January 2016 scan results

Another month, no exciting changes.

SSL/TLS survey of 541489 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      477135    88.1154
3DES Only                 523       0.0966
3DES Preferred            1744      0.3221
3DES forced in TLS1.1+    945       0.1745
AES                       535585    98.9097
AES Only                  34994     6.4626
AES-CBC                   534935    98.7896
AES-CBC Only              9110      1.6824
AES-GCM                   422759    78.0734
AES-GCM Only              589       0.1088
CAMELLIA                  228296    42.1608
CAMELLIA Only             2         0.0004
CHACHA20                  72561     13.4003
CHACHA20 Only             1         0.0002
Insecure                  56630     10.4582
RC4                       178913    33.0409
RC4 Only                  577       0.1066
RC4 Preferred             18219     3.3646
RC4 forced in TLS1.1+     9446      1.7444
x:FF 29 3DES Only         574       0.106
x:FF 29 3DES Preferred    2103      0.3884
x:FF 29 RC4 Only          771       0.1424
x:FF 29 RC4 Preferred     20172     3.7253
x:FF 29 incompatible      395       0.0729
x:FF 35 3DES Only         582       0.1075
x:FF 35 3DES Preferred    2009      0.371
x:FF 35 RC4 Only          937       0.173
x:FF 35 RC4 Preferred     20230     3.736
x:FF 35 incompatible      398       0.0735
y:DHE-RSA-SEED-SHA        66504     12.2817
y:IDEA-CBC-SHA            63061     11.6459
y:SEED-SHA                78410     14.4804
z:ADH-AES128-GCM-SHA256   397       0.0733
z:ADH-AES128-SHA          714       0.1319
z:ADH-AES128-SHA256       269       0.0497
z:ADH-AES256-GCM-SHA384   413       0.0763
z:ADH-AES256-SHA          723       0.1335
z:ADH-AES256-SHA256       271       0.05
z:ADH-CAMELLIA128-SHA     358       0.0661
z:ADH-CAMELLIA256-SHA     366       0.0676
z:ADH-DES-CBC-SHA         298       0.055
z:ADH-DES-CBC3-SHA        722       0.1333
z:ADH-RC4-MD5             560       0.1034
z:ADH-SEED-SHA            286       0.0528
z:AECDH-AES128-SHA        9282      1.7142
z:AECDH-AES256-SHA        9332      1.7234
z:AECDH-DES-CBC3-SHA      9248      1.7079
z:AECDH-NULL-SHA          61        0.0113
z:AECDH-RC4-SHA           8710      1.6085
z:DES-CBC-MD5             10050     1.856
z:DES-CBC-SHA             35379     6.5337
z:DES-CBC3-MD5            21189     3.9131
z:ECDHE-RSA-NULL-SHA      67        0.0124
z:EDH-RSA-DES-CBC-SHA     30295     5.5948
z:EXP-ADH-DES-CBC-SHA     192       0.0355
z:EXP-ADH-RC4-MD5         189       0.0349
z:EXP-DES-CBC-SHA         13046     2.4093
z:EXP-EDH-RSA-DES-CBC-SHA 10364     1.914
z:EXP-RC2-CBC-MD5         15781     2.9144
z:EXP-RC4-MD5             16506     3.0483
z:EXP1024-DES-CBC-SHA     4104      0.7579
z:EXP1024-RC4-SHA         4194      0.7745
z:IDEA-CBC-MD5            2095      0.3869
z:NULL-MD5                211       0.039
z:NULL-SHA                210       0.0388
z:NULL-SHA256             30        0.0055
z:RC2-CBC-MD5             10224     1.8881
z:RC4-64-MD5              892       0.1647

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               133145    24.5887
Server side               408344    75.4113

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       874       0.1614
AECDH                     9353      1.7273
DHE                       292291    53.9791
ECDH                      2         0.0004
ECDHE                     448914    82.9036
ECDHE and DHE             235557    43.5017
RSA                       475602    87.8323

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               152465    28.1566  52.1621
DH,1338bits               1         0.0002   0.0003
DH,1536bits               1         0.0002   0.0003
DH,2048bits               131006    24.1937  44.8204
DH,2236bits               13        0.0024   0.0044
DH,2432bits               2         0.0004   0.0007
DH,2560bits               1         0.0002   0.0003
DH,3072bits               93        0.0172   0.0318
DH,3092bits               1         0.0002   0.0003
DH,4096bits               8605      1.5891   2.944
DH,4098bits               1         0.0002   0.0003
DH,512bits                50        0.0092   0.0171
DH,768bits                395       0.0729   0.1351
DH,8192bits               2         0.0004   0.0007
ECDH,B-571,570bits        1771      0.3271   0.3945
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,P-192,192bits        15        0.0028   0.0033
ECDH,P-224,224bits        84        0.0155   0.0187
ECDH,P-256,256bits        433613    80.0779  96.5916
ECDH,P-384,384bits        4499      0.8309   1.0022
ECDH,P-521,521bits        10705     1.977    2.3846
Prefer DH,1024bits        53883     9.9509   18.4347
Prefer DH,1536bits        1         0.0002   0.0003
Prefer DH,2048bits        6107      1.1278   2.0894
Prefer DH,3072bits        9         0.0017   0.0031
Prefer DH,4096bits        375       0.0693   0.1283
Prefer DH,768bits         52        0.0096   0.0178
Prefer ECDH,B-571,570bits 1556      0.2874   0.3466
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 81        0.015    0.018
Prefer ECDH,P-256,256bits 396887    73.2955  88.4105
Prefer ECDH,P-384,384bits 3290      0.6076   0.7329
Prefer ECDH,P-521,521bits 9642      1.7806   2.1479
Prefer PFS                471884    87.1456  0
Support PFS               505648    93.381   0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           2578      0.4761   
brainpoolP384r1           2579      0.4763   
brainpoolP512r1           2580      0.4765   
prime192v1                1446      0.267    
prime256v1                445477    82.2689  
prime256v1 Only           388604    71.7658  
secp160k1                 1397      0.258    
secp160r1                 1402      0.2589   
secp160r2                 1396      0.2578   
secp192k1                 1410      0.2604   
secp224k1                 1487      0.2746   
secp224r1                 4270      0.7886   
secp224r1 Only            1         0.0002   
secp256k1                 4033      0.7448   
secp384r1                 57392     10.5989  
secp384r1 Only            554       0.1023   
secp521r1                 26343     4.8649   
secp521r1 Only            142       0.0262   
sect163k1                 1402      0.2589   
sect163k1 Only            2         0.0004   
sect163r1                 1400      0.2585   
sect163r2                 1400      0.2585   
sect193r1                 1399      0.2584   
sect193r2                 1399      0.2584   
sect233k1                 1480      0.2733   
sect233r1                 1480      0.2733   
sect239k1                 1480      0.2733   
sect283k1                 3926      0.725    
sect283k1 Only            1         0.0002   
sect283r1                 3925      0.7249   
sect409k1                 3924      0.7247   
sect409r1                 3923      0.7245   
sect571k1                 3928      0.7254   
sect571r1                 3929      0.7256   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          55946     10.3319  
True                           332237    61.3562  
order-specific                 60        0.0111   
unknown                        153246    28.3009  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    6546      1.2089   
inconclusive-noecc        10        0.0018   
server                    439646    81.192   
unknown                   95287     17.5972  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     43763     8.082    
ECDSA-SHA1 Only                3         0.0006   
ECDSA-SHA224                   43755     8.0805   
ECDSA-SHA256                   58463     10.7967  
ECDSA-SHA384                   58458     10.7958  
ECDSA-SHA512                   58458     10.7958  
RSA-MD5                        93307     17.2316  
RSA-SHA1                       386583    71.3926  
RSA-SHA1 Only                  41287     7.6247   
RSA-SHA224                     320766    59.2378  
RSA-SHA256                     353383    65.2613  
RSA-SHA256 Only                6919      1.2778   
RSA-SHA384                     322845    59.6217  
RSA-SHA384 Only                1         0.0002   
RSA-SHA512                     322938    59.6389  
RSA-SHA512 Only                199       0.0368   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         245811    45.3954  
indeterminate                  42        0.0078   
intolerant                     5114      0.9444   
order-fallback                 9         0.0017   
server                         187931    34.7063  
unsupported                    19787     3.6542   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     43750     8.0796   
ECDSA intolerant               30        0.0055   
ECDSA pfs-rsa-SHA512           14685     2.712    
ECDSA soft-nopfs               1         0.0002   
RSA False                      92525     17.0871  
RSA SHA1                       265644    49.0581  
RSA intolerant                 37307     6.8897   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 863       0.1594   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     6052      1.1177   
insecure                  17380     3.2097   
secure                    518057    95.6727  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      8694      1.6056   
False                     6052      1.1177   
NONE                      526743    97.2768  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         5         0.0009   
1 only                    5         0.0009   
2                         1         0.0002   
2 only                    1         0.0002   
5                         1         0.0002   
5 only                    1         0.0002   
10                        11        0.002    
10 only                   11        0.002    
15                        9         0.0017   
15 only                   9         0.0017   
30                        14        0.0026   
30 only                   12        0.0022   
60                        158       0.0292   
60 only                   152       0.0281   
65                        1         0.0002   
65 only                   1         0.0002   
70                        7         0.0013   
75                        1         0.0002   
75 only                   1         0.0002   
100                       13        0.0024   
100 only                  13        0.0024   
120                       25        0.0046   
120 only                  25        0.0046   
128                       3         0.0006   
128 only                  3         0.0006   
150                       2         0.0004   
180                       59        0.0109   
180 only                  56        0.0103   
240                       6         0.0011   
240 only                  6         0.0011   
244                       1         0.0002   
244 only                  1         0.0002   
300                       257671    47.5856  
300 only                  253451    46.8063  
302                       3         0.0006   
302 only                  3         0.0006   
360                       2         0.0004   
360 only                  1         0.0002   
400                       6         0.0011   
400 only                  6         0.0011   
420                       114       0.0211   
420 only                  91        0.0168   
450                       1         0.0002   
450 only                  1         0.0002   
480                       13        0.0024   
480 only                  13        0.0024   
500                       4         0.0007   
500 only                  4         0.0007   
540                       1         0.0002   
540 only                  1         0.0002   
600                       27406     5.0612   
600 only                  27252     5.0328   
720                       2         0.0004   
720 only                  2         0.0004   
840                       2         0.0004   
840 only                  2         0.0004   
900                       989       0.1826   
900 only                  972       0.1795   
960                       3         0.0006   
960 only                  3         0.0006   
1200                      2741      0.5062   
1200 only                 2735      0.5051   
1500                      6         0.0011   
1500 only                 5         0.0009   
1800                      555       0.1025   
1800 only                 545       0.1006   
1980                      2         0.0004   
1980 only                 2         0.0004   
2100                      2         0.0004   
2100 only                 1         0.0002   
2400                      9         0.0017   
2400 only                 9         0.0017   
2700                      11        0.002    
2700 only                 11        0.002    
3000                      29        0.0054   
3000 only                 29        0.0054   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      688       0.1271   
3600 only                 679       0.1254   
3900                      1         0.0002   
3900 only                 1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      13        0.0024   
5400 only                 7         0.0013   
6000                      235       0.0434   
6000 only                 235       0.0434   
7200                      15880     2.9327   
7200 only                 15854     2.9279   
10800                     3309      0.6111   
10800 only                3300      0.6094   
14400                     100       0.0185   
14400 only                100       0.0185   
18000                     8         0.0015   
18000 only                8         0.0015   
21600                     4676      0.8635   
21600 only                4676      0.8635   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2453      0.453    
28800 only                2450      0.4525   
36000                     1094      0.202    
36000 only                1083      0.2      
43200                     41        0.0076   
43200 only                41        0.0076   
60000                     2         0.0004   
60000 only                2         0.0004   
64800                     4295      0.7932   
64800 only                4295      0.7932   
72000                     28        0.0052   
72000 only                28        0.0052   
79200                     1         0.0002   
79200 only                1         0.0002   
86000                     48        0.0089   
86000 only                48        0.0089   
86400                     3671      0.6779   
86400 only                3666      0.677    
100800                    10910     2.0148   
100800 only               10897     2.0124   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    8         0.0015   
129600 only               8         0.0015   
172800                    10        0.0018   
172800 only               10        0.0018   
216000                    2         0.0004   
216000 only               2         0.0004   
259200                    2         0.0004   
259200 only               2         0.0004   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      208648    38.5323  
None only                 204120    37.6961  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      9968      1.8408   
ecdsa-with-SHA256         58398     10.7847  
sha1WithRSAEncryption     51637     9.5361   
sha256WithRSAEncryption   446192    82.4009  
sha384WithRSAEncryption   5         0.0009   
sha512WithRSAEncryption   43        0.0079   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 58449     10.7941  
ECDSA 384                 17        0.0031   
ECDSA 521                 1         0.0002   
RSA 1024                  20        0.0037   
RSA 2047                  1         0.0002   
RSA 2048                  473537    87.4509  
RSA 2049                  2         0.0004   
RSA 2056                  1         0.0002   
RSA 2058                  2         0.0004   
RSA 2064                  2         0.0004   
RSA 2084                  5         0.0009   
RSA 2096                  2         0.0004   
RSA 2408                  1         0.0002   
RSA 2432                  1         0.0002   
RSA 2480                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  119       0.022    
RSA 3073                  1         0.0002   
RSA 3096                  2         0.0004   
RSA 3248                  2         0.0004   
RSA 4048                  1         0.0002   
RSA 4056                  18        0.0033   
RSA 4092                  6         0.0011   
RSA 4094                  1         0.0002   
RSA 4095                  1         0.0002   
RSA 4096                  24063     4.4439   
RSA 4098                  1         0.0002   
RSA 8192                  3         0.0006   
RSA/ECDSA Dual Stack      14756     2.7251

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 125414    23.161   
Unsupported               416075    76.839   

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      21373     3.9471
SSL2 Only                 15        0.0028
SSL3                      111129    20.5229
SSL3 Only                 1140      0.2105
SSL3 or TLS1 Only         59881     11.0586
SSL3 or lower Only        1155      0.2133
TLS1                      534137    98.6423
TLS1 Only                 37819     6.9843
TLS1 or lower Only        79028     14.5946
TLS1.1                    449426    82.9982
TLS1.1 Only               331       0.0611
TLS1.1 or up Only         5997      1.1075
TLS1.2                    458682    84.7075
TLS1.2 Only               2265      0.4183
TLS1.2, 1.0 but not 1.1   9518      1.7577

Statistics from 575515 chains provided by 712157 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  510961    71.7484
incomplete                28667     4.0254
untrusted                 172529    24.2263

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         26        0.0045
3                         573525    99.6542
4                         1952      0.3392
5                         12        0.0021

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 58397     
ECDSA 384                 58400     
RSA 1024                  25        
RSA 2045                  2         
RSA 2048                  878262    
RSA 4096                  157894    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 58397     10.1469
ECDSA 384                 58400     10.1474
RSA 1024                  23        0.004
RSA 2045                  2         0.0003
RSA 2048                  516745    89.7883
RSA 4096                  157333    27.3378

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              58394     
sha1WithRSAEncryption          58209     
sha256WithRSAEncryption        319412    
sha384WithRSAEncryption        141372    
sha512WithRSAEncryption        78        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        58271     10.125
112                       458828    79.7248
128.0                     58416     10.1502

Most Popular Root CAs                         Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 126106    21.9119
(2c543cd1) GeoTrust Global CA                 102943    17.8871
(eed8c118) COMODO ECC Certification Authority 58387     10.1452
(5ad8a5d6) GlobalSign Root CA                 50714     8.8119
(cbf06781) Go Daddy Root Certificate Authorit 50524     8.7789
(b204d74a) VeriSign Class 3 Public Primary Ce 32049     5.5688
(244b5494) DigiCert High Assurance EV Root CA 21377     3.7144
(2e4eed3c) thawte Primary Root CA             20668     3.5912
(fc5a8f99) USERTrust RSA Certification Author 15152     2.6328
(157753a5) AddTrust External CA Root          14593     2.5356
(653b494a) Baltimore CyberTrust Root          11373     1.9761
(ae8153b9) StartCom Certification Authority   9025      1.5682
(3513523f) DigiCert Global Root CA            8982      1.5607
(4bfab552) Starfield Root Certificate Authori 8553      1.4861


Scan performed between 18th of January and 3rd of February 2016
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s