9:25:75:42:39:85:12:00:A8:3D:C3:FB:25:1F:59:22:C9:9A:A9:67:49:85:66:8F:81:42:E4:7A
1jabber.com s2s F3:83:B5:A8:E9:25:75:42:39:85:12:00:A8:3D:C3:FB:25:1F:59:22:C9:9A:A9:67:49:85:66:8F:81:42:E4:7A
nologs.club c2s F3:83:B5:A8:E9:25:75:42:39:85:12:00:A8:3D:C3:FB:25:1F:59:22:C9:9A:A9:67:49:85:66:8F:81:42:E4:7A
nologs.club s2s F3:83:B5:A8:E9:25:75:42:39:85:12:00:A8:3D:C3:FB:25:1F:59:22:C9:9A:A9:67:49:85:66:8F:81:42:E4:7A
strong.pm c2s F3:83:B5:A8:E9:25:75:42:39:85:12:00:A8:3D:C3:FB:25:1F:59:22:C9:9A:A9:67:49:85:66:8F:81:42:E4:7A