Month: September 2016

July 2016 scan results

This month the scan has a bit more information.

I’ve added special probes to detect whether the server is intolerant to specific types of Client Hello messages.

While support for TLSv1.2 is still not universal (being just under 90%), tolerance to Client Hello messages advertising support for TLSv1.2 is essentially full, with just 67 servers being detected as intolerant to such messages.

Support for more uncommon messages is much worse though, clients sending their maximum supported version set to TLSv1.2 can expect 1.3% of servers rejecting their connections. Higher protocol versions like TLSv1.4 have a rate of rejection on around 2.45%, for very high protocol versions it rises to 3.295% for SSL 3.254 (that would be TLSv1.253).

Clients sending Client Hello with a lot of options or extensions can expect even more intolerance. Sending multiple key shares (from TLSv1.3 draft), most of defined extensions and couple hundred ciphersuites can expect their connections rejected by over 7% of servers. In general intolerance for very big Client Hello messages, like 16KiB and 24KiB large, is respectively at 23.7% and a whopping 89.5%!

If fixing this will follow similar deployment rates as TLSv1.2 or RC4 deprecation, it doesn’t look like we will be able to deploy most Post Quantum key exchanges any time soon…

Besides that, there were no major changes, just continuation of long established trends, so I won’t be doing full analysis for this month too.

SSL/TLS survey of 603391 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      532905    88.3184
3DES Only                 550       0.0912
3DES Preferred            1719      0.2849
3DES forced in TLS1.1+    992       0.1644
AES                       599329    99.3268
AES Only                  46610     7.7247
AES-CBC                   598756    99.2318
AES-CBC Only              4850      0.8038
AES-GCM                   509780    84.4858
AES-GCM Only              526       0.0872
CAMELLIA                  267705    44.3668
CAMELLIA Only             1         0.0002
CHACHA20                  83982     13.9183
CHACHA20 Only             3         0.0005
Insecure                  53186     8.8145
RC4                       153525    25.4437
RC4 Only                  140       0.0232
RC4 Preferred             12783     2.1185
RC4 forced in TLS1.1+     6911      1.1454
x:FF 29 3DES Only         597       0.0989
x:FF 29 3DES Preferred    2030      0.3364
x:FF 29 RC4 Only          193       0.032
x:FF 29 RC4 Preferred     14404     2.3872
x:FF 29 incompatible      530       0.0878
x:FF 35 3DES Only         605       0.1003
x:FF 35 3DES Preferred    1956      0.3242
x:FF 35 RC4 Only          218       0.0361
x:FF 35 RC4 Preferred     14418     2.3895
x:FF 35 incompatible      532       0.0882
x:FF 44 3DES Only         3874      0.642
x:FF 44 3DES Preferred    7464      1.237
x:FF 44 incompatible      750       0.1243
y:DHE-RSA-SEED-SHA        79084     13.1066
y:IDEA-CBC-SHA            75906     12.5799
y:SEED-SHA                90103     14.9328
z:ADH-AES128-GCM-SHA256   428       0.0709
z:ADH-AES128-SHA          715       0.1185
z:ADH-AES128-SHA256       281       0.0466
z:ADH-AES256-GCM-SHA384   442       0.0733
z:ADH-AES256-SHA          759       0.1258
z:ADH-AES256-SHA256       284       0.0471
z:ADH-CAMELLIA128-SHA     368       0.061
z:ADH-CAMELLIA128-SHA256  1         0.0002
z:ADH-CAMELLIA256-SHA     393       0.0651
z:ADH-CAMELLIA256-SHA256  1         0.0002
z:ADH-DES-CBC-SHA         279       0.0462
z:ADH-DES-CBC3-SHA        720       0.1193
z:ADH-RC4-MD5             517       0.0857
z:ADH-SEED-SHA            298       0.0494
z:AECDH-AES128-SHA        9498      1.5741
z:AECDH-AES256-SHA        9566      1.5854
z:AECDH-DES-CBC3-SHA      9463      1.5683
z:AECDH-NULL-SHA          60        0.0099
z:AECDH-RC4-SHA           8940      1.4816
z:DES-CBC-MD5             6015      0.9969
z:DES-CBC-SHA             33753     5.5939
z:DES-CBC3-MD5            15538     2.5751
z:ECDHE-RSA-NULL-SHA      67        0.0111
z:EDH-RSA-DES-CBC-SHA     28904     4.7903
z:EXP-ADH-DES-CBC-SHA     180       0.0298
z:EXP-ADH-RC4-MD5         178       0.0295
z:EXP-DES-CBC-SHA         9916      1.6434
z:EXP-EDH-RSA-DES-CBC-SHA 7950      1.3176
z:EXP-RC2-CBC-MD5         11811     1.9574
z:EXP-RC4-MD5             12355     2.0476
z:EXP1024-DES-CBC-SHA     3045      0.5046
z:EXP1024-RC4-SHA         3108      0.5151
z:IDEA-CBC-MD5            1225      0.203
z:NULL-MD5                196       0.0325
z:NULL-SHA                201       0.0333
z:NULL-SHA256             39        0.0065
z:RC2-CBC-MD5             6171      1.0227
z:RC4-64-MD5              692       0.1147

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               149228    24.7316
Server side               454163    75.2684

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       918       0.1521
AECDH                     9574      1.5867
DHE                       327644    54.3004
ECDH                      2         0.0003
ECDHE                     532966    88.3285
ECDHE and DHE             285103    47.2501
RSA                       517470    85.7603

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               115821    19.195   35.3496
DH,2048bits               196265    32.527   59.9019
DH,2049bits               1         0.0002   0.0003
DH,2236bits               77        0.0128   0.0235
DH,2432bits               3         0.0005   0.0009
DH,3072bits               141       0.0234   0.043
DH,3092bits               2         0.0003   0.0006
DH,3196bits               1         0.0002   0.0003
DH,4096bits               14972     2.4813   4.5696
DH,512bits                122       0.0202   0.0372
DH,6144bits               1         0.0002   0.0003
DH,768bits                355       0.0588   0.1083
DH,8192bits               7         0.0012   0.0021
ECDH,B-571,570bits        4696      0.7783   0.8811
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,P-192,192bits        68        0.0113   0.0128
ECDH,P-224,224bits        91        0.0151   0.0171
ECDH,P-256,256bits        500295    82.9139  93.87
ECDH,P-384,384bits        12707     2.1059   2.3842
ECDH,P-521,521bits        17146     2.8416   3.2171
ECDH,brainpoolP512r1,512bits 3         0.0005   0.0006
ECDH,secp256k1,256bits    1         0.0002   0.0002
Prefer DH,1024bits        42440     7.0336   12.9531
Prefer DH,2048bits        4955      0.8212   1.5123
Prefer DH,3072bits        9         0.0015   0.0027
Prefer DH,3092bits        2         0.0003   0.0006
Prefer DH,4096bits        379       0.0628   0.1157
Prefer DH,768bits         33        0.0055   0.0101
Prefer ECDH,B-571,570bits 4438      0.7355   0.8327
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,P-192,192bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 89        0.0147   0.0167
Prefer ECDH,P-256,256bits 465038    77.0708  87.2547
Prefer ECDH,P-384,384bits 10660     1.7667   2.0001
Prefer ECDH,P-521,521bits 15901     2.6353   2.9835
Prefer ECDH,brainpoolP512r1,512bits 3         0.0005   0.0006
Prefer ECDH,secp256k1,256bits 1         0.0002   0.0002
Prefer PFS                543950    90.1488  0
Support PFS               575507    95.3788  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
None                      2         0.0003   
None Only                 2         0.0003   
brainpoolP256r1           27492     4.5562   
brainpoolP384r1           27491     4.5561   
brainpoolP512r1           27484     4.5549   
prime192v1                1647      0.273    
prime256v1                510415    84.5911  
prime256v1 Only           428464    71.0093  
secp160k1                 1528      0.2532   
secp160r1                 1536      0.2546   
secp160r2                 1528      0.2532   
secp192k1                 1543      0.2557   
secp224k1                 1625      0.2693   
secp224r1                 5406      0.8959   
secp256k1                 29683     4.9194   
secp384r1                 88419     14.6537  
secp384r1 Only            5169      0.8567   
secp521r1                 58499     9.695    
secp521r1 Only            153       0.0254   
sect163k1                 1531      0.2537   
sect163k1 Only            3         0.0005   
sect163r1                 1529      0.2534   
sect163r2                 1529      0.2534   
sect193r1                 1529      0.2534   
sect193r2                 1529      0.2534   
sect233k1                 1614      0.2675   
sect233r1                 1614      0.2675   
sect239k1                 1614      0.2675   
sect283k1                 28930     4.7946   
sect283k1 Only            2         0.0003   
sect283r1                 28927     4.7941   
sect409k1                 28927     4.7941   
sect409r1                 28927     4.7941   
sect571k1                 28927     4.7941   
sect571r1                 28930     4.7946   
server                    38445     6.3715   
server Only               38445     6.3715   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          532806    88.3019  
unknown                        70585     11.6981  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
                          36744     6.0896   
client                    18027     2.9876   
server                    478197    79.2516  
unknown                   70423     11.6712  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     54563     9.0427   
ECDSA-SHA1 Only                9         0.0015   
ECDSA-SHA224                   54587     9.0467   
ECDSA-SHA256                   72567     12.0265  
ECDSA-SHA384                   72639     12.0385  
ECDSA-SHA512                   72750     12.0569  
ECDSA-SHA512 Only              118       0.0196   
RSA-MD5                        23842     3.9513   
RSA-SHA1                       462908    76.7178  
RSA-SHA1 Only                  30278     5.018    
RSA-SHA224                     387875    64.2825  
RSA-SHA256                     441866    73.2305  
RSA-SHA256 Only                8016      1.3285   
RSA-SHA384                     403401    66.8557  
RSA-SHA384 Only                4         0.0007   
RSA-SHA512                     403342    66.8459  
RSA-SHA512 Only                131       0.0217   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         282677    46.8481  
indeterminate                  38        0.0063   
intolerant                     6561      1.0874   
order-fallback                 4         0.0007   
server                         236059    39.1221  
unsupported                    14339     2.3764   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     54456     9.025    
ECDSA intolerant               652       0.1081   
ECDSA pfs-rsa-SHA512           17783     2.9472   
ECDSA soft-nopfs               15        0.0025   
RSA False                      23629     3.916    
RSA SHA1                       399316    66.1786  
RSA intolerant                 50007     8.2877   
RSA pfs-ecdsa-SHA512           99        0.0164   
RSA soft-nopfs                 389       0.0645   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     4550      0.7541   
insecure                  15701     2.6021   
secure                    583140    96.6438  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      6683      1.1076   
False                     4550      0.7541   
NONE                      592158    98.1384  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         3         0.0005   
1 only                    3         0.0005   
5                         8         0.0013   
5 only                    8         0.0013   
10                        9         0.0015   
10 only                   9         0.0015   
15                        7         0.0012   
15 only                   7         0.0012   
30                        29        0.0048   
30 only                   29        0.0048   
60                        172       0.0285   
60 only                   166       0.0275   
65                        2         0.0003   
65 only                   2         0.0003   
70                        6         0.001    
70 only                   4         0.0007   
75                        1         0.0002   
75 only                   1         0.0002   
90                        1         0.0002   
90 only                   1         0.0002   
100                       15        0.0025   
100 only                  15        0.0025   
120                       28        0.0046   
120 only                  28        0.0046   
128                       3         0.0005   
128 only                  2         0.0003   
150                       2         0.0003   
180                       83        0.0138   
180 only                  80        0.0133   
240                       12        0.002    
240 only                  12        0.002    
300                       306995    50.8783  
300 only                  304055    50.391   
302                       2         0.0003   
302 only                  2         0.0003   
360                       3         0.0005   
360 only                  2         0.0003   
400                       8         0.0013   
400 only                  8         0.0013   
420                       120       0.0199   
420 only                  103       0.0171   
480                       11        0.0018   
480 only                  11        0.0018   
500                       4         0.0007   
500 only                  4         0.0007   
540                       4         0.0007   
540 only                  4         0.0007   
600                       29961     4.9654   
600 only                  29817     4.9416   
630                       1         0.0002   
630 only                  1         0.0002   
700                       1         0.0002   
700 only                  1         0.0002   
720                       6         0.001    
720 only                  6         0.001    
840                       2         0.0003   
840 only                  2         0.0003   
900                       1560      0.2585   
900 only                  1541      0.2554   
960                       3         0.0005   
960 only                  3         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      3528      0.5847   
1200 only                 3525      0.5842   
1210                      2         0.0003   
1210 only                 2         0.0003   
1320                      1         0.0002   
1320 only                 1         0.0002   
1380                      1         0.0002   
1380 only                 1         0.0002   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      4         0.0007   
1500 only                 3         0.0005   
1800                      860       0.1425   
1800 only                 839       0.139    
1980                      2         0.0003   
1980 only                 2         0.0003   
2100                      1         0.0002   
2400                      8         0.0013   
2400 only                 8         0.0013   
2700                      12        0.002    
2700 only                 12        0.002    
3000                      41        0.0068   
3000 only                 41        0.0068   
3600                      1100      0.1823   
3600 only                 1090      0.1806   
3900                      2         0.0003   
3900 only                 2         0.0003   
4200                      2         0.0003   
4200 only                 1         0.0002   
4500                      1         0.0002   
4500 only                 1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      15        0.0025   
5400 only                 9         0.0015   
6000                      341       0.0565   
6000 only                 340       0.0563   
7200                      15389     2.5504   
7200 only                 15355     2.5448   
7500                      2         0.0003   
7500 only                 2         0.0003   
9000                      2         0.0003   
9000 only                 2         0.0003   
10800                     5322      0.882    
10800 only                5300      0.8784   
14400                     147       0.0244   
14400 only                144       0.0239   
18000                     9         0.0015   
18000 only                8         0.0013   
21600                     4353      0.7214   
21600 only                4353      0.7214   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2164      0.3586   
28800 only                2164      0.3586   
30000                     2         0.0003   
30000 only                1         0.0002   
36000                     1239      0.2053   
36000 only                1231      0.204    
43200                     67        0.0111   
43200 only                67        0.0111   
54000                     2         0.0003   
54000 only                2         0.0003   
60000                     3         0.0005   
60000 only                3         0.0005   
64800                     73037     12.1044  
64800 only                73018     12.1013  
72000                     12        0.002    
72000 only                12        0.002    
79200                     1         0.0002   
79200 only                1         0.0002   
86400                     3232      0.5356   
86400 only                3222      0.534    
100800                    9169      1.5196   
100800 only               9156      1.5174   
108000                    1         0.0002   
108000 only               1         0.0002   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    6         0.001    
129600 only               6         0.001    
172800                    49        0.0081   
172800 only               49        0.0081   
216000                    3         0.0005   
216000 only               3         0.0005   
259200                    3         0.0005   
259200 only               3         0.0005   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
864000                    2         0.0003   
864000 only               2         0.0003   
7776000                   2         0.0003   
7776000 only              2         0.0003   
None                      147458    24.4382  
None only                 144200    23.8983  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      10178     1.6868   
ecdsa-with-SHA256         70598     11.7002  
sha1WithRSAEncryption     17351     2.8756   
sha256WithRSAEncryption   533303    88.3843  
sha384WithRSAEncryption   7         0.0012   
sha512WithRSAEncryption   77        0.0128   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 72865     12.0759  
ECDSA 384                 41        0.0068   
ECDSA 521                 1         0.0002   
RSA 1024                  14        0.0023   
RSA 2048                  516458    85.5926  
RSA 2049                  4         0.0007   
RSA 2056                  1         0.0002   
RSA 2058                  3         0.0005   
RSA 2059                  1         0.0002   
RSA 2080                  6         0.001    
RSA 2084                  1         0.0002   
RSA 2086                  1         0.0002   
RSA 2096                  3         0.0005   
RSA 2408                  1         0.0002   
RSA 2432                  6         0.001    
RSA 2560                  1         0.0002   
RSA 2948                  1         0.0002   
RSA 3072                  158       0.0262   
RSA 3096                  2         0.0003   
RSA 3120                  1         0.0002   
RSA 3248                  3         0.0005   
RSA 4048                  3         0.0005   
RSA 4056                  21        0.0035   
RSA 4069                  1         0.0002   
RSA 4086                  3         0.0005   
RSA 4092                  2         0.0003   
RSA 4094                  1         0.0002   
RSA 4095                  1         0.0002   
RSA 4096                  33887     5.6161   
RSA 4196                  1         0.0002   
RSA 8192                  12        0.002    
RSA 8392                  1         0.0002   
RSA/ECDSA Dual Stack      20097     3.3307

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 139486    23.117   
Unsupported               463905    76.883   

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      15694     2.601
SSL2 Only                 9         0.0015
SSL3                      88647     14.6915
SSL3 Only                 325       0.0539
SSL3 or TLS1 Only         47120     7.8092
SSL3 or lower Only        335       0.0555
TLS1                      590402    97.8473
TLS1 Only                 28435     4.7125
TLS1 or lower Only        61759     10.2353
TLS1.1                    532582    88.2648
TLS1.1 Only               43        0.0071
TLS1.1 or up Only         12475     2.0675
TLS1.2                    539663    89.4384
TLS1.2 Only               3587      0.5945
TLS1.2, 1.0 but not 1.1   5029      0.8335

Client Hello intolerance                 Count     Percent
----------------------------------------+---------+-------
Huge Cipher List                         539862    89.4713
Huge Cipher List (trunc 16388)           143271    23.7443
SSL 3.254                                19882     3.295
TLS 1.0                                  66391     11.003
TLS 1.1                                  3190      0.5287
TLS 1.2                                  67        0.0111
TLS 1.3                                  7896      1.3086
TLS 1.4                                  14758     2.4458
Xmas tree                                43001     7.1266
x:missing information                    44        0.0073



Statistics from 544239 chains provided by 734331 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  493648    67.2242
incomplete                20056     2.7312
untrusted                 220627    30.0446

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1         0.0002
3                         540295    99.2753
4                         3930      0.7221
5                         13        0.0024

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 30197     
ECDSA 384                 30193     
RSA 1024                  9         
RSA 2045                  2         
RSA 2048                  845143    
RSA 4096                  186889    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 30197     5.5485
ECDSA 384                 30193     5.5477
RSA 1024                  7         0.0013
RSA 2045                  2         0.0004
RSA 2048                  513612    94.3725
RSA 4096                  186227    34.2179

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              30185     
sha1WithRSAEncryption          20474     
sha256WithRSAEncryption        330105    
sha384WithRSAEncryption        167373    
sha512WithRSAEncryption        57        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        20448     3.7572
112                       493575    90.6909
128                       30216     5.552

Most popular root CAs                         Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 149876    27.5386
(2c543cd1) GeoTrust Global CA                 82272     15.1169
(cbf06781) Go Daddy Root Certificate Authorit 46152     8.4801
(5ad8a5d6) GlobalSign Root CA                 42046     7.7256
(b204d74a) VeriSign Class 3 Public Primary Ce 30585     5.6198
(eed8c118) COMODO ECC Certification Authority 30178     5.545
(244b5494) DigiCert High Assurance EV Root CA 21202     3.8957
(2e4eed3c) thawte Primary Root CA             17390     3.1953
(fc5a8f99) USERTrust RSA Certification Author 17354     3.1887
(2e5ac55d) DST Root CA X3                     16492     3.0303
(653b494a) Baltimore CyberTrust Root          11315     2.079
(3513523f) DigiCert Global Root CA            10347     1.9012
(ae8153b9) StartCom Certification Authority   9044      1.6618
(4bfab552) Starfield Root Certificate Authori 9012      1.6559
(e2799e36) GeoTrust Primary Certification Aut 6148      1.1297
(480720ec) GeoTrust Primary Certification Aut 5775      1.0611
(02265526) Entrust Root Certification Authori 3969      0.7293
(ba89ed3b) thawte Primary Root CA - G3        3394      0.6236
(8096d0a9) Certification Authority of WoSign  2877      0.5286
(157753a5) AddTrust External CA Root          2782      0.5112

Most popular intermediate CA                  Count     Percent
---------------------------------------------+---------+-------
(8d28ae65) COMODO RSA Domain Validation Secur 100923    18.5439
(27eb7704) Go Daddy Secure Certificate Author 46152     8.4801
(53f3e569) RapidSSL SHA256 CA - G3            40339     7.412
(6cfa716c) COMODO ECC Domain Validation Secur 30126     5.5354
(7d9c641e) Symantec Class 3 Secure Server CA  21662     3.9802
(1400f578) cPanel, Inc. Certification Authori 19580     3.5977
(38ae8eda) DigiCert SHA2 High Assurance Serve 17140     3.1494
(4f06f81d) Let's Encrypt Authority X3         16492     3.0303
(16744f0c) AlphaSSL CA - SHA256 - G2          16239     2.9838
(493a2f06) COMODO RSA Domain Validation Secur 13442     2.4699
(10310d4b) GeoTrust SSL CA - G3               13423     2.4664
(80ecc636) RapidSSL SHA256 CA                 12795     2.351
(d7d634d4) GlobalSign Domain Validation CA -  11432     2.1005
(b85455c4) GlobalSign Organization Validation 11363     2.0879
(c43a77d9) COMODO RSA Organization Validation 11217     2.061
(85cf5865) DigiCert SHA2 Secure Server CA     10208     1.8756
(9ad474ec) thawte SSL CA - G2                 9146      1.6805
(cd7781e5) Starfield Secure Certificate Autho 9012      1.6559
(d84ef247) GeoTrust DV SSL CA - G4            7163      1.3161
(a0f7ac3e) Symantec Class 3 EV SSL CA - G3    7144      1.3127
(3d97f5e2) Verizon Akamai SureServer CA G14-S 7025      1.2908
(fd917e82) SecureCore RSA DV CA               6995      1.2853
(b71a5f76) GeoTrust EV SSL CA - G4            5724      1.0517
(661c52cc) thawte DV SSL CA - G2              5368      0.9863
(e22cd3f0) COMODO RSA Extended Validation Sec 4365      0.802
(7f8496de) StartCom Class 1 DV Server CA      3678      0.6758
(45bfefc3) DigiCert SHA2 Extended Validation  3527      0.6481
(2835d715) Entrust Certification Authority -  3328      0.6115
(f131b364) RapidSSL CA                        3180      0.5843
(98d7cad7) GeoTrust DV SSL CA - G3            3154      0.5795



Scan performed between 20th of July and 17th of August 2016
Advertisements

June 2016 scan results

Sorry, no analysis this month.

SSL/TLS survey of 593851 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      525961    88.5678
3DES Only                 605       0.1019
3DES Preferred            1797      0.3026
3DES forced in TLS1.1+    978       0.1647
AES                       589255    99.2261
AES Only                  43606     7.3429
AES-CBC                   588687    99.1304
AES-CBC Only              5565      0.9371
AES-GCM                   490658    82.6231
AES-GCM Only              520       0.0876
CAMELLIA                  261701    44.0685
CAMELLIA Only             2         0.0003
CHACHA20                  81256     13.6829
Insecure                  56141     9.4537
RC4                       166167    27.9813
RC4 Only                  158       0.0266
RC4 Preferred             13843     2.3311
RC4 forced in TLS1.1+     7176      1.2084
x:FF 29 3DES Only         654       0.1101
x:FF 29 3DES Preferred    2164      0.3644
x:FF 29 RC4 Only          233       0.0392
x:FF 29 RC4 Preferred     16139     2.7177
x:FF 29 incompatible      518       0.0872
x:FF 35 3DES Only         662       0.1115
x:FF 35 3DES Preferred    2094      0.3526
x:FF 35 RC4 Only          273       0.046
x:FF 35 RC4 Preferred     16162     2.7216
x:FF 35 incompatible      522       0.0879
x:FF 44 3DES Only         4368      0.7355
x:FF 44 3DES Preferred    8162      1.3744
x:FF 44 incompatible      795       0.1339
y:DHE-RSA-SEED-SHA        79533     13.3928
y:IDEA-CBC-SHA            76113     12.8169
y:SEED-SHA                90128     15.1769
z:ADH-AES128-GCM-SHA256   430       0.0724
z:ADH-AES128-SHA          771       0.1298
z:ADH-AES128-SHA256       268       0.0451
z:ADH-AES256-GCM-SHA384   444       0.0748
z:ADH-AES256-SHA          809       0.1362
z:ADH-AES256-SHA256       269       0.0453
z:ADH-CAMELLIA128-SHA     401       0.0675
z:ADH-CAMELLIA128-SHA256  1         0.0002
z:ADH-CAMELLIA256-SHA     424       0.0714
z:ADH-CAMELLIA256-SHA256  1         0.0002
z:ADH-DES-CBC-SHA         326       0.0549
z:ADH-DES-CBC3-SHA        781       0.1315
z:ADH-RC4-MD5             571       0.0962
z:ADH-SEED-SHA            322       0.0542
z:AECDH-AES128-SHA        10202     1.7179
z:AECDH-AES256-SHA        10261     1.7279
z:AECDH-DES-CBC3-SHA      10168     1.7122
z:AECDH-NULL-SHA          94        0.0158
z:AECDH-RC4-SHA           9605      1.6174
z:DES-CBC-MD5             6658      1.1212
z:DES-CBC-SHA             35044     5.9011
z:DES-CBC3-MD5            17074     2.8751
z:ECDHE-RSA-NULL-SHA      100       0.0168
z:EDH-RSA-DES-CBC-SHA     29995     5.0509
z:EXP-ADH-DES-CBC-SHA     181       0.0305
z:EXP-ADH-RC4-MD5         180       0.0303
z:EXP-DES-CBC-SHA         10901     1.8356
z:EXP-EDH-RSA-DES-CBC-SHA 8667      1.4595
z:EXP-RC2-CBC-MD5         13108     2.2073
z:EXP-RC4-MD5             13716     2.3097
z:EXP1024-DES-CBC-SHA     3463      0.5831
z:EXP1024-RC4-SHA         3524      0.5934
z:IDEA-CBC-MD5            1453      0.2447
z:NULL-MD5                233       0.0392
z:NULL-SHA                238       0.0401
z:NULL-SHA256             36        0.0061
z:RC2-CBC-MD5             6966      1.173
z:RC4-64-MD5              757       0.1275

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               152565    25.6908
Server side               441286    74.3092

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       979       0.1649
AECDH                     10271     1.7296
DHE                       320930    54.0422
ECDH                      2         0.0003
ECDHE                     517887    87.2082
ECDHE and DHE             274945    46.2987
RSA                       509769    85.8412

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               119481    20.1197  37.2296
DH,1028bits               1         0.0002   0.0003
DH,2048bits               188192    31.6901  58.6396
DH,2236bits               78        0.0131   0.0243
DH,2430bits               1         0.0002   0.0003
DH,2432bits               3         0.0005   0.0009
DH,2560bits               1         0.0002   0.0003
DH,3072bits               132       0.0222   0.0411
DH,3092bits               2         0.0003   0.0006
DH,3196bits               1         0.0002   0.0003
DH,4046bits               1         0.0002   0.0003
DH,4094bits               1         0.0002   0.0003
DH,4096bits               12637     2.128    3.9376
DH,512bits                108       0.0182   0.0337
DH,6144bits               1         0.0002   0.0003
DH,768bits                385       0.0648   0.12
DH,8192bits               8         0.0013   0.0025
ECDH,B-571,570bits        3072      0.5173   0.5932
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,P-192,192bits        60        0.0101   0.0116
ECDH,P-224,224bits        94        0.0158   0.0182
ECDH,P-256,256bits        490672    82.6254  94.745
ECDH,P-384,384bits        9474      1.5953   1.8294
ECDH,P-521,521bits        16461     2.7719   3.1785
ECDH,brainpoolP512r1,512bits 1         0.0002   0.0002
ECDH,secp256k1,256bits    1         0.0002   0.0002
Prefer DH,1024bits        45380     7.6416   14.1402
Prefer DH,2048bits        5635      0.9489   1.7558
Prefer DH,3072bits        8         0.0013   0.0025
Prefer DH,3092bits        2         0.0003   0.0006
Prefer DH,4096bits        398       0.067    0.124
Prefer DH,768bits         44        0.0074   0.0137
Prefer ECDH,B-571,570bits 2840      0.4782   0.5484
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,P-192,192bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 92        0.0155   0.0178
Prefer ECDH,P-256,256bits 453139    76.3052  87.4977
Prefer ECDH,P-384,384bits 7350      1.2377   1.4192
Prefer ECDH,P-521,521bits 15215     2.5621   2.9379
Prefer ECDH,brainpoolP512r1,512bits 1         0.0002   0.0002
Prefer ECDH,secp256k1,256bits 1         0.0002   0.0002
Prefer PFS                530107    89.266   0
Support PFS               563872    94.9518  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           17814     2.9997   
brainpoolP384r1           17827     3.0019   
brainpoolP512r1           17836     3.0034   
prime192v1                1799      0.3029   
prime256v1                513258    86.4288  
prime256v1 Only           427959    72.065   
secp160k1                 1678      0.2826   
secp160r1                 1688      0.2842   
secp160r2                 1678      0.2826   
secp192k1                 1693      0.2851   
secp224k1                 1780      0.2997   
secp224r1                 5748      0.9679   
secp256k1                 20085     3.3822   
secp384r1                 88954     14.9792  
secp384r1 Only            3672      0.6183   
secp521r1                 50953     8.5801   
secp521r1 Only            140       0.0236   
sect163k1                 1684      0.2836   
sect163k1 Only            2         0.0003   
sect163r1                 1682      0.2832   
sect163r2                 1681      0.2831   
sect193r1                 1681      0.2831   
sect193r2                 1681      0.2831   
sect233k1                 1770      0.2981   
sect233r1                 1768      0.2977   
sect239k1                 1768      0.2977   
sect283k1                 19394     3.2658   
sect283r1                 19392     3.2655   
sect409k1                 19395     3.266    
sect409r1                 19391     3.2653   
sect571k1                 19395     3.266    
sect571r1                 19395     3.266    

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          56371     9.4924   
True                           391090    65.8566  
order-specific                 45        0.0076   
unknown                        146345    24.6434  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    13249     2.231    
inconclusive-noecc        8         0.0013   
server                    503853    84.845   
unknown                   76741     12.9226  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     53286     8.973    
ECDSA-SHA1 Only                8         0.0013   
ECDSA-SHA224                   53248     8.9666   
ECDSA-SHA256                   71063     11.9665  
ECDSA-SHA384                   71064     11.9666  
ECDSA-SHA512                   71074     11.9683  
ECDSA-SHA512 Only              16        0.0027   
RSA-MD5                        27142     4.5705   
RSA-SHA1                       447072    75.2835  
RSA-SHA1 Only                  34046     5.7331   
RSA-SHA224                     371135    62.4963  
RSA-SHA256                     422358    71.1219  
RSA-SHA256 Only                8044      1.3545   
RSA-SHA384                     383992    64.6613  
RSA-SHA384 Only                4         0.0007   
RSA-SHA512                     384022    64.6664  
RSA-SHA512 Only                209       0.0352   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         280809    47.2861  
indeterminate                  54        0.0091   
intolerant                     6465      1.0887   
order-fallback                 8         0.0013   
server                         220388    37.1117  
unsupported                    15018     2.5289   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     53230     8.9635   
ECDSA intolerant               189       0.0318   
ECDSA pfs-rsa-SHA512           17719     2.9837   
ECDSA soft-nopfs               7         0.0012   
RSA False                      26845     4.5205   
RSA SHA1                       386610    65.1022  
RSA intolerant                 43313     7.2936   
RSA pfs-ecdsa-SHA512           27        0.0045   
RSA soft-nopfs                 474       0.0798   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     4962      0.8356   
insecure                  16550     2.7869   
secure                    572339    96.3775  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      7077      1.1917   
False                     4962      0.8356   
NONE                      581812    97.9727  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0003   
1 only                    2         0.0003   
2                         1         0.0002   
2 only                    1         0.0002   
5                         5         0.0008   
5 only                    5         0.0008   
10                        8         0.0013   
10 only                   8         0.0013   
15                        8         0.0013   
15 only                   8         0.0013   
30                        25        0.0042   
30 only                   25        0.0042   
60                        166       0.028    
60 only                   161       0.0271   
65                        2         0.0003   
65 only                   2         0.0003   
70                        8         0.0013   
70 only                   8         0.0013   
75                        1         0.0002   
75 only                   1         0.0002   
90                        1         0.0002   
90 only                   1         0.0002   
100                       16        0.0027   
100 only                  16        0.0027   
120                       27        0.0045   
120 only                  27        0.0045   
128                       6         0.001    
128 only                  6         0.001    
150                       2         0.0003   
180                       78        0.0131   
180 only                  74        0.0125   
240                       14        0.0024   
240 only                  14        0.0024   
244                       2         0.0003   
244 only                  2         0.0003   
300                       298609    50.2835  
300 only                  295255    49.7187  
302                       2         0.0003   
302 only                  2         0.0003   
360                       3         0.0005   
360 only                  2         0.0003   
400                       6         0.001    
400 only                  6         0.001    
420                       129       0.0217   
420 only                  111       0.0187   
450                       1         0.0002   
450 only                  1         0.0002   
480                       11        0.0019   
480 only                  11        0.0019   
500                       3         0.0005   
500 only                  3         0.0005   
540                       4         0.0007   
540 only                  4         0.0007   
600                       28678     4.8292   
600 only                  28547     4.8071   
660                       1         0.0002   
660 only                  1         0.0002   
700                       1         0.0002   
700 only                  1         0.0002   
720                       3         0.0005   
720 only                  3         0.0005   
840                       2         0.0003   
840 only                  2         0.0003   
900                       1532      0.258    
900 only                  1515      0.2551   
960                       3         0.0005   
960 only                  3         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      3512      0.5914   
1200 only                 3508      0.5907   
1210                      2         0.0003   
1210 only                 2         0.0003   
1320                      1         0.0002   
1320 only                 1         0.0002   
1380                      1         0.0002   
1380 only                 1         0.0002   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      6         0.001    
1500 only                 5         0.0008   
1800                      751       0.1265   
1800 only                 734       0.1236   
1980                      2         0.0003   
1980 only                 2         0.0003   
2100                      2         0.0003   
2100 only                 1         0.0002   
2400                      10        0.0017   
2400 only                 10        0.0017   
2700                      11        0.0019   
2700 only                 11        0.0019   
3000                      42        0.0071   
3000 only                 42        0.0071   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      1079      0.1817   
3600 only                 1070      0.1802   
3900                      1         0.0002   
3900 only                 1         0.0002   
4200                      1         0.0002   
4500                      1         0.0002   
4500 only                 1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      19        0.0032   
5400 only                 6         0.001    
6000                      352       0.0593   
6000 only                 352       0.0593   
7200                      15154     2.5518   
7200 only                 15130     2.5478   
9000                      2         0.0003   
9000 only                 2         0.0003   
10800                     5334      0.8982   
10800 only                5324      0.8965   
14400                     116       0.0195   
14400 only                116       0.0195   
18000                     9         0.0015   
18000 only                9         0.0015   
21600                     4287      0.7219   
21600 only                4286      0.7217   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2555      0.4302   
28800 only                2555      0.4302   
30000                     3         0.0005   
30000 only                1         0.0002   
36000                     1220      0.2054   
36000 only                1209      0.2036   
43200                     65        0.0109   
43200 only                65        0.0109   
54000                     1         0.0002   
54000 only                1         0.0002   
54647                     1         0.0002   
54660                     1         0.0002   
54674                     1         0.0002   
54690                     1         0.0002   
54703                     1         0.0002   
54722                     1         0.0002   
54737                     1         0.0002   
54751                     1         0.0002   
60000                     2         0.0003   
60000 only                2         0.0003   
64800                     70759     11.9153  
64800 only                70736     11.9114  
72000                     12        0.002    
72000 only                12        0.002    
79200                     1         0.0002   
79200 only                1         0.0002   
86400                     2990      0.5035   
86400 only                2984      0.5025   
100800                    9026      1.5199   
100800 only               9015      1.5181   
108000                    1         0.0002   
108000 only               1         0.0002   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    6         0.001    
129600 only               6         0.001    
172800                    47        0.0079   
172800 only               47        0.0079   
216000                    4         0.0007   
216000 only               3         0.0005   
259200                    2         0.0003   
259200 only               2         0.0003   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    2         0.0003   
864000 only               2         0.0003   
7776000                   1         0.0002   
7776000 only              1         0.0002   
None                      150742    25.3838  
None only                 147105    24.7714  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      10920     1.8388   
ecdsa-with-SHA256         68463     11.5286  
sha1WithRSAEncryption     21372     3.5989   
sha256WithRSAEncryption   521742    87.8574  
sha384WithRSAEncryption   8         0.0013   
sha512WithRSAEncryption   69        0.0116   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 71108     11.974   
ECDSA 384                 38        0.0064   
ECDSA 521                 1         0.0002   
RSA 1024                  15        0.0025   
RSA 2048                  511834    86.189   
RSA 2049                  3         0.0005   
RSA 2056                  1         0.0002   
RSA 2058                  3         0.0005   
RSA 2059                  1         0.0002   
RSA 2080                  6         0.001    
RSA 2084                  2         0.0003   
RSA 2086                  1         0.0002   
RSA 2096                  3         0.0005   
RSA 2408                  1         0.0002   
RSA 2432                  3         0.0005   
RSA 2560                  1         0.0002   
RSA 2948                  1         0.0002   
RSA 3072                  163       0.0274   
RSA 3073                  1         0.0002   
RSA 3096                  2         0.0003   
RSA 3248                  3         0.0005   
RSA 4048                  4         0.0007   
RSA 4056                  18        0.003    
RSA 4069                  1         0.0002   
RSA 4086                  4         0.0007   
RSA 4092                  2         0.0003   
RSA 4094                  1         0.0002   
RSA 4095                  1         0.0002   
RSA 4096                  30991     5.2186   
RSA 4196                  1         0.0002   
RSA 8192                  10        0.0017   
RSA 8392                  1         0.0002   
RSA/ECDSA Dual Stack      20358     3.4281

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 126688    21.3333  
Unsupported               467163    78.6667  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      17236     2.9024
SSL2 Only                 12        0.002
SSL3                      99629     16.7768
SSL3 Only                 497       0.0837
SSL3 or TLS1 Only         52946     8.9157
SSL3 or lower Only        505       0.085
TLS1                      582034    98.0101
TLS1 Only                 32797     5.5228
TLS1 or lower Only        68913     11.6044
TLS1.1                    515189    86.7539
TLS1.1 Only               42        0.0071
TLS1.1 or up Only         11134     1.8749
TLS1.2                    522729    88.0236
TLS1.2 Only               3290      0.554
TLS1.2, 1.0 but not 1.1   5865      0.9876





Statistics from 628845 chains provided by 728648 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  570337    78.2733
incomplete                21286     2.9213
untrusted                 137025    18.8054

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1         0.0002
3                         625155    99.4132
4                         3676      0.5846
5                         13        0.0021

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 68458     
ECDSA 384                 68457     
RSA 1024                  8         
RSA 2045                  2         
RSA 2048                  927971    
RSA 4096                  196495    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 68458     10.8863
ECDSA 384                 68456     10.886
RSA 1024                  6         0.001
RSA 2045                  2         0.0003
RSA 2048                  559959    89.0456
RSA 4096                  195838    31.1425

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              68447     
sha1WithRSAEncryption          24541     
sha256WithRSAEncryption        363378    
sha384WithRSAEncryption        176120    
sha512WithRSAEncryption        60        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        24524     3.8998
112                       535845    85.211
128                       68476     10.8892

Most popular root CAs                         Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 158376    25.1852
(2c543cd1) GeoTrust Global CA                 95542     15.1933
(eed8c118) COMODO ECC Certification Authority 68438     10.8831
(cbf06781) Go Daddy Root Certificate Authorit 49514     7.8738
(5ad8a5d6) GlobalSign Root CA                 48382     7.6938
(b204d74a) VeriSign Class 3 Public Primary Ce 32086     5.1024
(2e5ac55d) DST Root CA X3                     26043     4.1414
(244b5494) DigiCert High Assurance EV Root CA 20408     3.2453
(2e4eed3c) thawte Primary Root CA             19033     3.0267
(fc5a8f99) USERTrust RSA Certification Author 17598     2.7985
(653b494a) Baltimore CyberTrust Root          11671     1.8559
(3513523f) DigiCert Global Root CA            10585     1.6832
(ae8153b9) StartCom Certification Authority   9453      1.5032
(4bfab552) Starfield Root Certificate Authori 8502      1.352


Scan performed between 19th of June and 6th of July 2016

May 2016 scan results

No detailed analysis, sorry.

SSL/TLS survey of 588324 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      521557    88.6513
3DES Only                 618       0.105
3DES Preferred            1789      0.3041
3DES forced in TLS1.1+    964       0.1639
AES                       583623    99.201
AES Only                  42928     7.2967
AES-CBC                   583065    99.1061
AES-CBC Only              6504      1.1055
AES-GCM                   482505    82.0135
AES-GCM Only              514       0.0874
CAMELLIA                  258710    43.9741
CAMELLIA Only             3         0.0005
CHACHA20                  80738     13.7234
CHACHA20 Only             4         0.0007
Insecure                  56788     9.6525
RC4                       168525    28.6449
RC4 Only                  166       0.0282
RC4 Preferred             14971     2.5447
RC4 forced in TLS1.1+     8083      1.3739
x:FF 29 3DES Only         661       0.1124
x:FF 29 3DES Preferred    2145      0.3646
x:FF 29 RC4 Only          245       0.0416
x:FF 29 RC4 Preferred     16797     2.8551
x:FF 29 incompatible      506       0.086
x:FF 35 3DES Only         669       0.1137
x:FF 35 3DES Preferred    2073      0.3524
x:FF 35 RC4 Only          285       0.0484
x:FF 35 RC4 Preferred     16818     2.8586
x:FF 35 incompatible      510       0.0867
x:FF 44 3DES Only         4449      0.7562
x:FF 44 3DES Preferred    8286      1.4084
x:FF 44 incompatible      795       0.1351
y:DHE-RSA-SEED-SHA        79291     13.4774
y:IDEA-CBC-SHA            75311     12.8009
y:SEED-SHA                89316     15.1814
z:ADH-AES128-GCM-SHA256   414       0.0704
z:ADH-AES128-SHA          763       0.1297
z:ADH-AES128-SHA256       275       0.0467
z:ADH-AES256-GCM-SHA384   425       0.0722
z:ADH-AES256-SHA          792       0.1346
z:ADH-AES256-SHA256       275       0.0467
z:ADH-CAMELLIA128-SHA     406       0.069
z:ADH-CAMELLIA128-SHA256  1         0.0002
z:ADH-CAMELLIA256-SHA     423       0.0719
z:ADH-CAMELLIA256-SHA256  1         0.0002
z:ADH-DES-CBC-SHA         338       0.0575
z:ADH-DES-CBC3-SHA        773       0.1314
z:ADH-RC4-MD5             578       0.0982
z:ADH-SEED-SHA            332       0.0564
z:AECDH-AES128-SHA        10505     1.7856
z:AECDH-AES256-SHA        10564     1.7956
z:AECDH-DES-CBC3-SHA      10475     1.7805
z:AECDH-NULL-SHA          91        0.0155
z:AECDH-RC4-SHA           9925      1.687
z:DES-CBC-MD5             6864      1.1667
z:DES-CBC-SHA             35454     6.0263
z:DES-CBC3-MD5            17200     2.9236
z:ECDHE-RSA-NULL-SHA      98        0.0167
z:EDH-RSA-DES-CBC-SHA     30414     5.1696
z:EXP-ADH-DES-CBC-SHA     188       0.032
z:EXP-ADH-RC4-MD5         186       0.0316
z:EXP-DES-CBC-SHA         11293     1.9195
z:EXP-EDH-RSA-DES-CBC-SHA 8983      1.5269
z:EXP-RC2-CBC-MD5         13517     2.2975
z:EXP-RC4-MD5             14150     2.4051
z:EXP1024-DES-CBC-SHA     3580      0.6085
z:EXP1024-RC4-SHA         3641      0.6189
z:IDEA-CBC-MD5            1486      0.2526
z:NULL-MD5                239       0.0406
z:NULL-SHA                242       0.0411
z:NULL-SHA256             33        0.0056
z:RC2-CBC-MD5             7118      1.2099
z:RC4-64-MD5              762       0.1295

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               151229    25.7051
Server side               437095    74.2949

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       941       0.1599
AECDH                     10576     1.7976
DHE                       319231    54.2611
ECDH                      2         0.0003
ECDHE                     509684    86.6332
ECDHE and DHE             272378    46.2973
RSA                       505946    85.9979

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               122627    20.8434  38.4132
DH,2048bits               183782    31.2382  57.5702
DH,2236bits               92        0.0156   0.0288
DH,2430bits               1         0.0002   0.0003
DH,2432bits               3         0.0005   0.0009
DH,2560bits               1         0.0002   0.0003
DH,3072bits               122       0.0207   0.0382
DH,3092bits               2         0.0003   0.0006
DH,3196bits               1         0.0002   0.0003
DH,4094bits               1         0.0002   0.0003
DH,4096bits               12216     2.0764   3.8267
DH,512bits                91        0.0155   0.0285
DH,6144bits               1         0.0002   0.0003
DH,768bits                384       0.0653   0.1203
DH,8192bits               9         0.0015   0.0028
ECDH,B-571,570bits        2788      0.4739   0.547
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,P-192,192bits        39        0.0066   0.0077
ECDH,P-224,224bits        92        0.0156   0.0181
ECDH,P-256,256bits        484945    82.4282  95.1462
ECDH,P-384,384bits        8059      1.3698   1.5812
ECDH,P-521,521bits        15676     2.6645   3.0756
ECDH,brainpoolP512r1,512bits 1         0.0002   0.0002
Prefer DH,1024bits        46364     7.8807   14.5237
Prefer DH,2048bits        5558      0.9447   1.7411
Prefer DH,3072bits        11        0.0019   0.0034
Prefer DH,4096bits        389       0.0661   0.1219
Prefer DH,768bits         45        0.0076   0.0141
Prefer ECDH,B-571,570bits 2562      0.4355   0.5027
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,P-192,192bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 89        0.0151   0.0175
Prefer ECDH,P-256,256bits 446551    75.9022  87.6133
Prefer ECDH,P-384,384bits 6159      1.0469   1.2084
Prefer ECDH,P-521,521bits 14444     2.4551   2.8339
Prefer ECDH,brainpoolP512r1,512bits 1         0.0002   0.0002
Prefer PFS                522175    88.7564  0
Support PFS               556537    94.597   0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           15666     2.6628   
brainpoolP384r1           15673     2.664    
brainpoolP512r1           15677     2.6647   
prime192v1                1721      0.2925   
prime256v1                505771    85.9681  
prime256v1 Only           424806    72.2061  
secp160k1                 1634      0.2777   
secp160r1                 1641      0.2789   
secp160r2                 1633      0.2776   
secp192k1                 1647      0.2799   
secp224k1                 1732      0.2944   
secp224r1                 5585      0.9493   
secp256k1                 17871     3.0376   
secp384r1                 83624     14.2139  
secp384r1 Only            2663      0.4526   
secp521r1                 47374     8.0524   
secp521r1 Only            142       0.0241   
sect163k1                 1637      0.2782   
sect163r1                 1636      0.2781   
sect163r2                 1637      0.2782   
sect193r1                 1636      0.2781   
sect193r2                 1636      0.2781   
sect233k1                 1728      0.2937   
sect233r1                 1725      0.2932   
sect239k1                 1721      0.2925   
sect283k1                 17205     2.9244   
sect283r1                 17203     2.9241   
sect409k1                 17203     2.9241   
sect409r1                 17200     2.9236   
sect571k1                 17204     2.9242   
sect571r1                 17205     2.9244   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          56188     9.5505   
True                           384116    65.2899  
order-specific                 30        0.0051   
unknown                        147990    25.1545  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    12072     2.0519   
inconclusive-noecc        8         0.0014   
server                    496534    84.3981  
unknown                   79710     13.5487  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     53235     9.0486   
ECDSA-SHA1 Only                7         0.0012   
ECDSA-SHA224                   53208     9.044    
ECDSA-SHA256                   70734     12.023   
ECDSA-SHA384                   70725     12.0214  
ECDSA-SHA512                   70735     12.0231  
ECDSA-SHA512 Only              16        0.0027   
RSA-MD5                        32419     5.5104   
RSA-SHA1                       439804    74.7554  
RSA-SHA1 Only                  34182     5.8101   
RSA-SHA224                     364514    61.958   
RSA-SHA256                     414576    70.4673  
RSA-SHA256 Only                7888      1.3408   
RSA-SHA384                     377143    64.1046  
RSA-SHA384 Only                4         0.0007   
RSA-SHA512                     377071    64.0924  
RSA-SHA512 Only                85        0.0144   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         276407    46.9821  
indeterminate                  52        0.0088   
intolerant                     6076      1.0328   
order-fallback                 9         0.0015   
server                         217108    36.9028  
unsupported                    15976     2.7155   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     53190     9.0409   
ECDSA intolerant               134       0.0228   
ECDSA pfs-rsa-SHA512           17450     2.9661   
ECDSA soft-nopfs               9         0.0015   
RSA False                      32115     5.4587   
RSA SHA1                       374923    63.7273  
RSA intolerant                 41684     7.0852   
RSA pfs-ecdsa-SHA512           26        0.0044   
RSA soft-nopfs                 481       0.0818   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     5021      0.8534   
insecure                  16740     2.8454   
secure                    566563    96.3012  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      7345      1.2485   
False                     5021      0.8534   
NONE                      575958    97.8981  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0003   
1 only                    2         0.0003   
2                         1         0.0002   
2 only                    1         0.0002   
5                         9         0.0015   
5 only                    9         0.0015   
10                        8         0.0014   
10 only                   8         0.0014   
15                        7         0.0012   
15 only                   7         0.0012   
30                        24        0.0041   
30 only                   24        0.0041   
60                        159       0.027    
60 only                   151       0.0257   
65                        2         0.0003   
65 only                   2         0.0003   
70                        8         0.0014   
70 only                   7         0.0012   
75                        1         0.0002   
75 only                   1         0.0002   
90                        1         0.0002   
90 only                   1         0.0002   
100                       15        0.0025   
100 only                  15        0.0025   
120                       24        0.0041   
120 only                  24        0.0041   
128                       6         0.001    
128 only                  5         0.0008   
150                       2         0.0003   
180                       72        0.0122   
180 only                  70        0.0119   
240                       13        0.0022   
240 only                  13        0.0022   
244                       2         0.0003   
244 only                  2         0.0003   
300                       294538    50.0639  
300 only                  291166    49.4908  
302                       2         0.0003   
302 only                  2         0.0003   
360                       3         0.0005   
360 only                  2         0.0003   
400                       4         0.0007   
400 only                  4         0.0007   
420                       133       0.0226   
420 only                  113       0.0192   
480                       11        0.0019   
480 only                  10        0.0017   
500                       3         0.0005   
500 only                  3         0.0005   
540                       4         0.0007   
540 only                  4         0.0007   
600                       28048     4.7674   
600 only                  27923     4.7462   
700                       3         0.0005   
700 only                  3         0.0005   
840                       2         0.0003   
840 only                  2         0.0003   
900                       1508      0.2563   
900 only                  1487      0.2528   
960                       4         0.0007   
960 only                  4         0.0007   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      3403      0.5784   
1200 only                 3400      0.5779   
1210                      2         0.0003   
1210 only                 2         0.0003   
1320                      1         0.0002   
1320 only                 1         0.0002   
1380                      1         0.0002   
1380 only                 1         0.0002   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      7         0.0012   
1500 only                 6         0.001    
1800                      698       0.1186   
1800 only                 680       0.1156   
1980                      2         0.0003   
1980 only                 2         0.0003   
2100                      2         0.0003   
2100 only                 1         0.0002   
2160                      1         0.0002   
2160 only                 1         0.0002   
2400                      9         0.0015   
2400 only                 9         0.0015   
2700                      10        0.0017   
2700 only                 10        0.0017   
3000                      38        0.0065   
3000 only                 38        0.0065   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      1035      0.1759   
3600 only                 1024      0.1741   
3900                      2         0.0003   
3900 only                 2         0.0003   
4200                      1         0.0002   
4500                      1         0.0002   
4500 only                 1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      22        0.0037   
5400 only                 6         0.001    
6000                      345       0.0586   
6000 only                 345       0.0586   
7200                      15012     2.5517   
7200 only                 14995     2.5488   
8100                      1         0.0002   
8100 only                 1         0.0002   
9000                      2         0.0003   
9000 only                 2         0.0003   
10800                     5061      0.8602   
10800 only                5045      0.8575   
14400                     106       0.018    
14400 only                106       0.018    
18000                     11        0.0019   
18000 only                11        0.0019   
21600                     4326      0.7353   
21600 only                4324      0.735    
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2688      0.4569   
28800 only                2688      0.4569   
30000                     3         0.0005   
30000 only                1         0.0002   
36000                     1246      0.2118   
36000 only                1240      0.2108   
43200                     61        0.0104   
43200 only                61        0.0104   
54000                     1         0.0002   
54000 only                1         0.0002   
60000                     2         0.0003   
60000 only                2         0.0003   
64800                     70216     11.9349  
64800 only                70188     11.9302  
72000                     12        0.002    
72000 only                12        0.002    
79200                     1         0.0002   
79200 only                1         0.0002   
86400                     2835      0.4819   
86400 only                2826      0.4803   
100800                    9392      1.5964   
100800 only               9375      1.5935   
108000                    1         0.0002   
108000 only               1         0.0002   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    7         0.0012   
129600 only               7         0.0012   
172800                    55        0.0093   
172800 only               55        0.0093   
216000                    4         0.0007   
216000 only               4         0.0007   
259200                    3         0.0005   
259200 only               3         0.0005   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
864000                    3         0.0005   
864000 only               3         0.0005   
7776000                   1         0.0002   
7776000 only              1         0.0002   
None                      150759    25.6252  
None only                 147078    24.9995  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      11191     1.9022   
ecdsa-with-SHA256         67977     11.5543  
sha1WithRSAEncryption     23775     4.0411   
sha256WithRSAEncryption   514022    87.3706  
sha384WithRSAEncryption   8         0.0014   
sha512WithRSAEncryption   67        0.0114   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 70749     12.0255  
ECDSA 384                 34        0.0058   
ECDSA 521                 1         0.0002   
RSA 1024                  17        0.0029   
RSA 2048                  507589    86.2771  
RSA 2049                  2         0.0003   
RSA 2056                  1         0.0002   
RSA 2058                  3         0.0005   
RSA 2059                  1         0.0002   
RSA 2084                  1         0.0002   
RSA 2086                  1         0.0002   
RSA 2096                  3         0.0005   
RSA 2408                  1         0.0002   
RSA 2432                  2         0.0003   
RSA 2560                  1         0.0002   
RSA 2948                  1         0.0002   
RSA 3072                  156       0.0265   
RSA 3073                  1         0.0002   
RSA 3096                  2         0.0003   
RSA 3248                  2         0.0003   
RSA 4048                  4         0.0007   
RSA 4056                  16        0.0027   
RSA 4069                  1         0.0002   
RSA 4086                  3         0.0005   
RSA 4092                  2         0.0003   
RSA 4094                  1         0.0002   
RSA 4095                  1         0.0002   
RSA 4096                  29945     5.0899   
RSA 4196                  1         0.0002   
RSA 8192                  11        0.0019   
RSA 8392                  1         0.0002   
RSA/ECDSA Dual Stack      20215     3.436

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 127611    21.6906  
Unsupported               460713    78.3094  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      17372     2.9528
SSL2 Only                 13        0.0022
SSL3                      102349    17.3967
SSL3 Only                 1020      0.1734
SSL3 or TLS1 Only         54445     9.2543
SSL3 or lower Only        1028      0.1747
TLS1                      576797    98.0407
TLS1 Only                 33030     5.6143
TLS1 or lower Only        70001     11.8984
TLS1.1                    507108    86.1954
TLS1.1 Only               42        0.0071
TLS1.1 or up Only         10330     1.7558
TLS1.2                    515617    87.6417
TLS1.2 Only               3098      0.5266
TLS1.2, 1.0 but not 1.1   7000      1.1898



Statistics from 622291 chains provided by 724741 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  563959    77.8152
incomplete                21088     2.9097
untrusted                 139694    19.275

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2         0.0003
3                         618971    99.4665
4                         3305      0.5311
5                         13        0.0021

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 67969     
ECDSA 384                 67967     
RSA 1024                  10        
RSA 2045                  2         
RSA 2048                  918447    
RSA 4096                  193516    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 67969     10.9224
ECDSA 384                 67967     10.9221
RSA 1024                  8         0.0013
RSA 2045                  2         0.0003
RSA 2048                  553908    89.0111
RSA 4096                  192863    30.9924

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              67958     
sha1WithRSAEncryption          27126     
sha256WithRSAEncryption        356410    
sha384WithRSAEncryption        174062    
sha512WithRSAEncryption        64        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        27123     4.3586
112                       527185    84.7168
128                       67983     10.9246

Most common root CAs                          Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 156327    25.1212
(2c543cd1) GeoTrust Global CA                 97389     15.6501
(eed8c118) COMODO ECC Certification Authority 67950     10.9193
(5ad8a5d6) GlobalSign Root CA                 54936     8.828
(cbf06781) Go Daddy Root Certificate Authorit 48751     7.8341
(b204d74a) VeriSign Class 3 Public Primary Ce 32016     5.1449
(244b5494) DigiCert High Assurance EV Root CA 19865     3.1922
(2e4eed3c) thawte Primary Root CA             18906     3.0381
(fc5a8f99) USERTrust RSA Certification Author 17597     2.8278
(2e5ac55d) DST Root CA X3                     17594     2.8273
(653b494a) Baltimore CyberTrust Root          11729     1.8848
(3513523f) DigiCert Global Root CA            10305     1.656
(ae8153b9) StartCom Certification Authority   9737      1.5647
(4bfab552) Starfield Root Certificate Authori 8211      1.3195


Scan performed between 30th of May and 18th of June 2016