Number of servers with trusted certificates is rising again, but it’s not yet at they May levels. Mostly just continuation of established trends. One significant change is that I’ve used most recent Mozilla trust list, with few 1024 bit root CAs removed, causing the average length of certificate chain to drop significantly.
Cipher suites
A bit surprisingly 3DES use has grown by a 1%, likely as a result of servers still worrying about compatibility with Windows XP when deprecating RC4 ciphers (those are down by nearly 3%).
Support for AES remains strong, with CBC mode of it does’t have much space to grow, continuing to hover at around 98%. GCM mode has grown by just under 3%.
RC4 cipher market share is just over 50% mark due to a nearly 3% drop since last month. Count of servers that support only this cipher has also gone down, with just 1484 servers supporting only this cipher in Alexa top 1 million. Unfortunately the amount of servers which prefer RC4 and which use it even in TLS1.1 or later is largely unchanged, falling by just 0.4% and 0.2% respectively.
Completely insecure ciphers also remain unchanged, with a decrease of just 0.5%.
Nearly 7% of servers still support the Logjam vulnerable export grade ciphersuites, a decrease of less than 0.2%.
Key exchange
ECDHE support is still growing, this month increasing by over 2.2% and reaching nearly 75%. As usual, the change is due to increased support for NIST P-256 curve, both in general as well as for preferred ciphersuites.
DHE support remains unchanged.
Nearly 80% of servers now prefer PFS key exchange and just over 90% support it.
This is also the first month where there are no servers which prefer key exchange with 512bit DHE! (last month there were just two, so it’s not a bit change…)
Hash and signature algorithms
No landslides here either. Both support for RSA-MD5 as well as RSA-MD5 keeps growing (by just under 1% and 2% respectively), while support for the more secure RSA-SHA256 is much slower, with just 1.3% increase.
Vulnerabilities
Servers missing secure renegotiation indication and vulnerable to CRIME are falling rather slowly, decreasing nearly insignificantly.
Certificates
Certificates signed with SHA256 are clearly gaining, with a 3% increase since last month. SHA-1 is also nicely falling, reaching a 30% mark now.
Still, most of those newly deployed certificates are using 2048 bit RSA keys, as those have decreased by just 0.3%.
We will also most likely see the first time when less than 100 servers use just 1024 bit RSA certificates.
As I’ve updated the Mozilla trust store, the average length of trust chain has decreased, with over 99% servers using just one intermediate certificate. At the same time the number of CAs above the 1% mark has grown by 4.
Protocols
SSLv3 and SSLv2 protocol keep their slow depreciation walk, with decreases of just 1% and 0.2% respectively. Thankfully, the vast majority of them supports at least TLSv1.0, with just 735 servers supporting SSLv3 at most (decrease of 0.04% since last month).
TLS1.2 market penetration is also reaching new heights, with 78% of servers supporting this protocol, its adoption is also rather slow, with increase of just 1.1%.
Results
SSL/TLS survey of 501992 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 424054 84.4743 3DES Only 812 0.1618 AES 492491 98.1073 AES Only 17862 3.5582 AES-CBC 492390 98.0872 AES-CBC Only 9258 1.8443 AES-GCM 347128 69.1501 AES-GCM Only 41 0.0082 CAMELLIA 223605 44.5435 CAMELLIA Only 1 0.0002 CHACHA20 60925 12.1366 Insecure 74098 14.7608 RC4 254399 50.6779 RC4 Only 1484 0.2956 RC4 Preferred 31098 6.1949 RC4 forced in TLS1.1+ 17264 3.4391 x:FF 29 RC4 Only 1823 0.3632 x:FF 29 RC4 Preferred 35210 7.0141 x:FF 29 incompatible 101 0.0201 x:FF 35 RC4 Only 2132 0.4247 x:FF 35 RC4 Preferred 35335 7.039 x:FF 35 incompatible 103 0.0205 y:DHE-RSA-SEED-SHA 90992 18.1262 y:IDEA-CBC-SHA 79674 15.8716 y:SEED-SHA 97028 19.3286 z:ADH-AES128-GCM-SHA256 289 0.0576 z:ADH-AES128-SHA 1315 0.262 z:ADH-AES128-SHA256 198 0.0394 z:ADH-AES256-GCM-SHA384 302 0.0602 z:ADH-AES256-SHA 1320 0.263 z:ADH-AES256-SHA256 200 0.0398 z:ADH-CAMELLIA128-SHA 897 0.1787 z:ADH-CAMELLIA256-SHA 902 0.1797 z:ADH-DES-CBC-SHA 338 0.0673 z:ADH-DES-CBC3-SHA 1333 0.2655 z:ADH-RC4-MD5 1206 0.2402 z:ADH-SEED-SHA 827 0.1647 z:AECDH-AES128-SHA 17845 3.5548 z:AECDH-AES256-SHA 17865 3.5588 z:AECDH-DES-CBC3-SHA 17799 3.5457 z:AECDH-NULL-SHA 50 0.01 z:AECDH-RC4-SHA 17077 3.4018 z:DES-CBC-MD5 13569 2.703 z:DES-CBC-SHA 40067 7.9816 z:DES-CBC3-MD5 26983 5.3752 z:ECDHE-RSA-NULL-SHA 61 0.0122 z:EDH-RSA-DES-CBC-SHA 34341 6.8409 z:EXP-ADH-DES-CBC-SHA 240 0.0478 z:EXP-ADH-RC4-MD5 240 0.0478 z:EXP-DES-CBC-SHA 18671 3.7194 z:EXP-EDH-RSA-DES-CBC-SHA 15391 3.066 z:EXP-RC2-CBC-MD5 22650 4.512 z:EXP-RC4-MD5 23797 4.7405 z:EXP1024-DES-CBC-SHA 5785 1.1524 z:EXP1024-RC4-SHA 5862 1.1677 z:IDEA-CBC-MD5 2484 0.4948 z:NULL-MD5 265 0.0528 z:NULL-SHA 267 0.0532 z:NULL-SHA256 19 0.0038 z:RC2-CBC-MD5 13857 2.7604 z:RC4-64-MD5 1138 0.2267 Cipher ordering Count Percent -------------------------+---------+------- Client side 130910 26.0781 Server side 371082 73.9219 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1436 0.2861 AECDH 17905 3.5668 DHE 283230 56.4212 ECDH 1 0.0002 ECDHE 373639 74.4313 ECDHE and DHE 201985 40.2367 RSA 459592 91.5537 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 204984 40.8341 72.3737 DH,1536bits 2 0.0004 0.0007 DH,2048bits 70215 13.9873 24.7908 DH,2236bits 3 0.0006 0.0011 DH,2430bits 1 0.0002 0.0004 DH,2432bits 1 0.0002 0.0004 DH,3072bits 2679 0.5337 0.9459 DH,4096bits 4693 0.9349 1.657 DH,512bits 76 0.0151 0.0268 DH,768bits 622 0.1239 0.2196 DH,8192bits 1 0.0002 0.0004 ECDH,B-163,163bits 1 0.0002 0.0003 ECDH,B-571,570bits 1404 0.2797 0.3758 ECDH,K-571,570bits 1 0.0002 0.0003 ECDH,P-192,192bits 2 0.0004 0.0005 ECDH,P-224,224bits 72 0.0143 0.0193 ECDH,P-256,256bits 363944 72.5 97.4052 ECDH,P-384,384bits 3765 0.75 1.0077 ECDH,P-521,521bits 6951 1.3847 1.8604 Prefer DH,1024bits 78380 15.6138 27.6736 Prefer DH,1536bits 1 0.0002 0.0004 Prefer DH,2048bits 3926 0.7821 1.3862 Prefer DH,2236bits 1 0.0002 0.0004 Prefer DH,3072bits 31 0.0062 0.0109 Prefer DH,4096bits 150 0.0299 0.053 Prefer DH,768bits 228 0.0454 0.0805 Prefer ECDH,B-163,163bits 1 0.0002 0.0003 Prefer ECDH,B-571,570bits 1210 0.241 0.3238 Prefer ECDH,K-571,570bits 1 0.0002 0.0003 Prefer ECDH,P-224,224bits 42 0.0084 0.0112 Prefer ECDH,P-256,256bits 308148 61.385 82.4721 Prefer ECDH,P-384,384bits 2291 0.4564 0.6132 Prefer ECDH,P-521,521bits 6402 1.2753 1.7134 Prefer PFS 400812 79.8443 0 Support PFS 454884 90.6158 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 405 0.0807 brainpoolP384r1 405 0.0807 brainpoolP512r1 405 0.0807 prime192v1 1373 0.2735 prime256v1 372791 74.2623 prime256v1 Only 323403 64.4239 secp160k1 1334 0.2657 secp160r1 1338 0.2665 secp160r2 1334 0.2657 secp192k1 1358 0.2705 secp224k1 1414 0.2817 secp224r1 2898 0.5773 secp224r1 Only 2 0.0004 secp256k1 1708 0.3402 secp384r1 49700 9.9006 secp384r1 Only 314 0.0626 secp521r1 17736 3.5331 secp521r1 Only 116 0.0231 sect163k1 1337 0.2663 sect163k1 Only 2 0.0004 sect163r1 1335 0.2659 sect163r2 1336 0.2661 sect163r2 Only 1 0.0002 sect193r1 1334 0.2657 sect193r2 1333 0.2655 sect233k1 1402 0.2793 sect233r1 1402 0.2793 sect239k1 1401 0.2791 sect283k1 1678 0.3343 sect283r1 1678 0.3343 sect409k1 1678 0.3343 sect409r1 1678 0.3343 sect571k1 1692 0.3371 sect571r1 1691 0.3369 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 83042 16.5425 True 242989 48.405 order-specific 27 0.0054 unknown 175934 35.0472 ECC curve ordering Count Percent -------------------------+---------+-------- client 3093 0.6161 inconclusive-noecc 24 0.0048 server 370124 73.7311 unknown 128751 25.648 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 33890 6.7511 ECDSA-SHA1 Only 2 0.0004 ECDSA-SHA224 33884 6.7499 ECDSA-SHA256 33890 6.7511 ECDSA-SHA384 33889 6.7509 ECDSA-SHA512 33893 6.7517 ECDSA-SHA512 Only 4 0.0008 RSA-MD5 157874 31.4495 RSA-SHA1 329494 65.6373 RSA-SHA1 Only 48447 9.651 RSA-SHA224 265179 52.8253 RSA-SHA256 286453 57.0633 RSA-SHA256 Only 4521 0.9006 RSA-SHA384 266091 53.007 RSA-SHA512 266166 53.022 RSA-SHA512 Only 71 0.0141 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 233019 46.4189 indeterminate 10 0.002 intolerant 3229 0.6432 order-fallback 23 0.0046 server 132720 26.4387 unsupported 23607 4.7027 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 33882 6.7495 ECDSA intolerant 21 0.0042 RSA False 153463 30.5708 RSA SHA1 148645 29.611 RSA intolerant 28673 5.7118 RSA pfs-ecdsa-SHA512 1 0.0002 RSA soft-nopfs 4517 0.8998 Renegotiation Count Percent -------------------------+---------+-------- False 7266 1.4474 insecure 21303 4.2437 secure 473423 94.3089 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 11567 2.3042 False 7266 1.4474 NONE 483159 96.2483 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 2 0.0004 1 only 2 0.0004 2 2 0.0004 2 only 2 0.0004 5 2 0.0004 5 only 2 0.0004 10 7 0.0014 10 only 7 0.0014 15 9 0.0018 15 only 9 0.0018 30 12 0.0024 30 only 12 0.0024 60 106 0.0211 60 only 99 0.0197 70 7 0.0014 100 12 0.0024 100 only 12 0.0024 120 28 0.0056 120 only 28 0.0056 128 3 0.0006 128 only 3 0.0006 150 2 0.0004 180 47 0.0094 180 only 45 0.009 240 10 0.002 240 only 10 0.002 300 220792 43.9832 300 only 215544 42.9377 400 8 0.0016 400 only 8 0.0016 420 117 0.0233 420 only 79 0.0157 480 13 0.0026 480 only 13 0.0026 500 5 0.001 500 only 5 0.001 540 1 0.0002 540 only 1 0.0002 600 22097 4.4019 600 only 21925 4.3676 720 3 0.0006 720 only 2 0.0004 900 597 0.1189 900 only 577 0.1149 960 2 0.0004 960 only 2 0.0004 1200 1891 0.3767 1200 only 1887 0.3759 1440 1 0.0002 1440 only 1 0.0002 1500 9 0.0018 1500 only 8 0.0016 1800 414 0.0825 1800 only 407 0.0811 2400 6 0.0012 2400 only 5 0.001 2700 6 0.0012 2700 only 6 0.0012 3000 21 0.0042 3000 only 21 0.0042 3300 1 0.0002 3300 only 1 0.0002 3600 428 0.0853 3600 only 415 0.0827 3900 2 0.0004 3900 only 2 0.0004 4200 1 0.0002 5400 18 0.0036 5400 only 3 0.0006 6000 4 0.0008 6000 only 4 0.0008 7200 15459 3.0795 7200 only 12872 2.5642 10800 2078 0.414 10800 only 2074 0.4132 14400 77 0.0153 14400 only 77 0.0153 18000 17 0.0034 18000 only 17 0.0034 21600 5026 1.0012 21600 only 5024 1.0008 28800 2346 0.4673 28800 only 1578 0.3143 36000 1236 0.2462 36000 only 1230 0.245 43200 26 0.0052 43200 only 26 0.0052 60000 1 0.0002 60000 only 1 0.0002 64800 47900 9.542 64800 only 47888 9.5396 72000 12 0.0024 72000 only 12 0.0024 86000 41 0.0082 86000 only 41 0.0082 86400 3432 0.6837 86400 only 3430 0.6833 100800 12605 2.511 100800 only 12595 2.509 115200 1 0.0002 115200 only 1 0.0002 129600 7 0.0014 129600 only 7 0.0014 172800 8 0.0016 172800 only 8 0.0016 604800 2 0.0004 604800 only 2 0.0004 864000 2 0.0004 864000 only 2 0.0004 None 173956 34.6531 None only 165035 32.876 Certificate sig alg Count Percent -------------------------+---------+-------- None 18593 3.7038 ecdsa-with-SHA256 33851 6.7433 sha1WithRSAEncryption 147349 29.3529 sha256WithRSAEncryption 320910 63.9273 sha384WithRSAEncryption 4 0.0008 sha512WithRSAEncryption 9 0.0018 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 33898 6.7527 ECDSA 384 7 0.0014 RSA 1024 106 0.0211 RSA 10240 5 0.001 RSA 2047 1 0.0002 RSA 2048 450327 89.708 RSA 2049 3 0.0006 RSA 2056 2 0.0004 RSA 2058 2 0.0004 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 6 0.0012 RSA 2096 1 0.0002 RSA 2408 1 0.0002 RSA 2432 4 0.0008 RSA 2612 2 0.0004 RSA 2848 1 0.0002 RSA 3024 1 0.0002 RSA 3071 1 0.0002 RSA 3072 118 0.0235 RSA 3096 1 0.0002 RSA 3102 1 0.0002 RSA 3248 3 0.0006 RSA 4042 1 0.0002 RSA 4048 1 0.0002 RSA 4056 22 0.0044 RSA 4069 1 0.0002 RSA 4086 1 0.0002 RSA 4092 6 0.0012 RSA 4094 1 0.0002 RSA 4096 17521 3.4903 RSA 8192 7 0.0014 RSA/ECDSA Dual Stack 56 0.0112 OCSP stapling Count Percent -------------------------+---------+-------- Supported 101152 20.1501 Unsupported 400840 79.8499 Supported Protocols Count Percent -------------------------+---------+------- SSL2 27268 5.432 SSL2 Only 24 0.0048 SSL3 136796 27.2506 SSL3 Only 707 0.1408 SSL3 or TLS1 Only 80735 16.0829 SSL3 or lower Only 735 0.1464 TLS1 498809 99.3659 TLS1 Only 47086 9.3798 TLS1 or lower Only 106223 21.1603 TLS1.1 382607 76.2177 TLS1.1 Only 28 0.0056 TLS1.1 or up Only 2220 0.4422 TLS1.2 392594 78.2072 TLS1.2 Only 994 0.198 TLS1.2, 1.0 but not 1.1 11334 2.2578 Statistics from 526034 chains provided by 685991 hosts Server provided chains Count Percent -------------------------+---------+------- complete 475051 69.2503 incomplete 24873 3.6258 untrusted 186067 27.1238 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 327 0.0622 3 523536 99.5251 4 2138 0.4064 5 33 0.0063 CA key size in chains Count -------------------------+--------- ECDSA 256 33853 ECDSA 384 33855 RSA 1024 308 RSA 2045 1 RSA 2048 866336 RSA 4096 119592 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 33853 6.4355 ECDSA 384 33855 6.4359 RSA 1024 306 0.0582 RSA 2045 1 0.0002 RSA 2048 491599 93.4538 RSA 4096 119050 22.6316 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 33853 sha1WithRSAEncryption 162869 sha256WithRSAEncryption 225699 sha384WithRSAEncryption 105464 sha512WithRSAEncryption 26 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 163116 31.0086 112 329059 62.5547 128 33859 6.4367 Root CAs Count Percent ---------------------------------------------+---------+------- (2c543cd1) GeoTrust Global CA 112037 21.2984 (d6325660) COMODO RSA Certification Authority 98541 18.7328 (5ad8a5d6) GlobalSign Root CA 51559 9.8015 (cbf06781) Go Daddy Root Certificate Authorit 47005 8.9357 (eed8c118) COMODO ECC Certification Authority 33844 6.4338 (b204d74a) VeriSign Class 3 Public Primary Ce 30749 5.8454 (2e4eed3c) thawte Primary Root CA 25383 4.8254 (244b5494) DigiCert High Assurance EV Root CA 25365 4.8219 (157753a5) AddTrust External CA Root 15024 2.8561 (653b494a) Baltimore CyberTrust Root 11832 2.2493 (ae8153b9) StartCom Certification Authority 9405 1.7879 (3513523f) DigiCert Global Root CA 6987 1.3282 (fc5a8f99) USERTrust RSA Certification Author 6820 1.2965 (f081611a) The Go Daddy Group, Inc. 6456 1.2273 (480720ec) GeoTrust Primary Certification Aut 5857 1.1134 (f387163d) Starfield Technologies, Inc. 5842 1.1106 (4bfab552) Starfield Root Certificate Authori 5499 1.0454 Scan performed between 14th and 24th of July 2015.
securitypitfalls 