May 2014 scan results – SNI enabled

I have extended the cipherscan tool I use for scanning to use SNI for communicating to the servers, tweaked the order of cipher suites so that google servers negotiate ECDSA cipher suites and also collect additional data like OCSP stapling support or TLS session ticket hints.

This makes this results a bit different from the previously published results for May.

SSL/TLS survey of 349511 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      304525    87.1289
3DES Only                 132       0.0378
AES                       327024    93.5662
AES Only                  896       0.2564
AES-CBC Only              610       0.1745
AES-GCM                   132866    38.0148
AES-GCM Only              5         0.0014
CAMELLIA                  139004    39.771
CAMELLIA Only             2         0.0006
CHACHA20                  16551     4.7355
CHACHA20 Only             1         0.0003
RC4                       310624    88.8739
RC4 Only                  4173      1.194
RC4 Preferred             66086     18.9081
RC4 forced in TLS1.1+     42640     12.1999
z:ADH-AES128-GCM-SHA256   312       0.0893
z:ADH-AES128-SHA          1380      0.3948
z:ADH-AES128-SHA256       293       0.0838
z:ADH-AES256-GCM-SHA384   297       0.085
z:ADH-AES256-SHA          1382      0.3954
z:ADH-AES256-SHA256       296       0.0847
z:ADH-CAMELLIA128-SHA     725       0.2074
z:ADH-CAMELLIA256-SHA     731       0.2091
z:ADH-DES-CBC-SHA         766       0.2192
z:ADH-DES-CBC3-SHA        1446      0.4137
z:ADH-RC4-MD5             1303      0.3728
z:ADH-SEED-SHA            622       0.178
z:AECDH-AES128-SHA        9402      2.69
z:AECDH-AES256-SHA        9405      2.6909
z:AECDH-DES-CBC3-SHA      9378      2.6832
z:AECDH-NULL-SHA          19        0.0054
z:AECDH-RC4-SHA           8953      2.5616
z:DES-CBC-SHA             68469     19.5899
z:DHE-RSA-SEED-SHA        57227     16.3734
z:ECDHE-RSA-NULL-SHA      22        0.0063
z:EDH-RSA-DES-CBC-SHA     52676     15.0713
z:EXP-ADH-DES-CBC-SHA     470       0.1345
z:EXP-ADH-RC4-MD5         473       0.1353
z:EXP-DES-CBC-SHA         56608     16.1963
z:EXP-EDH-RSA-DES-CBC-SHA 37766     10.8054
z:EXP-RC2-CBC-MD5         53602     15.3363
z:IDEA-CBC-SHA            60579     17.3325
z:NULL-MD5                350       0.1001
z:NULL-SHA                345       0.0987
z:NULL-SHA256             18        0.0052
z:SEED-SHA                71590     20.4829

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1502      0.4297
AECDH                     9435      2.6995
DHE                       168752    48.2823
ECDHE                     153342    43.8733
ECDHE and DHE             50336     14.4018
RSA                       349257    99.9273

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               157223    44.9837  93.1681
DH,2048bits               10153     2.9049   6.0165
DH,3072bits               5         0.0014   0.003
DH,3248bits               4         0.0011   0.0024
DH,4096bits               513       0.1468   0.304
DH,512bits                37886     10.8397  22.4507
DH,768bits                733       0.2097   0.4344
DH,8192bits               2         0.0006   0.0012
ECDH,B-163,163bits        3         0.0009   0.002
ECDH,B-571,570bits        328       0.0938   0.2139
ECDH,P-224,224bits        4         0.0011   0.0026
ECDH,P-256,256bits        152376    43.5969  99.37
ECDH,P-384,384bits        165       0.0472   0.1076
ECDH,P-521,521bits        532       0.1522   0.3469
Prefer DH,1024bits        105105    30.072   62.2837
Prefer DH,2048bits        2396      0.6855   1.4198
Prefer DH,4096bits        36        0.0103   0.0213
Prefer DH,512bits         1         0.0003   0.0006
Prefer DH,768bits         82        0.0235   0.0486
Prefer ECDH,B-163,163bits 3         0.0009   0.002
Prefer ECDH,B-571,570bits 259       0.0741   0.1689
Prefer ECDH,P-224,224bits 2         0.0006   0.0013
Prefer ECDH,P-256,256bits 109734    31.3964  71.5616
Prefer ECDH,P-384,384bits 105       0.03     0.0685
Prefer ECDH,P-521,521bits 479       0.137    0.3124
Prefer PFS                218202    62.4307  0
Support PFS               271758    77.7538  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         1         0.0003   
5 only                    1         0.0003   
10                        2         0.0006   
10 only                   2         0.0006   
30                        1         0.0003   
30 only                   1         0.0003   
42                        1         0.0003   
60                        11        0.0031   
60 only                   6         0.0017   
120                       3         0.0009   
120 only                  3         0.0009   
128                       1         0.0003   
128 only                  1         0.0003   
180                       20        0.0057   
180 only                  20        0.0057   
300                       122495    35.0475  
300 only                  108193    30.9555  
420                       6         0.0017   
420 only                  6         0.0017   
480                       4         0.0011   
480 only                  4         0.0011   
600                       4448      1.2726   
600 only                  4329      1.2386   
900                       120       0.0343   
900 only                  106       0.0303   
960                       1         0.0003   
960 only                  1         0.0003   
1200                      49        0.014    
1200 only                 49        0.014    
1500                      6         0.0017   
1500 only                 6         0.0017   
1800                      82        0.0235   
1800 only                 78        0.0223   
3000                      3         0.0009   
3000 only                 2         0.0006   
3600                      157       0.0449   
3600 only                 154       0.0441   
5400                      1         0.0003   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10327     2.9547   
7200 only                 1603      0.4586   
10800                     5         0.0014   
10800 only                2         0.0006   
14400                     573       0.1639   
14400 only                573       0.1639   
18000                     2         0.0006   
21600                     22        0.0063   
21600 only                22        0.0063   
28800                     5         0.0014   
28800 only                5         0.0014   
36000                     545       0.1559   
36000 only                532       0.1522   
43200                     6516      1.8643   
43200 only                6511      1.8629   
64800                     8477      2.4254   
64800 only                8465      2.422    
86000                     30        0.0086   
86000 only                30        0.0086   
86400                     3573      1.0223   
86400 only                3541      1.0131   
100800                    16555     4.7366   
100800 only               7         0.002    
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    6         0.0017   
129600 only               6         0.0017   
864000                    6         0.0017   
864000 only               6         0.0017   
None                      215218    61.5769  
None only                 175481    50.2076  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      10888     3.1152   
ecdsa-with-SHA256         1         0.0003   
sha1WithRSAEncryption     310881    88.9474  
sha256WithRSAEncryption   38640     11.0554  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 9306      2.6626   
ECDSA 384                 1         0.0003   
RSA 1024                  1928      0.5516   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0006   
RSA 2048                  335355    95.9498  
RSA 2056                  3         0.0009   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003   
RSA 2080                  2         0.0006   
RSA 2084                  4         0.0011   
RSA 2408                  2         0.0006   
RSA 2432                  70        0.02     
RSA 2536                  1         0.0003   
RSA 2612                  1         0.0003   
RSA 3050                  1         0.0003   
RSA 3072                  29        0.0083   
RSA 3073                  1         0.0003   
RSA 3248                  4         0.0011   
RSA 3600                  1         0.0003   
RSA 4042                  1         0.0003   
RSA 4046                  2         0.0006   
RSA 4048                  2         0.0006   
RSA 4069                  1         0.0003   
RSA 4086                  1         0.0003   
RSA 4092                  1         0.0003   
RSA 4096                  12095     3.4605   
RSA 4098                  1         0.0003   
RSA 4192                  1         0.0003   
RSA 8192                  3         0.0009
RSA 16384                 1         0.0003
RSA/ECDSA Dual Stack      9305      2.6623

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 51404     14.7074
Unsupported               298107    85.2926

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      1         0.0003
SSL3                      345529    98.8607
SSL3 Only                 4396      1.2578
SSL3 or TLS1 Only         150360    43.0201
TLS1                      344639    98.6061
TLS1 Only                 1149      0.3287
TLS1.1                    185720    53.1371
TLS1.1 Only               4         0.0011
TLS1.1 or up Only         26        0.0074
TLS1.2                    194572    55.6698
TLS1.2 Only               17        0.0049
TLS1.2, 1.0 but not 1.1   13324     3.8122 

The scan was performed between 16th and 25th of May 2014.
Advertisements

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s