Month: June 2015

May 2015 scan results

Despite the Logjam attack very few servers have actually disabled export grade Diffie-Hellman ciphers. At the same time, we have reached another milestone, where over 500 thousand servers from Alexa top 1 million sites support TLS or SSL.

Cipher suites

Use of AES-GCM cipher mode combination has grown most significantly – by 2.6%. At the same time Camellia use has fallen by just under 0.2% and other secure ciphers remained mostly unchanged.

RC4 continues the slow decrease in use. Nearly 5% fewer servers support this insecure cipher. About 1.5% less prefer this ciphersuite over others, and 1.1% fewer force its use in TLSv1.1 or later. At the same time, still over 2000 servers support only this symmetric cipher.

Leaving single DES ciphers remains the most common server misconfiguration with nearly 8.5% of servers having this configuration error, a decrease of 0.5% since last month. Second most common misconfiguration are export grade ciphers, over 7.1% have them enabled. Finally anonymous ECDH ciphers, which are enabled on over 3.5% of servers.

1.5% more servers also dictate the cipher ordering instead of using the client side order.

Key exchange

More and more servers opt not to support RSA key exchange and provide support just for the ciphersuites which provide forward secrecy. RSA key exchange has lost nearly 1% of the market share, while both DHE and ECDHE has grown by over 1% and 3% respectively.

That also caused an overall increase of over 1.8% in servers which prefer forward secrecy enabled ciphersuites.

Unfortunately that has also brought with it slight increase in servers which use the breakable and almost-breakable 512 bit and 768 bit DH. But set of those servers is rather small so it may be just a fluctuation caused by current Alexa ranking.

ECC curves

As in previous months, most of ECDHE support increase is provided by the NIST P-256 curve, increase of about 2.8%. At the same time, servers which prefer P-521 curve has broken the 1% barrier.

In general, support for more obscure curves is growing slowly, but is overshadowed by the three most popular curves – P256, P-384 and P-521.

The vast majority of servers also support just one curve – P256. Domination which increased by nearly 3%.

Hash and signature algorithms

Support for the insecure MD5-RSA and SHA1-RSA keeps growing. The former increased by 0.7% while the latter increased by 2.14%. What’s more problematic, is that servers which support only SHA1-RSA has also grown, by about 0.13%.

Support for SHA256 and SHA512 has also grown, by 2.1% and 1.5% respectively.

Vulnerabilities

About 5% servers still don’t support secure renegotiation, situation which hasn’t change since last month.

Similarly, support for compression is still enabled at more than 2.5% of servers.

Certificates

Use of SHA-1 keeps dropping significantly, this month by nearly 5%. This is mostly replaced by SHA256-RSA, but some of it is thanks to SHA256-ECDSA (0.8%).

Use of 1024 bit RSA certificates has fallen to just 194 machines. At the same time, use of 2048 bit RSA lost about 0.5% of servers, scattered across ECDSA 256 and RSA 3072bit.

Amount of servers with incomplete trust chains has risen by 1.1%.

Protocols

Support for the vulnerable SSLv2 and SSLv3 is only very slowly dropping, by 0.36% and 1.76% respectively.

Thankfully, only 968 servers require use of SSLv3 or lower for connection, 0.192% of total.

TLSv1.0 seems to have reached its peak, with this months scan showing a very slight decrease of 0.04%. It still remains the highest protocol version supported by over 23% of servers, a decrease of just under 2%.

TLSv1.1 and TLSv1.2 keep gaining market share, with 76% and increase of over 2% for the latter.

As TLSv1.0 penetration would let us guess, very few servers operators decide to support only the newest protocols – currently 0.3% of total.

Results

SSL/TLS survey of 504133 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      422205    83.7487
3DES Only                 902       0.1789
AES                       492766    97.7452
AES Only                  15398     3.0544
AES-CBC                   492668    97.7258
AES-CBC Only              8199      1.6264
AES-GCM                   328750    65.211
AES-GCM Only              32        0.0063
CAMELLIA                  216646    42.974
CAMELLIA Only             2         0.0004
CHACHA20                  63418     12.5796
Insecure                  78500     15.5713
RC4                       277296    55.0045
RC4 Only                  2038      0.4043
RC4 Preferred             39565     7.8481
RC4 forced in TLS1.1+     22536     4.4702
x:FF 29 RC4 Only          2395      0.4751
x:FF 29 RC4 Preferred     44134     8.7544
x:FF 29 incompatible      105       0.0208
x:FF 35 RC4 Only          2735      0.5425
x:FF 35 RC4 Preferred     44278     8.783
x:FF 35 incompatible      108       0.0214
y:DHE-RSA-SEED-SHA        105410    20.9092
y:IDEA-CBC-SHA            86047     17.0683
y:SEED-SHA                103682    20.5664
z:ADH-AES128-GCM-SHA256   332       0.0659
z:ADH-AES128-SHA          1298      0.2575
z:ADH-AES128-SHA256       242       0.048
z:ADH-AES256-GCM-SHA384   344       0.0682
z:ADH-AES256-SHA          1307      0.2593
z:ADH-AES256-SHA256       244       0.0484
z:ADH-CAMELLIA128-SHA     803       0.1593
z:ADH-CAMELLIA256-SHA     814       0.1615
z:ADH-DES-CBC-SHA         368       0.073
z:ADH-DES-CBC3-SHA        1324      0.2626
z:ADH-RC4-MD5             1177      0.2335
z:ADH-SEED-SHA            719       0.1426
z:AECDH-AES128-SHA        17948     3.5602
z:AECDH-AES256-SHA        17959     3.5624
z:AECDH-DES-CBC3-SHA      17905     3.5516
z:AECDH-NULL-SHA          43        0.0085
z:AECDH-RC4-SHA           17242     3.4201
z:DES-CBC-MD5             15026     2.9806
z:DES-CBC-SHA             42323     8.3952
z:DES-CBC3-MD5            29340     5.8199
z:ECDHE-RSA-NULL-SHA      56        0.0111
z:EDH-RSA-DES-CBC-SHA     36108     7.1624
z:EXP-ADH-DES-CBC-SHA     279       0.0553
z:EXP-ADH-RC4-MD5         280       0.0555
z:EXP-DES-CBC-SHA         21187     4.2027
z:EXP-EDH-RSA-DES-CBC-SHA 17630     3.4971
z:EXP-RC2-CBC-MD5         25641     5.0862
z:EXP-RC4-MD5             27062     5.368
z:EXP1024-DES-CBC-SHA     6792      1.3473
z:EXP1024-RC4-SHA         6883      1.3653
z:IDEA-CBC-MD5            2594      0.5145
z:NULL-MD5                281       0.0557
z:NULL-SHA                286       0.0567
z:NULL-SHA256             23        0.0046
z:RC2-CBC-MD5             15367     3.0482
z:RC4-64-MD5              1245      0.247

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               135237    26.8257
Server side               368896    73.1743

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1435      0.2846
AECDH                     17990     3.5685
DHE                       286817    56.8931
ECDH                      1         0.0002
ECDHE                     352323    69.8869
ECDHE and DHE             195467    38.7729
RSA                       459524    91.1513

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               229119    45.4481  79.8833
DH,1536bits               1         0.0002   0.0003
DH,2048bits               50894     10.0954  17.7444
DH,2236bits               3         0.0006   0.001
DH,3072bits               2379      0.4719   0.8294
DH,4094bits               1         0.0002   0.0003
DH,4096bits               3569      0.7079   1.2443
DH,512bits                81        0.0161   0.0282
DH,768bits                805       0.1597   0.2807
DH,8192bits               1         0.0002   0.0003
ECDH,B-163,163bits        1         0.0002   0.0003
ECDH,B-571,570bits        1580      0.3134   0.4485
ECDH,K-571,570bits        1         0.0002   0.0003
ECDH,P-224,224bits        63        0.0125   0.0179
ECDH,P-256,256bits        344044    68.2447  97.6502
ECDH,P-384,384bits        3587      0.7115   1.0181
ECDH,P-521,521bits        5548      1.1005   1.5747
Prefer DH,1024bits        87818     17.4196  30.6181
Prefer DH,2048bits        3211      0.6369   1.1195
Prefer DH,2236bits        1         0.0002   0.0003
Prefer DH,3072bits        30        0.006    0.0105
Prefer DH,4096bits        105       0.0208   0.0366
Prefer DH,512bits         4         0.0008   0.0014
Prefer DH,768bits         404       0.0801   0.1409
Prefer ECDH,B-163,163bits 1         0.0002   0.0003
Prefer ECDH,B-571,570bits 1365      0.2708   0.3874
Prefer ECDH,K-571,570bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 36        0.0071   0.0102
Prefer ECDH,P-256,256bits 286974    56.9243  81.452
Prefer ECDH,P-384,384bits 2591      0.514    0.7354
Prefer ECDH,P-521,521bits 5220      1.0354   1.4816
Prefer PFS                387761    76.9164  0
Support PFS               443673    88.0071  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           294       0.0583   
brainpoolP384r1           294       0.0583   
brainpoolP512r1           294       0.0583   
prime192v1                1589      0.3152   
prime256v1                351551    69.7338  
prime256v1 Only           305875    60.6735  
secp160k1                 1561      0.3096   
secp160r1                 1566      0.3106   
secp160r2                 1561      0.3096   
secp192k1                 1580      0.3134   
secp224k1                 1628      0.3229   
secp224r1                 2813      0.558    
secp224r1 Only            3         0.0006   
secp256k1                 1637      0.3247   
secp384r1                 45923     9.1093   
secp384r1 Only            242       0.048    
secp521r1                 13392     2.6564   
secp521r1 Only            97        0.0192   
sect163k1                 1569      0.3112   
sect163k1 Only            1         0.0002   
sect163r1                 1568      0.311    
sect163r2                 1568      0.311    
sect163r2 Only            1         0.0002   
sect193r1                 1566      0.3106   
sect193r2                 1566      0.3106   
sect233k1                 1625      0.3223   
sect233r1                 1624      0.3221   
sect239k1                 1624      0.3221   
sect283k1                 1623      0.3219   
sect283r1                 1621      0.3215   
sect409k1                 1620      0.3213   
sect409r1                 1617      0.3207   
sect571k1                 1627      0.3227   
sect571r1                 1627      0.3227   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          80726     16.0128  
True                           223171    44.2683  
order-specific                 14        0.0028   
unknown                        200222    39.7161  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    2652      0.5261   
inconclusive-noecc        26        0.0052   
server                    349247    69.2768  
unknown                   152208    30.192   

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     34911     6.925    
ECDSA-SHA1 Only                1         0.0002   
ECDSA-SHA224                   34925     6.9277   
ECDSA-SHA256                   34948     6.9323   
ECDSA-SHA384                   34966     6.9359   
ECDSA-SHA512                   34985     6.9396   
ECDSA-SHA512 Only              19        0.0038   
RSA-MD5                        147472    29.2526  
RSA-SHA1                       310804    61.6512  
RSA-SHA1 Only                  46467     9.2172   
RSA-SHA224                     250624    49.7139  
RSA-SHA256                     269299    53.4182  
RSA-SHA256 Only                4125      0.8182   
RSA-SHA384                     251575    49.9025  
RSA-SHA512                     251692    49.9257  
RSA-SHA512 Only                54        0.0107   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         228686    45.3622  
indeterminate                  15        0.003    
intolerant                     2751      0.5457   
order-fallback                 23        0.0046   
server                         119546    23.7132  
unsupported                    33304     6.6062   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     34893     6.9214   
ECDSA intolerant               113       0.0224   
RSA False                      143034    28.3723  
RSA SHA1                       141505    28.069   
RSA intolerant                 27098     5.3752   
RSA soft-nopfs                 4560      0.9045   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     8495      1.6851   
insecure                  24563     4.8723   
secure                    471075    93.4426  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      12816     2.5422   
False                     8495      1.6851   
NONE                      482822    95.7727  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         3         0.0006   
1 only                    3         0.0006   
2                         3         0.0006   
2 only                    3         0.0006   
5                         2         0.0004   
5 only                    2         0.0004   
10                        7         0.0014   
10 only                   7         0.0014   
15                        10        0.002    
15 only                   10        0.002    
30                        10        0.002    
30 only                   9         0.0018   
60                        98        0.0194   
60 only                   93        0.0184   
70                        7         0.0014   
100                       21        0.0042   
100 only                  21        0.0042   
120                       27        0.0054   
120 only                  27        0.0054   
128                       2         0.0004   
128 only                  2         0.0004   
150                       2         0.0004   
180                       48        0.0095   
180 only                  46        0.0091   
240                       10        0.002    
240 only                  10        0.002    
300                       219015    43.4439  
300 only                  213209    42.2922  
360                       1         0.0002   
400                       8         0.0016   
400 only                  8         0.0016   
420                       108       0.0214   
420 only                  66        0.0131   
480                       12        0.0024   
480 only                  12        0.0024   
500                       4         0.0008   
500 only                  4         0.0008   
600                       16066     3.1869   
600 only                  15898     3.1535   
720                       2         0.0004   
720 only                  2         0.0004   
900                       742       0.1472   
900 only                  707       0.1402   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      2024      0.4015   
1200 only                 2018      0.4003   
1320                      1         0.0002   
1320 only                 1         0.0002   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      10        0.002    
1500 only                 9         0.0018   
1800                      406       0.0805   
1800 only                 397       0.0787   
2400                      6         0.0012   
2400 only                 6         0.0012   
2700                      11        0.0022   
2700 only                 11        0.0022   
3000                      14        0.0028   
3000 only                 14        0.0028   
3600                      442       0.0877   
3600 only                 422       0.0837   
3900                      1         0.0002   
3900 only                 1         0.0002   
4100                      2         0.0004   
4100 only                 2         0.0004   
4200                      1         0.0002   
5400                      20        0.004    
5400 only                 3         0.0006   
6000                      5         0.001    
6000 only                 5         0.001    
7200                      16629     3.2985   
7200 only                 13329     2.6439   
10800                     2315      0.4592   
10800 only                2310      0.4582   
14400                     73        0.0145   
14400 only                72        0.0143   
18000                     13        0.0026   
18000 only                13        0.0026   
21600                     4826      0.9573   
21600 only                4825      0.9571   
28800                     13        0.0026   
28800 only                13        0.0026   
36000                     1108      0.2198   
36000 only                1103      0.2188   
43200                     28        0.0056   
43200 only                25        0.005    
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     50705     10.0579  
64800 only                50654     10.0477  
72000                     17        0.0034   
72000 only                17        0.0034   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     45        0.0089   
86000 only                45        0.0089   
86400                     3437      0.6818   
86400 only                3436      0.6816   
100800                    12226     2.4252   
100800 only               12226     2.4252   
129600                    8         0.0016   
129600 only               8         0.0016   
172800                    2         0.0004   
172800 only               2         0.0004   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      183010    36.3019  
None only                 173532    34.4219  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      18818     3.7327   
ecdsa-with-SHA256         34966     6.9359   
sha1WithRSAEncryption     191053    37.8973  
sha256WithRSAEncryption   278185    55.1809  
sha384WithRSAEncryption   2         0.0004   
sha512WithRSAEncryption   7         0.0014   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 35000     6.9426   
ECDSA 384                 6         0.0012   
ECDSA 521                 2         0.0004   
RSA 1024                  194       0.0385   
RSA 10240                 7         0.0014   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  451485    89.5567  
RSA 2049                  3         0.0006   
RSA 2056                  2         0.0004   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  9         0.0018   
RSA 2096                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  4         0.0008   
RSA 2480                  1         0.0002   
RSA 2612                  2         0.0004   
RSA 3050                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  104       0.0206   
RSA 3096                  1         0.0002   
RSA 3248                  2         0.0004   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  24        0.0048   
RSA 4069                  1         0.0002   
RSA 4086                  4         0.0008   
RSA 4092                  8         0.0016   
RSA 4096                  17305     3.4326   
RSA 8192                  6         0.0012   
RSA/ECDSA Dual Stack      45        0.0089

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 94341     18.7135  
Unsupported               409792    81.2865  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      29625     5.8764
SSL2 Only                 35        0.0069
SSL3                      142402    28.2469
SSL3 Only                 936       0.1857
SSL3 or TLS1 Only         88722     17.5989
SSL3 or lower Only        968       0.192
TLS1                      501347    99.4474
TLS1 Only                 51184     10.1529
TLS1 or lower Only        116300    23.0693
TLS1.1                    373523    74.0922
TLS1.1 Only               25        0.005
TLS1.1 or up Only         1606      0.3186
TLS1.2                    384312    76.2323
TLS1.2 Only               845       0.1676
TLS1.2, 1.0 but not 1.1   12411     2.4619


Statistics from 515219 chains provided by 689528 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  449551    65.1969
incomplete                37540     5.4443
untrusted                 202437    29.3588

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         345       0.067
3                         295875    57.427
4                         213966    41.5291
5                         5031      0.9765
6                         2         0.0004

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 34881     
ECDSA 384                 60711     
RSA 1024                  39543     
RSA 2045                  1         
RSA 2048                  1016373   
RSA 4096                  102618    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 34881     6.7701
ECDSA 384                 60711     11.7835
RSA 1024                  39539     7.6742
RSA 2045                  1         0.0002
RSA 2048                  479801    93.1256
RSA 4096                  102053    19.8077

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              34881     
sha1WithRSAEncryption          285370    
sha256WithRSAEncryption        244990    
sha384WithRSAEncryption        173666    
sha512WithRSAEncryption        1         

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        240612    46.7009
112                       239734    46.5305
128                       34873     6.7686

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(861a399d) AddTrust Class 1 CA Root           126924    24.635
(2c543cd1) GeoTrust Global CA                 111533    21.6477
(f081611a) The Go Daddy Group, Inc.           54113     10.5029
(5ad8a5d6) GlobalSign Root CA                 52056     10.1037
(eed8c118) COMODO ECC Certification Authority 34873     6.7686
(415660c1) VeriSign, Inc.                     29756     5.7754
(aee5f10d) Entrust.net Certification Authorit 29671     5.7589
(c089bbbd) thawte Primary Root CA - G2        25836     5.0146
(f387163d) Starfield Technologies, Inc.       11081     2.1507
(ae8153b9) StartCom Certification Authority   9729      1.8883
(578d5c04) Equifax                            6768      1.3136
(244b5494) DigiCert High Assurance EV Root CA 6686      1.2977


Scan performed between 24th of May and 3rd of June 2015.
Advertisements