Various reports of all servers tested

Report for december 2013 | Results of the last day | Results of the last week | Results of the last month

TLS versions 200 results

SSL 2 0 0%
SSL 3 6 3%
TLS 1.0 162 81%
TLS 1.1 173 86.5%
TLS 1.2 198 99%

Grades 200 results

A 159 79.5%
B 36 18%
C 4 2%
D 0 0%
E 0 0%
F 1 0.5%
Does not penalize untrusted certificates.

RSA key sizes for domain certificates

RSA key size Count
1024 2 1%
2048 108 56.3%
3072 2 1%
4096 80 41.7%

StartTLS

Type Client to server Server to server
Required 69 74.2% 54 50.5%
Allowed 24 25.8% 53 49.5%

Trust

To do authenticated encryption, a certificate needs to be both trusted and valid. Trusted means it is issued by a well-known CA and valid means it is valid for the domain we want to connect to.

Trusted Untrusted
Valid 148 69.5% 35 16.4%
Invalid 19 8.9% 11 5.2%

SASL mechanisms 93 results

Mechanism # times offered before TLS # times offered after TLS
PLAIN 23 24.7% 92 98.9%
SCRAM-SHA-1 20 21.5% 72 77.4%
SCRAM-SHA-1-PLUS 0 0% 28 30.1%
DIGEST-MD5 14 15.1% 28 30.1%
X-OAUTH2 9 9.7% 24 25.8%
CRAM-MD5 5 5.4% 5 5.4%
X-GOOGLE-TOKEN 4 4.3% 4 4.3%
ANONYMOUS 1 1.1% 1 1.1%
CISCO-VTG-TOKEN 0 0% 1 1.1%
JIVE-SHAREDSECRET 1 1.1% 1 1.1%
LOGIN 1 1.1% 1 1.1%
MSN 1 1.1% 1 1.1%

Servers supporting SSL 3, but not TLS 1.0 1 results

SSL 3 and TLS 1.0 are very similar, but TLS 1.0 has some small improvements. This table is meant to help judge whether SSL 3 can be disabled by listing the servers that do support SSL 3, but not TLS 1.0.

Target Type When
pochtamt.ru server to server

Servers supporting SSL 2 0 results

SSL 2 is broken and insecure. It is not required for compatibility and servers should disable it.

Target Type When

CAs used Top 30

Name/Organization SHA1 Count

Servers using <2048-bit RSA certificates which expires after 01-01-2014 0 results

As described in the CA/Browser Forum Baseline Requirements, certificates with RSA keys with less than 2048 bits should not be issued with an notAfter date after 31-12-2013. This list lists all certificates which violate that rule.

Target Type When Issuer

Servers with DNSSEC signed SRV records 74 results

Target Type When
4ept.net server to server
byteland.cc server to server
chaoslab.org server to server
chatme.biz client to server
darac.org.uk server to server
demouliere.eu server to server
dreckshal.de server to server
elaon.de server to server
expx.net client to server
galinette-cendree.fr client to server
geeknik.com server to server
hangingalong.ch client to server
hermetek.com server to server
hlotsof.org server to server
im.dragonsdawn.net server to server
jabber.5july.org client to server
jabber.at client to server
jabber.cat server to server
jabber.freenet.de client to server
jabber.taclan.de server to server
k8n.de server to server
metacode.biz server to server
nerdwind.de server to server
nonexiste.net client to server
nsula.edu server to server
nxdomain.fi client to server
pimux.de server to server
samir.re server to server
slang.cool client to server
spodhuis.org client to server
spodhuis.org server to server
test.freespoken.nz server to server
thalheim.io server to server
verdammung.org client to server
xmar.eu client to server
xmpp.cx server to server
xmpp.dk server to server
burtrum.org server to server
cable.comcast.com server to server
calyxinstitute.org server to server
cyberfusion.nl server to server
deepdarc.com client to server
dimitris.xyz server to server
elcentral.de client to server
f-ck.eu client to server
foob4r.org client to server
foob4r.org server to server
fysh.in client to server
gajim.org server to server
hardfalcon.net client to server
heypete.com client to server
hotplate.co.nz client to server
huttiesroow.nl client to server
icq.jabber.hot-chilli.net server to server
im.cyberjinh.fr client to server
im.hot-chilli.eu server to server
incenp.org server to server
jabber.freenet.de server to server
jabber.ietf.org server to server
jabber.taclan.de client to server
jabberzac.org client to server
jhcloos.com server to server
mci4me.at client to server
nonexiste.net server to server
pinaraf.info client to server
pinterjann.is server to server
postadigitale.de server to server
sn0.de server to server
test.normandie-univ.fr client to server
the-grid.xyz client to server
wavecon.de server to server
xmpp.xyz server to server
z-i-m-a.de server to server
zuijlen.eu client to server

Servers with DNSSEC signed DANE records 18 results

Target Type When
burtrum.org server to server
erfier.de server to server
f-ck.eu client to server
hardfalcon.net client to server
icq.jabber.hot-chilli.net server to server
im.hot-chilli.eu server to server
incenp.org server to server
jabber.at client to server
jhcloos.com server to server
k8n.de server to server
mci4me.at client to server
nerdwind.de server to server
pimux.de server to server
pinterjann.is server to server
samir.re server to server
spodhuis.org client to server
spodhuis.org server to server
wavecon.de server to server

Servers with a hidden service 0 results

Target Type When

Servers not offering encryption 6 results

Target Type When
goritskov.com client to server
injiz.net server to server
telus.ca server to server
xmpp.texttime.com client to server
xmpp.zumpy.com.br client to server
yaweb.ddns.net server to server

Servers sharing private keys 23 results

Target SHA256(SPKI)
bigmir.net c2s 06:C5:45:AA:9A:29:5B:A2:D4:B3:A7:B7:12:70:F8:92:1F:59:66:35:3B:7E:A2:9B:56:4A:B6:4B:CA:7F:DE:46
bunin.cc c2s 06:C5:45:AA:9A:29:5B:A2:D4:B3:A7:B7:12:70:F8:92:1F:59:66:35:3B:7E:A2:9B:56:4A:B6:4B:CA:7F:DE:46
email.gwu.edu c2s 06:C5:45:AA:9A:29:5B:A2:D4:B3:A7:B7:12:70:F8:92:1F:59:66:35:3B:7E:A2:9B:56:4A:B6:4B:CA:7F:DE:46
heypete.com c2s 06:C5:45:AA:9A:29:5B:A2:D4:B3:A7:B7:12:70:F8:92:1F:59:66:35:3B:7E:A2:9B:56:4A:B6:4B:CA:7F:DE:46
psynet.su c2s 3D:2D:40:22:D2:1E:B2:5C:AC:A7:47:21:62:38:8E:52:95:D7:AA:C3:2F:7A:63:CF:97:42:7B:E1:73:E5:6D:E3
xmpp.psynet.su s2s 3D:2D:40:22:D2:1E:B2:5C:AC:A7:47:21:62:38:8E:52:95:D7:AA:C3:2F:7A:63:CF:97:42:7B:E1:73:E5:6D:E3
irc.jabber.at s2s 48:C9:16:17:C4:E4:6F:89:A1:D1:25:79:B0:92:63:AC:5A:AC:54:55:73:30:10:F7:74:35:51:9A:99:9A:A6:2A
jabber.at c2s 48:C9:16:17:C4:E4:6F:89:A1:D1:25:79:B0:92:63:AC:5A:AC:54:55:73:30:10:F7:74:35:51:9A:99:9A:A6:2A
xmpp.cx s2s 9A:8F:12:4D:95:40:E3:F0:DD:6D:7C:CC:F0:FA:4C:DC:64:C9:AF:73:F3:A8:92:57:78:FB:56:C6:81:22:64:2E
xmpp.xyz s2s 9A:8F:12:4D:95:40:E3:F0:DD:6D:7C:CC:F0:FA:4C:DC:64:C9:AF:73:F3:A8:92:57:78:FB:56:C6:81:22:64:2E
cable.comcast.com s2s 9B:18:3E:19:77:68:1E:85:96:63:BC:17:B1:7E:51:3F:70:10:36:E6:B6:ED:09:A9:68:3F:CB:22:B5:37:E5:F7
reuters.net s2s 9B:18:3E:19:77:68:1E:85:96:63:BC:17:B1:7E:51:3F:70:10:36:E6:B6:ED:09:A9:68:3F:CB:22:B5:37:E5:F7
telus.ca s2s 9B:18:3E:19:77:68:1E:85:96:63:BC:17:B1:7E:51:3F:70:10:36:E6:B6:ED:09:A9:68:3F:CB:22:B5:37:E5:F7
im.berthelot.org c2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
im.digitalspirit.org c2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
im.digitalspirit.org s2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
im.monjalon.net c2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
im.vuntz.net c2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
jabber.kubuntu-fr.org s2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
jabber.magnetik.org c2s BC:4B:E8:E7:08:02:FF:09:90:AE:CC:77:DE:88:F3:CA:24:2B:B8:C4:55:68:17:6C:51:29:64:50:26:E0:95:5A
bigmir.net c2s C1:6D:93:11:E1:0B:B9:B9:A0:2B:0A:4B:31:CB:15:81:3C:E1:83:2E:A2:76:DF:A3:81:C9:F4:2B:CB:AC:FB:23
bunin.cc c2s C1:6D:93:11:E1:0B:B9:B9:A0:2B:0A:4B:31:CB:15:81:3C:E1:83:2E:A2:76:DF:A3:81:C9:F4:2B:CB:AC:FB:23
heypete.com c2s C1:6D:93:11:E1:0B:B9:B9:A0:2B:0A:4B:31:CB:15:81:3C:E1:83:2E:A2:76:DF:A3:81:C9:F4:2B:CB:AC:FB:23