Month: August 2014

August 2014 scan results

This month the changes are not significant.

The most important change is related to signatures in certificates, 2% more servers use SHA-256.

The amount of servers that require RC4 haven’t dropped as significantly as in previous months, it’s still just below 1% in general and effectively at above 1.5% for Firefox.

About 2% more servers use server side cipher ordering. Unfortunately, amount of servers that use anonymous ECDH key exchange is still growing, this month by 0.3%. Significant amount of servers still use the less than optimal 1024 bit DH – now at 29%.

While used hash algorithms for certificates have changed, the key sizes did not, the most popular key size, at 96% is 2048 bit RSA.

Supported protocol versions have seen small changes – SSLv2 support has fallen by around 2%, SSLv3 and TLSv1 haven’t changed by much, but started to drop, TLSv1.2 has grown by 1%.

SSL/TLS survey of 397695 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      345059    86.7647
3DES Only                 209       0.0526
AES                       369030    92.7922
AES Only                  1951      0.4906
AES-CBC Only              1030      0.259
AES-GCM                   162425    40.8416
AES-GCM Only              41        0.0103
CAMELLIA                  164197    41.2872
CAMELLIA Only             4         0.001
CHACHA20                  14719     3.7011
CHACHA20 Only             6         0.0015
RC4                       350479    88.1276
RC4 Only                  3807      0.9573
RC4 Preferred             74692     18.7812
RC4 forced in TLS1.1+     51533     12.9579
x:FF 29 RC4 Only          6327      1.5909
x:FF 29 RC4 Preferred     16784     4.2203
x:FF 29 incompatible      301       0.0757
z:ADH-AES128-GCM-SHA256   348       0.0875
z:ADH-AES128-SHA          1444      0.3631
z:ADH-AES128-SHA256       324       0.0815
z:ADH-AES256-GCM-SHA384   335       0.0842
z:ADH-AES256-SHA          1447      0.3638
z:ADH-AES256-SHA256       328       0.0825
z:ADH-CAMELLIA128-SHA     692       0.174
z:ADH-CAMELLIA256-SHA     699       0.1758
z:ADH-DES-CBC-SHA         699       0.1758
z:ADH-DES-CBC3-SHA        1490      0.3747
z:ADH-RC4-MD5             1297      0.3261
z:ADH-SEED-SHA            514       0.1292
z:AECDH-AES128-SHA        14496     3.645
z:AECDH-AES256-SHA        14533     3.6543
z:AECDH-DES-CBC3-SHA      14471     3.6387
z:AECDH-NULL-SHA          22        0.0055
z:AECDH-RC4-SHA           13603     3.4205
z:DES-CBC-MD5             26778     6.7333
z:DES-CBC-SHA             69202     17.4008
z:DHE-RSA-SEED-SHA        70054     17.615
z:ECDHE-RSA-NULL-SHA      25        0.0063
z:EDH-RSA-DES-CBC-SHA     60963     15.3291
z:EXP-ADH-DES-CBC-SHA     489       0.123
z:EXP-ADH-RC4-MD5         493       0.124
z:EXP-DES-CBC-SHA         54942     13.8151
z:EXP-EDH-RSA-DES-CBC-SHA 43030     10.8198
z:EXP-RC2-CBC-MD5         59737     15.0208
z:IDEA-CBC-MD5            4021      1.0111
z:IDEA-CBC-SHA            64231     16.1508
z:NULL-MD5                353       0.0888
z:NULL-SHA                351       0.0883
z:NULL-SHA256             7         0.0018
z:RC2-CBC-MD5             30955     7.7836
z:SEED-SHA                83118     20.8999

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               177721    44.6878
Server side               219974    55.3122

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1555      0.391
AECDH                     14564     3.6621
DHE                       202555    50.9322
ECDHE                     184261    46.3322
ECDHE and DHE             73679     18.5265
RSA                       396177    99.6183

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               186744    46.9566  92.1942
DH,2048bits               14169     3.5628   6.9951
DH,2226bits               2         0.0005   0.001
DH,3072bits               4         0.001    0.002
DH,3242bits               1         0.0003   0.0005
DH,3248bits               2         0.0005   0.001
DH,4096bits               703       0.1768   0.3471
DH,512bits                43198     10.8621  21.3266
DH,768bits                759       0.1908   0.3747
DH,8192bits               2         0.0005   0.001
ECDH,B-163,163bits        13        0.0033   0.0071
ECDH,B-571,570bits        398       0.1001   0.216
ECDH,P-224,224bits        4         0.001    0.0022
ECDH,P-256,256bits        182896    45.989   99.2592
ECDH,P-384,384bits        232       0.0583   0.1259
ECDH,P-521,521bits        821       0.2064   0.4456
Prefer DH,1024bits        115759    29.1075  57.1494
Prefer DH,2048bits        1154      0.2902   0.5697
Prefer DH,4096bits        50        0.0126   0.0247
Prefer DH,512bits         2         0.0005   0.001
Prefer DH,768bits         87        0.0219   0.043
Prefer ECDH,B-163,163bits 13        0.0033   0.0071
Prefer ECDH,B-571,570bits 318       0.08     0.1726
Prefer ECDH,P-224,224bits 1         0.0003   0.0005
Prefer ECDH,P-256,256bits 134334    33.7781  72.9042
Prefer ECDH,P-384,384bits 157       0.0395   0.0852
Prefer ECDH,P-521,521bits 749       0.1883   0.4065
Prefer PFS                252624    63.522   0
Support PFS               313137    78.738   0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         1         0.0003   
5 only                    1         0.0003   
10                        3         0.0008   
10 only                   1         0.0003   
30                        2         0.0005   
30 only                   2         0.0005   
42                        1         0.0003   
60                        46        0.0116   
60 only                   41        0.0103   
100                       4         0.001    
100 only                  4         0.001    
120                       10        0.0025   
120 only                  10        0.0025   
128                       4         0.001    
128 only                  4         0.001    
180                       29        0.0073   
180 only                  29        0.0073   
240                       4         0.001    
240 only                  4         0.001    
300                       155200    39.0249  
300 only                  135627    34.1033  
420                       19        0.0048   
420 only                  10        0.0025   
480                       6         0.0015   
480 only                  6         0.0015   
600                       6888      1.732    
600 only                  6597      1.6588   
900                       216       0.0543   
900 only                  190       0.0478   
960                       2         0.0005   
960 only                  2         0.0005   
1200                      60        0.0151   
1200 only                 57        0.0143   
1500                      9         0.0023   
1500 only                 8         0.002    
1800                      123       0.0309   
1800 only                 120       0.0302   
2100                      1         0.0003   
2100 only                 1         0.0003   
2400                      1         0.0003   
2400 only                 1         0.0003   
2700                      2         0.0005   
2700 only                 2         0.0005   
3000                      5         0.0013   
3000 only                 4         0.001    
3600                      234       0.0588   
3600 only                 227       0.0571   
5400                      2         0.0005   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10748     2.7026   
7200 only                 8222      2.0674   
10800                     11        0.0028   
10800 only                6         0.0015   
14400                     722       0.1815   
14400 only                716       0.18     
18000                     1         0.0003   
21600                     26        0.0065   
21600 only                26        0.0065   
28800                     3         0.0008   
28800 only                3         0.0008   
30720                     1         0.0003   
30720 only                1         0.0003   
36000                     402       0.1011   
36000 only                399       0.1003   
43200                     6311      1.5869   
43200 only                6224      1.565    
64800                     9640      2.424    
64800 only                9602      2.4144   
86000                     32        0.008    
86000 only                29        0.0073   
86400                     92        0.0231   
86400 only                85        0.0214   
100800                    14758     3.7109   
100800 only               57        0.0143   
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    7         0.0018   
129600 only               6         0.0015   
604800                    1         0.0003   
604800 only               1         0.0003   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      229357    57.6716  
None only                 192066    48.2948  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15912     4.0011   
ecdsa-with-SHA256         3         0.0008   
sha1WithRSAEncryption     338957    85.2304  
sha256WithRSAEncryption   58772     14.7782  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8235      2.0707   
ECDSA 384                 1         0.0003   
RSA 1024                  1880      0.4727   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0005   
RSA 2048                  381923    96.0341  
RSA 2056                  5         0.0013   
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003
RSA 2080                  2         0.0005
RSA 2084                  5         0.0013
RSA 2408                  3         0.0008
RSA 2432                  28        0.007
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  37        0.0093
RSA 3096                  1         0.0003
RSA 3248                  4         0.001
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0003
RSA 4092                  2         0.0005
RSA 4096                  13721     3.4501
RSA 4098                  3         0.0008
RSA 4192                  1         0.0003
RSA 8192                  6         0.0015
RSA 16384                 1         0.0003   
RSA/ECDSA Dual Stack      8153      2.0501

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 41610     10.4628
Unsupported               356085    89.5372

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      48288     12.142
SSL2 Only                 6029      1.516
SSL3                      379667    95.4669
SSL3 Only                 4125      1.0372
SSL3 or TLS1 Only         117512    29.5483
TLS1                      385363    96.8991
TLS1 Only                 3015      0.7581
TLS1.1                    218025    54.8222
TLS1.1 Only               37        0.0093
TLS1.1 or up Only         709       0.1783
TLS1.2                    229097    57.6062
TLS1.2 Only               374       0.094
TLS1.2, 1.0 but not 1.1   15264     3.8381

Scan performed between 8th and 19th of August 2014.

CA certificates

No big changes here either, about 2% of servers more now have effective security level of 112 bit.
We’ve yet to see the effects of the recent changes in Mozilla trust store.

Statistics from 443385 chains provided by 585568 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  365544    62.4255
incomplete                29700     5.072
untrusted                 190324    32.5025

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2394      0.5399
3                         431592    97.3402
4                         9378      2.1151
5                         21        0.0047

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 3         
ECDSA 384                 3         
RSA 1024                  1733      
RSA 2045                  1         
RSA 2048                  874329    
RSA 4096                  17727     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 3         0.0007
ECDSA 384                 3         0.0007
RSA 1024                  1723      0.3886
RSA 2045                  1         0.0002
RSA 2048                  441708    99.6218
RSA 4096                  17345     3.912

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              3         
sha1WithRSAEncryption          387560    
sha256WithRSAEncryption        50026     
sha384WithRSAEncryption        12822     

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        388390    87.5966
112                       54992     12.4028
128                       3         0.0007

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 115908    26.1416
(157753a5) AddTrust External CA Root          69723     15.7252
(5ad8a5d6) GlobalSign Root CA                 44630     10.0657
(2e4eed3c) thawte Primary Root CA             29574     6.67
(cbf06781) Go Daddy Root Certificate Authorit 28151     6.3491
(f081611a) The Go Daddy Group, Inc.           26956     6.0796
(b204d74a) VeriSign Class 3 Public Primary Ce 26596     5.9984
(244b5494) DigiCert High Assurance EV Root CA 22613     5.1001
(b13cc6df) UTN-USERFirst-Hardware             12983     2.9282
(40547a79) COMODO Certification Authority     11362     2.5626
(653b494a) Baltimore CyberTrust Root          10593     2.3891
(ae8153b9) StartCom Certification Authority   9134      2.0601
(f387163d) Starfield Technologies, Inc.       7934      1.7894
Advertisements

Cleanup of 1024-bit CA certificates

Mozilla is working towards removal of all 1024 bit CA certificates in their trust store. That means that if you depend on root CA or intermediate CA that has those weak RSA keys, your website or server may stop working in near future.

The first batch of changes will affect Firefox 32 users and Fedora 20 (after updating to ca-certificates-2014.2.1-1.0.fc20).

Go to kuix.de for more information, how to tell if you’ll be affected (without using Qualys SSL Labs scanner) and what to do if you are.

RC4 in clients

While I’m checking which and how many servers use RC4 cipher suites I haven’t said anything about clients in general. The reason is two fold, firstly because basically all current clients should be supporting at least 3DES and usually AES ciphers and secondly because I don’t have access to any meaningfully large data set (or a site popular enough to make the statistics meaningful) to say anything about clients in general.

Interestingly, people at CloudFlare not only have analyzed their data but also provided quite a few nice graphs to go along it.

The gist of the article is that about 0.000002% (1 in 50 million) of requests ends up using RC4 ciphers. Of that about 50% are MitM proxies used by schools or institutions and 30% are old candy bar phones (from 2006 and 2007).

Head over to The Web is World-Wide, or who still needs RC4? for more info.

July 2014 scan results

This month’s scan results are a bit later than previous ones, this was caused by me working on code to compile statistics of the certificates used by Certificate Authorities (see further below for results of this part of the scan). The state of TLS and crypto in general in python didn’t help much, but that’s a topic for another post, for now I can direct you to the very good presentation by Hynek Schlawack: The Sorry State Of SSL (the python specific part is towards the end).

Ciphersuites

All in all, the results haven’t changed much. We can see the continuation of the downward trend for RC4 Only servers, the unfortunate upwards trend of servers that prefer RC4 but support other ciphers and the very good trend of SHA256 certificate signatures.

The new addition are the “x:FF 29” lines that account for situations for which Firefox cipher selection (advertised support) causes it to negotiate different cipher suites than OpenSSL would negotiate. In other words, for Firefox, the percent of servers that are RC4 only is around 2.6% and servers which prefer RC4 but support other ciphers is at around 21.8%.

It also looks like many people that update their servers/OpenSSL, don’t update their cipher strings, which makes servers that used “!ADH” in cipher string negotiate AECDH cipher suites (to prevent it from them doing that, you should use “!aNULL” which will disable all anonymous cipher suites, present and future, head over to Mozilla guide for more details). The amount of them has grown from 2.9% to 3.3%.

Amount of servers that support PFS haven’t changed, as well as the PFS mechanisms they support.

We also see continuation of the trend of SHA256 signatures in certificates, it has grown from 11.9% to 12.7%.

Used key sizes haven’t changed much.

Surprisingly the amount of servers that support OCSP stapling has dramatically decreased, from 14.9% to 10.1%. I have no explanation for that.

The percentage of servers that support only SSL3 or TLS1 has dropped from 41.5% to 30%, but this is likely caused by the reintroduction of proper SSLv2 fingerprinting rather than changed configurations as the amount of servers that support TLS1.1 or TLS1.2 haven’t changed to match. Previous months’ low percentage of SSLv2 servers was caused by a bug in scanning script that made it impossible to correctly detect most SSLv2 sites.

SSL/TLS survey of 393337 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      344071    87.4749
3DES Only                 152       0.0386
AES                       364726    92.7261
AES Only                  879       0.2235
AES-CBC Only              510       0.1297
AES-GCM                   156262    39.7273
AES-GCM Only              6         0.0015
CAMELLIA                  161308    41.0101
CHACHA20                  15543     3.9516
RC4                       350784    89.1815
RC4 Only                  3734      0.9493
RC4 Preferred             69540     17.6795
RC4 forced in TLS1.1+     45989     11.692
x:FF 29 RC4 Only          6429      1.6345
x:FF 29 RC4 Preferred     16265     4.1351
x:FF 29 incompatible      103       0.0262
z:ADH-AES128-GCM-SHA256   351       0.0892
z:ADH-AES128-SHA          1439      0.3658
z:ADH-AES128-SHA256       325       0.0826
z:ADH-AES256-GCM-SHA384   337       0.0857
z:ADH-AES256-SHA          1445      0.3674
z:ADH-AES256-SHA256       330       0.0839
z:ADH-CAMELLIA128-SHA     722       0.1836
z:ADH-CAMELLIA256-SHA     733       0.1864
z:ADH-DES-CBC-SHA         723       0.1838
z:ADH-DES-CBC3-SHA        1496      0.3803
z:ADH-RC4-MD5             1326      0.3371
z:ADH-SEED-SHA            587       0.1492
z:AECDH-AES128-SHA        13159     3.3455
z:AECDH-AES256-SHA        13161     3.346
z:AECDH-DES-CBC3-SHA      13122     3.3361
z:AECDH-NULL-SHA          14        0.0036
z:AECDH-RC4-SHA           12264     3.1179
z:DES-CBC-MD5             27892     7.0911
z:DES-CBC-SHA             76809     19.5275
z:DHE-RSA-SEED-SHA        68828     17.4985
z:ECDHE-RSA-NULL-SHA      17        0.0043
z:EDH-RSA-DES-CBC-SHA     61870     15.7295
z:EXP-ADH-DES-CBC-SHA     469       0.1192
z:EXP-ADH-RC4-MD5         473       0.1203
z:EXP-DES-CBC-SHA         62566     15.9065
z:EXP-EDH-RSA-DES-CBC-SHA 44087     11.2085
z:EXP-RC2-CBC-MD5         67561     17.1764
z:IDEA-CBC-MD5            10575     2.6885
z:IDEA-CBC-SHA            70335     17.8816
z:NULL-MD5                339       0.0862
z:NULL-SHA                337       0.0857
z:NULL-SHA256             6         0.0015
z:RC2-CBC-MD5             38543     9.799
z:SEED-SHA                83026     21.1081

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               183896    46.7528
Server side               209441    53.2472

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1562      0.3971
AECDH                     13188     3.3529
DHE                       198612    50.4941
ECDH                      1         0.0003
ECDHE                     175607    44.6454
ECDHE and DHE             67049     17.0462
RSA                       393014    99.9179

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               183927    46.7607  92.6062
DH,2048bits               13134     3.3391   6.6129
DH,2226bits               2         0.0005   0.001
DH,3072bits               4         0.001    0.002
DH,3248bits               4         0.001    0.002
DH,4096bits               620       0.1576   0.3122
DH,512bits                44238     11.2468  22.2736
DH,768bits                771       0.196    0.3882
DH,8192bits               1         0.0003   0.0005
ECDH,B-163,163bits        16        0.0041   0.0091
ECDH,B-571,570bits        392       0.0997   0.2232
ECDH,P-224,224bits        4         0.001    0.0023
ECDH,P-256,256bits        174312    44.3162  99.2626
ECDH,P-384,384bits        207       0.0526   0.1179
ECDH,P-521,521bits        764       0.1942   0.4351
Prefer DH,1024bits        117558    29.8873  59.1898
Prefer DH,2048bits        1721      0.4375   0.8665
Prefer DH,4096bits        54        0.0137   0.0272
Prefer DH,512bits         2         0.0005   0.001
Prefer DH,768bits         87        0.0221   0.0438
Prefer ECDH,B-163,163bits 16        0.0041   0.0091
Prefer ECDH,B-571,570bits 304       0.0773   0.1731
Prefer ECDH,P-224,224bits 1         0.0003   0.0006
Prefer ECDH,P-256,256bits 126826    32.2436  72.2215
Prefer ECDH,P-384,384bits 135       0.0343   0.0769
Prefer ECDH,P-521,521bits 699       0.1777   0.398
Prefer PFS                247403    62.8985  0
Support PFS               307170    78.0933  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         2         0.0005   
5 only                    2         0.0005   
10                        2         0.0005   
30                        1         0.0003   
30 only                   1         0.0003   
60                        15        0.0038   
60 only                   10        0.0025   
120                       7         0.0018   
120 only                  6         0.0015   
128                       5         0.0013   
128 only                  5         0.0013   
180                       24        0.0061   
180 only                  24        0.0061   
240                       7         0.0018   
240 only                  7         0.0018   
300                       145958    37.1076  
300 only                  127245    32.3501  
420                       12        0.0031   
420 only                  10        0.0025   
480                       6         0.0015   
480 only                  6         0.0015   
600                       6491      1.6502   
600 only                  6280      1.5966   
900                       188       0.0478   
900 only                  158       0.0402   
960                       2         0.0005   
960 only                  2         0.0005   
1200                      54        0.0137   
1200 only                 52        0.0132   
1500                      12        0.0031   
1500 only                 11        0.0028   
1800                      121       0.0308   
1800 only                 116       0.0295   
2400                      1         0.0003   
2400 only                 1         0.0003   
2700                      1         0.0003   
2700 only                 1         0.0003   
3000                      5         0.0013   
3000 only                 4         0.001    
3600                      239       0.0608   
3600 only                 235       0.0597   
5400                      2         0.0005   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10678     2.7147   
7200 only                 1678      0.4266   
10800                     7         0.0018   
10800 only                3         0.0008   
14400                     650       0.1653   
14400 only                650       0.1653   
18000                     1         0.0003   
18000 only                1         0.0003   
21600                     27        0.0069   
21600 only                27        0.0069   
28800                     5         0.0013   
28800 only                5         0.0013   
30720                     1         0.0003   
30720 only                1         0.0003   
36000                     477       0.1213   
36000 only                477       0.1213   
43200                     6420      1.6322   
43200 only                6420      1.6322   
64800                     9211      2.3418   
64800 only                9208      2.341    
86000                     28        0.0071   
86000 only                26        0.0066   
86400                     4228      1.0749   
86400 only                4223      1.0736   
100800                    15552     3.9539   
100800 only               11        0.0028   
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    7         0.0018   
129600 only               7         0.0018   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      236414    60.1047  
None only                 192884    49.0378  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      14656     3.7261   
sha1WithRSAEncryption     343217    87.2577  
sha256WithRSAEncryption   50153     12.7506  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8717      2.2162   
RSA 1024                  1894      0.4815   
RSA 2028                  1         0.0003   
RSA 2047                  1         0.0003   
RSA 2048                  377818    96.0545  
RSA 2049                  1         0.0003   
RSA 2056                  5         0.0013   
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003
RSA 2080                  2         0.0005
RSA 2084                  5         0.0013
RSA 2408                  3         0.0008
RSA 2432                  48        0.0122
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  40        0.0102
RSA 3120                  1         0.0003
RSA 3248                  3         0.0008
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0003
RSA 4092                  2         0.0005
RSA 4096                  13502     3.4327
RSA 4098                  3         0.0008
RSA 4192                  1         0.0003
RSA 8192                  5         0.0013
RSA 16384                 1         0.0003   
RSA/ECDSA Dual Stack      8714      2.2154

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 39893     10.1422
Unsupported               353444    89.8578

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      56197     14.2872
SSL2 Only                 6140      1.561
SSL3                      377423    95.9541
SSL3 Only                 3710      0.9432
SSL3 or TLS1 Only         118014    30.0033
TLS1                      382682    97.2911
TLS1 Only                 2707      0.6882
TLS1.1                    212833    54.1096
TLS1.1 Only               7         0.0018
TLS1.1 or up Only         74        0.0188
TLS1.2                    223413    56.7994
TLS1.2 Only               34        0.0086
TLS1.2, 1.0 but not 1.1   14809     3.765

Survey was conducted between 11th and 19th of July 2014.

Certificate Authorities

The new addition to the data collected, were the certificates provided by the servers.

It looks like around 5% of Internet facing www servers have misconfigured certificate chains: they don’t provide the intermediate CA certificates that signed their certificate. Fortunately, because we now have collected them from other servers, we can try to validate them again using those additional certificates.

The bad news is that many CA certificates still use 1024 bit RSA keys (I’ve seen them in 1776 chains presented by servers, or 0.4% of all valid chains), including few root CAs in active use. The worse news is that the vast majority of chains still depend on SHA1 signatures, including the chains that use 4096 bit CA keys.

In effect, about 90% of trust chains still provide at most 80 bit level of security (SHA-1 or 1024 bit RSA key being the weakest link) and just 10% of servers present chains with 112 bit level of security (2048 bit RSA key being the weakest link). There were only 2 chains (out of 450 000) that reached the current best practice level of 128 bit level of security (SHA 256, ECDSA 256 bit or RSA 3072+ bits).

Also, the market share of CAs is quite diverse, the most dominant root CA was used in 26% of all chains collected.

Statistics from 445095 chains provided by 582719 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  359484    61.6908
incomplete                29543     5.0699
untrusted                 193692    33.2393

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2414      0.5423
3                         434366    97.5895
4                         8292      1.863
5                         23        0.0052

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 2
ECDSA 384                 2
RSA 1024                  1788
RSA 2045                  1
RSA 2048                  877819
RSA 4096                  16502

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 2         0.0004
ECDSA 384                 2         0.0004
RSA 1024                  1776      0.399
RSA 2045                  1         0.0002
RSA 2048                  443399    99.619
RSA 4096                  16134     3.6248

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              2
sha1WithRSAEncryption          397615
sha256WithRSAEncryption        42654
sha384WithRSAEncryption        10748

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        398413    89.5119
112                       46680     10.4876
128                       2         0.0004

Most common root CAs                          Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 119586    26.8675
(157753a5) AddTrust External CA Root          68556     15.4026
(5ad8a5d6) GlobalSign Root CA                 44275     9.9473
(2e4eed3c) thawte Primary Root CA             29162     6.5519
(f081611a) The Go Daddy Group, Inc.           28250     6.347
(cbf06781) Go Daddy Root Certificate Authorit 26503     5.9545
(b204d74a) VeriSign Class 3 Public Primary Ce 26474     5.9479
(244b5494) DigiCert High Assurance EV Root CA 18086     4.0634
(653b494a) Baltimore CyberTrust Root          16986     3.8163
(b13cc6df) UTN-USERFirst-Hardware             13183     2.9618
(40547a79) COMODO Certification Authority     10947     2.4595
(ae8153b9) StartCom Certification Authority   9048      2.0328
(f387163d) Starfield Technologies, Inc.       7516      1.6886