Server Features » TLS

TLS support

4,178 servers (60%) out of the 6,955 IRC servers on the Internet have SSL/TLS support on port 6697.

Protocol chart

This shows the SSL/TLS protocols available on servers. You can click on the chart to see more details. You can also check the table at the bottom of this page.
Note on statistics: there is a difference in the gathering of TLS servers between 2017-2019 and 2020-onwards, see SSL/TLS statistics on the data page.

Table

Below you can see for each TLS version how often it is offered on IRC servers (percentage). Click an item to see more details.
SSL/TLS version Sep 2017Dec 2018Dec 2019Dec 2020Dec 2021Dec 2022Dec 2023
any 36% 40% 41% 51% 56% 58% 60%
ssl2 0% 0% 0% 0% 0% 0% 0%
ssl3 13% 10% 8% 4% 4% 3% 3%
tls1 33% 37% 36% 38% 42% 39% 27%
tls1_1 31% 36% 36% 42% 43% 40% 28%
tls1_2 32% 37% 39% 48% 54% 56% 59%
tls1_3 0% 1% 8% 21% 33% 40% 45%

Certificate validation

For all SSL/TLS servers we verified the certificate. Click on the chart to see more details. You can also check the table at the bottom of this page.
Note on statistics:
  • There is a difference in the gathering of TLS servers between 2017-2019 and 2020-onwards, see SSL/TLS statistics on the data page.
  • For certificate validation errors, OpenSSL (s_client) returns a single error only, so only 1 of the errors is picked even though one server cert could have multiple errors.
    • However, from 2023 onwards "Expired" is detected even when there are other errors (eg. Unknown CA).

Table

Certificate status Sep 2017Dec 2018Dec 2019Dec 2020Dec 2021Dec 2022Dec 2023
Any SSL/TLS certificate 100% 100% 100% 100% 100% 100% 100%
Valid certificate 19% 23% 25% 37% 37% 43% 41%
Self-signed certificate 58% 54% 51% 43% 42% 37% 37%
Unknown/non-trusted Certificate Authority 18% 16% 15% 15% 20% 15% 7%
Expired certificate 4% 5% 7% 5% 1% 3% 24%
Hostname mismatch 2% 2% 2% 0% 0% 2% 4%

Negotiated cipher

For all SSL/TLS servers we count the cipher that was negotiated between the client and the IRC server. Note that this says nothing about other ciphers that may also be available on the server.
Click on the chart to see more details. You can also check the table at the bottom of this page.
Note on statistics: there is a difference in the gathering of TLS servers between 2017-2019 and 2020-onwards, see SSL/TLS statistics on the data page.

Table

Cipher Sep 2017Dec 2018Dec 2019Dec 2020Dec 2021Dec 2022Dec 2023
AES-128 cipher 1% 2% 2% 2% 3% 6% 10%
AES-256 cipher 98% 86% 83% 75% 66% 60% 56%
CHACHA20 0% 10% 16% 23% 31% 34% 34%
Non-AES cipher 0% 0% 0% 0% 0% 0% 0%

Forward Secrecy

This shows how many of the SSL/TLS servers have Forward Secrecy enabled. Click on the chart to see more details. You can also check the table at the bottom of this page.
Note on statistics: there is a difference in the gathering of TLS servers between 2017-2019 and 2020-onwards, see SSL/TLS statistics on the data page.

Table

Forward Secrecy Sep 2017Dec 2018Dec 2019Dec 2020Dec 2021Dec 2022Dec 2023
Forward Secrecy enabled 69% 74% 81% 87% 92% 94% 95%
Forward Secrecy unavailable 31% 26% 19% 13% 8% 6% 5%

Hashing algorithm

For all SSL/TLS servers we counted the hashing algorithm that was negotiated between the client and the IRC server. Note that this says little about other hashing algorithms that may also be available on the server.
Click on the chart to see more details. You can also check the table at the bottom of this page.
Note on statistics: there is a difference in the gathering of TLS servers between 2017-2019 and 2020-onwards, see SSL/TLS statistics on the data page.

Table

Hashing algorithm Sep 2017Dec 2018Dec 2019Dec 2020Dec 2021Dec 2022Dec 2023
SHA-1 hashing algorithm 11% 7% 6% 3% 2% 2% 2%
SHA-256 hashing algorithm 7% 7% 13% 22% 31% 38% 43%
SHA-384 hashing algorithm 83% 77% 74% 70% 63% 57% 53%
SHA-512 hashing algorithm 0% 8% 6% 4% 3% 2% 2%
(Download JSON data sets)