Cipher scan results in April 2014

Update: The previous version of the tool incorrectly counted broken cipher suites (export, ADH, AECDH).

I scanned Alexa top 1 million sites between 5th and 17th of April 2014 and found out that many servers still not only are badly configured (prefer RC4 ciphers) but won’t negotiate with safely configured browser (one that does not support RC4).

 

SSL/TLS survey of 305280 websites from Alexa's top 0.97 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate
installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      274502    89.9181
3DES Only                 9641      3.1581
AES                       277199    90.8016
AES Only                  520       0.1703
AES-CBC Only              265       0.0868
AES-GCM                   100595    32.9517
AES-GCM Only              12        0.0039
CAMELLIA                  112135    36.7319
CAMELLIA Only             1         0.0003
CHACHA20                  19072     6.2474
RC4                       268295    87.8849
RC4 Only                  5408      1.7715
RC4 Preferred             59552     19.5073
RC4 forced in TLS1.1+     31737     10.396
z:ADH-AES128-GCM-SHA256   248       0.0812
z:ADH-AES128-SHA          1413      0.4629
z:ADH-AES128-SHA256       241       0.0789
z:ADH-AES256-GCM-SHA384   250       0.0819
z:ADH-AES256-SHA          1412      0.4625
z:ADH-AES256-SHA256       245       0.0803
z:ADH-CAMELLIA128-SHA     736       0.2411
z:ADH-CAMELLIA256-SHA     740       0.2424
z:ADH-DES-CBC-SHA         831       0.2722
z:ADH-DES-CBC3-SHA        1469      0.4812
z:ADH-RC4-MD5             1333      0.4366
z:ADH-SEED-SHA            636       0.2083
z:AECDH-AES128-SHA        10300     3.374
z:AECDH-AES256-SHA        10349     3.39
z:AECDH-DES-CBC3-SHA      10313     3.3782
z:AECDH-NULL-SHA          3         0.001
z:AECDH-RC4-SHA           9913      3.2472
z:DES-CBC-MD5             279       0.0914
z:DES-CBC-SHA             60744     19.8978
z:DHE-RSA-SEED-SHA        46262     15.154
z:ECDHE-RSA-NULL-SHA      6         0.002
z:EDH-RSA-DES-CBC-SHA     49529     16.2241
z:EXP-ADH-DES-CBC-SHA     458       0.15
z:EXP-ADH-RC4-MD5         458       0.15
z:EXP-DES-CBC-SHA         49850     16.3293
z:EXP-EDH-RSA-DES-CBC-SHA 36180     11.8514
z:EXP-RC2-CBC-MD5         47372     15.5176
z:IDEA-CBC-MD5            28        0.0092
z:IDEA-CBC-SHA            44932     14.7183
z:NULL-MD5                322       0.1055
z:NULL-SHA                317       0.1038
z:NULL-SHA256             11        0.0036
z:RC2-CBC-MD5             307       0.1006
z:SEED-SHA                59061     19.3465

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1503      0.4923
AECDH                     10393     3.4044
DHE                       145234    47.574
ECDHE                     113831    37.2874
RSA                       305033    99.9191

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               138773    45.4576  95.5513
DH,2048bits               5472      1.7925   3.7677
DH,3072bits               2         0.0007   0.0014
DH,3248bits               2         0.0007   0.0014
DH,4094bits               1         0.0003   0.0007
DH,4096bits               250       0.0819   0.1721
DH,512bits                36257     11.8766  24.9645
DH,768bits                662       0.2169   0.4558
ECDH,B-163,163bits        1         0.0003   0.0009
ECDH,B-571,570bits        279       0.0914   0.2451
ECDH,P-224,224bits        3         0.001    0.0026
ECDH,P-256,256bits        113201    37.081   99.4465
ECDH,P-384,384bits        138       0.0452   0.1212
ECDH,P-521,521bits        266       0.0871   0.2337
Prefer DH,1024bits        99289     32.5239  68.3648
Prefer DH,2048bits        1848      0.6053   1.2724
Prefer DH,4096bits        12        0.0039   0.0083
Prefer DH,512bits         1         0.0003   0.0007
Prefer DH,768bits         72        0.0236   0.0496
Prefer ECDH,B-163,163bits 1         0.0003   0.0009
Prefer ECDH,B-571,570bits 226       0.074    0.1985
Prefer ECDH,P-256,256bits 80220     26.2775  70.4729
Prefer ECDH,P-384,384bits 84        0.0275   0.0738
Prefer ECDH,P-521,521bits 246       0.0806   0.2161
Prefer PFS                181999    59.6171  0
Support PFS               225224    73.7762  0

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      11870     3.8882   
sha1WithRSAEncryption     289276    94.7576  
sha256WithRSAEncryption   16033     5.2519   

Certificate key size    Count     Percent 
-------------------------+---------+--------
RSA 1024                  2098      0.6872   
RSA 2028                  1         0.0003   
RSA 2047                  3         0.001    
RSA 2048                  295413    96.7679
RSA 2049                  4         0.0013
RSA 2056                  3         0.001
RSA 2058                  1         0.0003
RSA 2060                  1         0.0003
RSA 2064                  1         0.0003
RSA 2080                  3         0.001
RSA 2084                  2         0.0007
RSA 2345                  1         0.0003
RSA 2408                  1         0.0003
RSA 2432                  88        0.0288
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3000                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  18        0.0059
RSA 3248                  2         0.0007
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4048                  1         0.0003
RSA 4069                  1         0.0003
RSA 4086                  1         0.0003
RSA 4092                  2         0.0007
RSA 4096                  7634      2.5007
RSA 4098                  1         0.0003
RSA 4192                  2         0.0007
RSA 8192                  4         0.0013
RSA/ECDSA Dual Stack      0         0.0

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      644       0.211
SSL2 Only                 20        0.0066
SSL3                      303052    99.2702
SSL3 Only                 3706      1.214
SSL3 or TLS1 Only         155876    51.06
TLS1                      301098    98.6301
TLS1 Only                 673       0.2205
TLS1.1                    136386    44.6757
TLS1.1 Only               4         0.0013
TLS1.1 or up Only         60        0.0197
TLS1.2                    144857    47.4505
TLS1.2 Only               45        0.0147
TLS1.2, 1.0 but not 1.1   12292     4.0265
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s