Month: February 2015

RC4 prohibited

After nearly half a year of work, the Internet Engineering Task Force (IETF) Request for Comments (RFC) 7465 is published.

What it does in a nutshell is disallows use of any kind of RC4 ciphersuites. In effect making all servers or clients that use it non standard compliant.

January 2015 scan results

This time we have reached few milestones. First of all, we’re very close to half (46.8%) of the servers in Alexa top 1 million supporting TLS with valid certificates. Over half of the servers support and prefer NIST P-256 ECDHE key exchange and just under a half of servers have certificates signed with SHA-256.

Ciphers

3DES ciphers have suffered significant drop of 3.7%, at the same time AES is on road to completely dominate market up by 0.3% to 94.2%. AES in Galois/Counter Mode has increased more significantly, by 3.8% to 56.9%. Camellia has gained 2.7% while Chacha20 has remained in place.

Completely insecure ciphers have lost 2% to a level of 18.8%, still high, but at least going in right direction.

RC4 still remains as the 3rd most popular cipher, despite loosing 1.3% share, at 80.5%. While servers that support only RC4 ciphers lost only 0.07% it places them at an all time low of 0.79% (3712 servers). Still a large part (13.8%) of servers prefer RC4 even if client supports better ciphers, a drop of only 1.4%. Significant number of servers also force RC4 in TLS1.1 or TLS1.2: 8.75% (drop of 0.7%).

Server side ordering has increased by 2.5% to 70%.

Key exchange

Support for ECDHE key exchange has jumped by nearly 4% to 62.7%. That bumped support for ECDHE with NIST P-256 curve by over 4.1% to 50%! Unfortunately other PFS key exchanges have decreased, so in the end the total has grown by 2.3% to 73.8%.

Of other types, servers that prefer1024 bit finite-field DHE has lost 1.8% which brings them down to 20.8% of total.

ECC curves

In line with changes to key exchange, support for NIST P-256 curve has grown by just under 4%, all of which went to servers that support just this one curve. Other curves have shown little to no changes.

Similarly, all those servers don’t fallback to different cipher in case the client doesn’t support this NIST curve and use server side curve ordering, bringing them respectively to 15.9% and 62.3%.

Hash and signature algorithms

Significant portion of the new servers also support the MD5 algorithm when paired with RSA – it has increased by 3.2% to a total of 27.5%. SHA1-RSA increased by 3.6 to 56.3%, SHA2-RSA on average increased by 3.3%.

Client side ordering of hash and signature algorithms has unfortunately increased by the same 3.2% to 42.8%.

Vulnerabilities

Unfortunately a still rather big portion of servers are vulnerable to the renegotiation vulnerability and to CRIME, they have decreased by 0.5% and 0.44% respectively.

Certificates

By far the largest changes seen are related to certificates used by servers. End entity certificates signed by SHA-1 have dropped by over 7.2% to 55.4%. The increase was mostly visible at SHA-256 with RSA, which increased by 7%. Certificates signed with SHA-256 ECDSA increased by 0.19%.

While signature algorithms have changed significantly, the key sizes did not. 2048 bit RSA is still at 90.6%.

Protocols

Obsolete protocols are still supported by significant portion of the servers, with SSLv2 falling by just 0.88% to 7.2% and SSLv3 falling by 4.7% to 35%. I’d rather see both of them below 1%.

The good news is that the vast majority of servers support also newer protocols and just 0.3% of servers require SSLv3 or SSLv2 to connect. Also TLSv1.2 has increased by 3% bringing it up to 71%, but still rather far from the 99.5% of TLSv1.0.

Results

SSL/TLS survey of 468782 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      379700    80.9971
3DES Only                 439       0.0936
AES                       441928    94.2715
AES Only                  7037      1.5011
AES-CBC Only              4003      0.8539
AES-GCM                   266888    56.9322
AES-GCM Only              20        0.0043
CAMELLIA                  194963    41.5893
CAMELLIA Only             1         0.0002
CHACHA20                  14394     3.0705
Insecure                  88248     18.825
RC4                       377778    80.5871
RC4 Only                  3712      0.7918
RC4 Preferred             64613     13.7832
RC4 forced in TLS1.1+     41031     8.7527
x:FF 29 RC4 Only          541       0.1154
x:FF 29 RC4 Preferred     70622     15.065
x:FF 29 incompatible      136       0.029
y:DHE-RSA-SEED-SHA        103049    21.9823
y:IDEA-CBC-MD5            2923      0.6235
y:IDEA-CBC-SHA            85417     18.221
y:SEED-SHA                102704    21.9087
z:ADH-AES128-GCM-SHA256   340       0.0725
z:ADH-AES128-SHA          968       0.2065
z:ADH-AES128-SHA256       284       0.0606
z:ADH-AES256-GCM-SHA384   346       0.0738
z:ADH-AES256-SHA          980       0.2091
z:ADH-AES256-SHA256       285       0.0608
z:ADH-CAMELLIA128-SHA     426       0.0909
z:ADH-CAMELLIA256-SHA     435       0.0928
z:ADH-DES-CBC-SHA         374       0.0798
z:ADH-DES-CBC3-SHA        995       0.2123
z:ADH-RC4-MD5             771       0.1645
z:ADH-SEED-SHA            281       0.0599
z:AECDH-AES128-SHA        14166     3.0219
z:AECDH-AES256-SHA        14171     3.0229
z:AECDH-DES-CBC3-SHA      14128     3.0138
z:AECDH-NULL-SHA          30        0.0064
z:AECDH-RC4-SHA           13177     2.8109
z:DES-CBC-MD5             18509     3.9483
z:DES-CBC-SHA             50349     10.7404
z:DES-CBC3-MD5            33636     7.1752
z:ECDHE-RSA-NULL-SHA      36        0.0077
z:EDH-RSA-DES-CBC-SHA     42662     9.1006
z:EXP-ADH-DES-CBC-SHA     304       0.0648
z:EXP-ADH-RC4-MD5         307       0.0655
z:EXP-DES-CBC-SHA         35818     7.6407
z:EXP-EDH-RSA-DES-CBC-SHA 25232     5.3825
z:EXP-RC2-CBC-MD5         40481     8.6354
z:EXP-RC4-MD5             43298     9.2363
z:EXP1024-DES-CBC-SHA     9341      1.9926
z:EXP1024-RC4-SHA         9490      2.0244
z:NULL-MD5                272       0.058
z:NULL-SHA                271       0.0578
z:NULL-SHA256             10        0.0021
z:RC2-CBC-MD5             18871     4.0255
z:RC4-64-MD5              1585      0.3381

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               140561    29.9843
Server side               328221    70.0157

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1076      0.2295
AECDH                     14190     3.027
DHE                       245202    52.3062
ECDHE                     294046    62.7255
ECDHE and DHE             143454    30.6014
RSA                       437715    93.3728

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               214522    45.7616  87.4879
DH,1536bits               1         0.0002   0.0004
DH,2048bits               28062     5.9862   11.4444
DH,2226bits               1         0.0002   0.0004
DH,2236bits               3         0.0006   0.0012
DH,3072bits               12        0.0026   0.0049
DH,3248bits               2         0.0004   0.0008
DH,4096bits               1773      0.3782   0.7231
DH,512bits                25325     5.4023   10.3282
DH,768bits                754       0.1608   0.3075
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        7         0.0015   0.0024
ECDH,B-571,570bits        635       0.1355   0.216
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,P-224,224bits        47        0.01     0.016
ECDH,P-256,256bits        288396    61.5203  98.0785
ECDH,P-384,384bits        1689      0.3603   0.5744
ECDH,P-521,521bits        4134      0.8819   1.4059
Prefer DH,1024bits        97828     20.8685  39.8969

Prefer DH,2048bits        2713      0.5787   1.1064
Prefer DH,2236bits        2         0.0004   0.0008
Prefer DH,4096bits        92        0.0196   0.0375
Prefer DH,512bits         5         0.0011   0.002
Prefer DH,768bits         425       0.0907   0.1733
Prefer ECDH,B-163,163bits 7         0.0015   0.0024
Prefer ECDH,B-571,570bits 472       0.1007   0.1605
Prefer ECDH,P-224,224bits 18        0.0038   0.0061
Prefer ECDH,P-256,256bits 236264    50.3995  80.3493
Prefer ECDH,P-384,384bits 1629      0.3475   0.554
Prefer ECDH,P-521,521bits 3807      0.8121   1.2947
Prefer PFS                343262    73.2242  0
Support PFS               395794    84.4303  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           26        0.0055   
brainpoolP384r1           26        0.0055   
brainpoolP512r1           26        0.0055   
prime192v1                651       0.1389   
prime256v1                293388    62.5852  
prime256v1 Only           255238    54.4471  
secp160k1                 620       0.1323   
secp160r1                 620       0.1323   
secp160r2                 620       0.1323   
secp192k1                 643       0.1372   
secp224k1                 674       0.1438   
secp224r1                 1052      0.2244   
secp224r1 Only            1         0.0002   
secp256k1                 688       0.1468   
secp384r1                 38294     8.1688   
secp384r1 Only            149       0.0318   
secp521r1                 9560      2.0393   
secp521r1 Only            78        0.0166   
sect163k1                 619       0.132    
sect163k1 Only            2         0.0004   
sect163r1                 617       0.1316   
sect163r2                 624       0.1331   
sect163r2 Only            7         0.0015   
sect193r1                 617       0.1316   
sect193r2                 617       0.1316   
sect233k1                 663       0.1414   
sect233r1                 663       0.1414   
sect239k1                 663       0.1414   
sect283k1                 663       0.1414   
sect283r1                 663       0.1414   
sect409k1                 663       0.1414   
sect409r1                 663       0.1414   
sect571k1                 678       0.1446   
sect571r1                 678       0.1446   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          74840     15.9648  
True                           178977    38.1792  
order-specific                 4         0.0009   
unknown                        214961    45.8552  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1535      0.3274   
inconclusive-noecc        10        0.0021   
server                    292089    62.3081  
unknown                   175148    37.3624  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     27584     5.8842   
ECDSA-SHA224                   27586     5.8846   
ECDSA-SHA256                   27589     5.8853   
ECDSA-SHA384                   27589     5.8853   
ECDSA-SHA512                   27592     5.8859   
ECDSA-SHA512 Only              3         0.0006   
RSA-MD5                        129219    27.5648  
RSA-MD5 Only                   1         0.0002   
RSA-SHA1                       264047    56.3262  
RSA-SHA1 Only                  39893     8.5099   
RSA-SHA224                     218373    46.5831  
RSA-SHA256                     226747    48.3694  
RSA-SHA256 Only                2201      0.4695   
RSA-SHA384                     218786    46.6712  
RSA-SHA512                     218825    46.6795  
RSA-SHA512 Only                35        0.0075   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         200794    42.8331  
indeterminate                  7         0.0015   
intolerant                     1232      0.2628   
order-fallback                 4         0.0009   
server                         92359     19.7019  
unsupported                    38359     8.1827   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     27581     5.8835   
ECDSA intolerant               18        0.0038   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      127614    27.2225  
RSA SHA1                       118594    25.2983  
RSA intolerant                 19071     4.0682   
RSA pfs-ecdsa-SHA512           2         0.0004   
RSA soft-nopfs                 1735      0.3701   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     10263     2.1893   
insecure                  26115     5.5708   
secure                    432404    92.2399  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      17088     3.6452   
False                     10263     2.1893   
NONE                      441431    94.1655  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        7         0.0015   
10 only                   7         0.0015   
15                        6         0.0013   
15 only                   6         0.0013   
30                        8         0.0017   
30 only                   7         0.0015   
60                        59        0.0126   
60 only                   54        0.0115   
65                        1         0.0002   
65 only                   1         0.0002   
70                        3         0.0006   
100                       14        0.003    
100 only                  14        0.003    
120                       20        0.0043   
120 only                  20        0.0043   
128                       3         0.0006   
128 only                  3         0.0006   
180                       37        0.0079   
180 only                  36        0.0077   
240                       3         0.0006   
240 only                  3         0.0006   
256                       1         0.0002   
256 only                  1         0.0002   
300                       197397    42.1085  
300 only                  187977    40.099   
360                       1         0.0002   
360 only                  1         0.0002   
400                       2         0.0004   
400 only                  2         0.0004   
420                       34        0.0073   
420 only                  28        0.006    
480                       11        0.0023   
480 only                  11        0.0023   
600                       14041     2.9952   
600 only                  13846     2.9536   
720                       1         0.0002   
720 only                  1         0.0002   
900                       517       0.1103   
900 only                  503       0.1073   
960                       2         0.0004   
960 only                  2         0.0004   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      259       0.0552   
1200 only                 255       0.0544   
1500                      11        0.0023   
1500 only                 10        0.0021   
1800                      271       0.0578   
1800 only                 262       0.0559   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      2         0.0004   
2400 only                 2         0.0004   
2520                      1         0.0002   
2520 only                 1         0.0002   
2700                      6         0.0013   
2700 only                 6         0.0013   
3000                      9         0.0019   
3000 only                 9         0.0019   
3600                      317       0.0676   
3600 only                 297       0.0634   
5400                      3         0.0006   
6000                      4         0.0009   
6000 only                 4         0.0009   
7200                      12206     2.6038   
7200 only                 9111      1.9435   
10800                     15        0.0032   
10800 only                9         0.0019   
14400                     1229      0.2622   
14400 only                1229      0.2622   
18000                     3         0.0006   
18000 only                3         0.0006   
21600                     3169      0.676    
21600 only                3169      0.676    
28800                     10        0.0021   
28800 only                9         0.0019   
36000                     938       0.2001   
36000 only                932       0.1988   
43200                     2190      0.4672   
43200 only                2190      0.4672   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     44686     9.5324   
64800 only                44673     9.5296   
72000                     7         0.0015   
72000 only                7         0.0015   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     34        0.0073   
86000 only                34        0.0073   
86400                     206       0.0439   
86400 only                204       0.0435   
93600                     1         0.0002   
93600 only                1         0.0002   
100800                    14125     3.0131   
100800 only               14122     3.0125   
129600                    11        0.0023   
129600 only               11        0.0023   
172800                    1         0.0002   
172800 only               1         0.0002   
600000                    1         0.0002   
600000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    6         0.0013   
864000 only               6         0.0013   
None                      189285    40.378   
None only                 177289    37.8191  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15085     3.2179   
ecdsa-with-SHA256         27569     5.881    
sha1WithRSAEncryption     260100    55.4842  
sha256WithRSAEncryption   181166    38.6461  
sha512WithRSAEncryption   8         0.0017   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 27597     5.887    
ECDSA 384                 3         0.0006   
RSA 1024                  1100      0.2347   
RSA 10240                 4         0.0009   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  424764    90.6101  
RSA 2049                  3         0.0006   
RSA 2056                  5         0.0011   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  11        0.0023   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  5         0.0011   
RSA 2612                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  72        0.0154   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  35        0.0075   
RSA 4086                  2         0.0004   
RSA 4092                  3         0.0006   
RSA 4096                  15196     3.2416   
RSA 4098                  2         0.0004   
RSA 8192                  4         0.0009   
RSA/ECDSA Dual Stack      35        0.0075

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 79939     17.0525  
Unsupported               388843    82.9475  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      33923     7.2364
SSL2 Only                 81        0.0173
SSL3                      165570    35.3192
SSL3 Only                 1467      0.3129
SSL3 or TLS1 Only         100568    21.453
SSL3 or lower Only        1518      0.3238
TLS1                      466356    99.4825
TLS1 Only                 52609     11.2225
TLS1 or lower Only        131814    28.1184
TLS1.1                    322576    68.8115
TLS1.1 Only               7         0.0015
TLS1.1 or up Only         613       0.1308
TLS1.2                    332743    70.9803
TLS1.2 Only               464       0.099
TLS1.2, 1.0 but not 1.1   12283     2.6202



Statistics from 494138 chains provided by 657485 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  439749    66.8835
incomplete                25522     3.8818
untrusted                 192214    29.2347

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1550      0.3137
3                         459587    93.0078
4                         32976     6.6734
5                         25        0.0051

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 27473     
ECDSA 384                 27471     
RSA 1024                  26220     
RSA 2045                  1         
RSA 2048                  866093    
RSA 4096                  72494     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 27473     5.5598
ECDSA 384                 27471     5.5594
RSA 1024                  26219     5.306
RSA 2045                  1         0.0002
RSA 2048                  465353    94.1747
RSA 4096                  72026     14.5761

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              27473     
sha1WithRSAEncryption          318089    
sha256WithRSAEncryption        119575    
sha384WithRSAEncryption        60453     
sha512WithRSAEncryption        24        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        294492    59.5971
112                       172174    34.8433
128                       27472     5.5596

Scan performed between 17th and 30th of January 2015.