Server Features » TLS Certificate » Hostname mismatch » Nefarious

TLS certificate status: Hostname mismatch

Percentage of SSL/TLS servers with certificate status Hostname mismatch. Showing percentages for Nefarious servers only.

About this test result: While connecting to server X we were offered a certificate of server Y. This will generate a certificate warning on the IRC client.
Note that some servers don't offer a valid certificate for their server name in which case we try to match it against the round robin name. We do this by resolving the certificate CN and any SAN's back to IP addresses to see if it matches the server. For wildcard DNS we do the same with some heuristics like irc.domain.tld. This test is not perfect in case of geotargetted DNS or wildcard certificates where irc.domain.tld is not in use. This test result may thus contain some false positives.
Note on statistics:

Table

Percentage of SSL/TLS servers with certificate status Hostname mismatch. Showing percentages for Nefarious servers only.
Version Sep 2017Dec 2018Dec 2019Dec 2020Dec 2021Dec 2022Dec 2023
2.0 2% 2% 0% 0% 0% 0% 3%
(Download JSON data set)