June 2016 scan results

Sorry, no analysis this month.

SSL/TLS survey of 593851 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      525961    88.5678
3DES Only                 605       0.1019
3DES Preferred            1797      0.3026
3DES forced in TLS1.1+    978       0.1647
AES                       589255    99.2261
AES Only                  43606     7.3429
AES-CBC                   588687    99.1304
AES-CBC Only              5565      0.9371
AES-GCM                   490658    82.6231
AES-GCM Only              520       0.0876
CAMELLIA                  261701    44.0685
CAMELLIA Only             2         0.0003
CHACHA20                  81256     13.6829
Insecure                  56141     9.4537
RC4                       166167    27.9813
RC4 Only                  158       0.0266
RC4 Preferred             13843     2.3311
RC4 forced in TLS1.1+     7176      1.2084
x:FF 29 3DES Only         654       0.1101
x:FF 29 3DES Preferred    2164      0.3644
x:FF 29 RC4 Only          233       0.0392
x:FF 29 RC4 Preferred     16139     2.7177
x:FF 29 incompatible      518       0.0872
x:FF 35 3DES Only         662       0.1115
x:FF 35 3DES Preferred    2094      0.3526
x:FF 35 RC4 Only          273       0.046
x:FF 35 RC4 Preferred     16162     2.7216
x:FF 35 incompatible      522       0.0879
x:FF 44 3DES Only         4368      0.7355
x:FF 44 3DES Preferred    8162      1.3744
x:FF 44 incompatible      795       0.1339
y:DHE-RSA-SEED-SHA        79533     13.3928
y:IDEA-CBC-SHA            76113     12.8169
y:SEED-SHA                90128     15.1769
z:ADH-AES128-GCM-SHA256   430       0.0724
z:ADH-AES128-SHA          771       0.1298
z:ADH-AES128-SHA256       268       0.0451
z:ADH-AES256-GCM-SHA384   444       0.0748
z:ADH-AES256-SHA          809       0.1362
z:ADH-AES256-SHA256       269       0.0453
z:ADH-CAMELLIA128-SHA     401       0.0675
z:ADH-CAMELLIA128-SHA256  1         0.0002
z:ADH-CAMELLIA256-SHA     424       0.0714
z:ADH-CAMELLIA256-SHA256  1         0.0002
z:ADH-DES-CBC-SHA         326       0.0549
z:ADH-DES-CBC3-SHA        781       0.1315
z:ADH-RC4-MD5             571       0.0962
z:ADH-SEED-SHA            322       0.0542
z:AECDH-AES128-SHA        10202     1.7179
z:AECDH-AES256-SHA        10261     1.7279
z:AECDH-DES-CBC3-SHA      10168     1.7122
z:AECDH-NULL-SHA          94        0.0158
z:AECDH-RC4-SHA           9605      1.6174
z:DES-CBC-MD5             6658      1.1212
z:DES-CBC-SHA             35044     5.9011
z:DES-CBC3-MD5            17074     2.8751
z:ECDHE-RSA-NULL-SHA      100       0.0168
z:EDH-RSA-DES-CBC-SHA     29995     5.0509
z:EXP-ADH-DES-CBC-SHA     181       0.0305
z:EXP-ADH-RC4-MD5         180       0.0303
z:EXP-DES-CBC-SHA         10901     1.8356
z:EXP-EDH-RSA-DES-CBC-SHA 8667      1.4595
z:EXP-RC2-CBC-MD5         13108     2.2073
z:EXP-RC4-MD5             13716     2.3097
z:EXP1024-DES-CBC-SHA     3463      0.5831
z:EXP1024-RC4-SHA         3524      0.5934
z:IDEA-CBC-MD5            1453      0.2447
z:NULL-MD5                233       0.0392
z:NULL-SHA                238       0.0401
z:NULL-SHA256             36        0.0061
z:RC2-CBC-MD5             6966      1.173
z:RC4-64-MD5              757       0.1275

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               152565    25.6908
Server side               441286    74.3092

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       979       0.1649
AECDH                     10271     1.7296
DHE                       320930    54.0422
ECDH                      2         0.0003
ECDHE                     517887    87.2082
ECDHE and DHE             274945    46.2987
RSA                       509769    85.8412

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               119481    20.1197  37.2296
DH,1028bits               1         0.0002   0.0003
DH,2048bits               188192    31.6901  58.6396
DH,2236bits               78        0.0131   0.0243
DH,2430bits               1         0.0002   0.0003
DH,2432bits               3         0.0005   0.0009
DH,2560bits               1         0.0002   0.0003
DH,3072bits               132       0.0222   0.0411
DH,3092bits               2         0.0003   0.0006
DH,3196bits               1         0.0002   0.0003
DH,4046bits               1         0.0002   0.0003
DH,4094bits               1         0.0002   0.0003
DH,4096bits               12637     2.128    3.9376
DH,512bits                108       0.0182   0.0337
DH,6144bits               1         0.0002   0.0003
DH,768bits                385       0.0648   0.12
DH,8192bits               8         0.0013   0.0025
ECDH,B-571,570bits        3072      0.5173   0.5932
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,P-192,192bits        60        0.0101   0.0116
ECDH,P-224,224bits        94        0.0158   0.0182
ECDH,P-256,256bits        490672    82.6254  94.745
ECDH,P-384,384bits        9474      1.5953   1.8294
ECDH,P-521,521bits        16461     2.7719   3.1785
ECDH,brainpoolP512r1,512bits 1         0.0002   0.0002
ECDH,secp256k1,256bits    1         0.0002   0.0002
Prefer DH,1024bits        45380     7.6416   14.1402
Prefer DH,2048bits        5635      0.9489   1.7558
Prefer DH,3072bits        8         0.0013   0.0025
Prefer DH,3092bits        2         0.0003   0.0006
Prefer DH,4096bits        398       0.067    0.124
Prefer DH,768bits         44        0.0074   0.0137
Prefer ECDH,B-571,570bits 2840      0.4782   0.5484
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,P-192,192bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 92        0.0155   0.0178
Prefer ECDH,P-256,256bits 453139    76.3052  87.4977
Prefer ECDH,P-384,384bits 7350      1.2377   1.4192
Prefer ECDH,P-521,521bits 15215     2.5621   2.9379
Prefer ECDH,brainpoolP512r1,512bits 1         0.0002   0.0002
Prefer ECDH,secp256k1,256bits 1         0.0002   0.0002
Prefer PFS                530107    89.266   0
Support PFS               563872    94.9518  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           17814     2.9997   
brainpoolP384r1           17827     3.0019   
brainpoolP512r1           17836     3.0034   
prime192v1                1799      0.3029   
prime256v1                513258    86.4288  
prime256v1 Only           427959    72.065   
secp160k1                 1678      0.2826   
secp160r1                 1688      0.2842   
secp160r2                 1678      0.2826   
secp192k1                 1693      0.2851   
secp224k1                 1780      0.2997   
secp224r1                 5748      0.9679   
secp256k1                 20085     3.3822   
secp384r1                 88954     14.9792  
secp384r1 Only            3672      0.6183   
secp521r1                 50953     8.5801   
secp521r1 Only            140       0.0236   
sect163k1                 1684      0.2836   
sect163k1 Only            2         0.0003   
sect163r1                 1682      0.2832   
sect163r2                 1681      0.2831   
sect193r1                 1681      0.2831   
sect193r2                 1681      0.2831   
sect233k1                 1770      0.2981   
sect233r1                 1768      0.2977   
sect239k1                 1768      0.2977   
sect283k1                 19394     3.2658   
sect283r1                 19392     3.2655   
sect409k1                 19395     3.266    
sect409r1                 19391     3.2653   
sect571k1                 19395     3.266    
sect571r1                 19395     3.266    

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          56371     9.4924   
True                           391090    65.8566  
order-specific                 45        0.0076   
unknown                        146345    24.6434  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    13249     2.231    
inconclusive-noecc        8         0.0013   
server                    503853    84.845   
unknown                   76741     12.9226  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     53286     8.973    
ECDSA-SHA1 Only                8         0.0013   
ECDSA-SHA224                   53248     8.9666   
ECDSA-SHA256                   71063     11.9665  
ECDSA-SHA384                   71064     11.9666  
ECDSA-SHA512                   71074     11.9683  
ECDSA-SHA512 Only              16        0.0027   
RSA-MD5                        27142     4.5705   
RSA-SHA1                       447072    75.2835  
RSA-SHA1 Only                  34046     5.7331   
RSA-SHA224                     371135    62.4963  
RSA-SHA256                     422358    71.1219  
RSA-SHA256 Only                8044      1.3545   
RSA-SHA384                     383992    64.6613  
RSA-SHA384 Only                4         0.0007   
RSA-SHA512                     384022    64.6664  
RSA-SHA512 Only                209       0.0352   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         280809    47.2861  
indeterminate                  54        0.0091   
intolerant                     6465      1.0887   
order-fallback                 8         0.0013   
server                         220388    37.1117  
unsupported                    15018     2.5289   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     53230     8.9635   
ECDSA intolerant               189       0.0318   
ECDSA pfs-rsa-SHA512           17719     2.9837   
ECDSA soft-nopfs               7         0.0012   
RSA False                      26845     4.5205   
RSA SHA1                       386610    65.1022  
RSA intolerant                 43313     7.2936   
RSA pfs-ecdsa-SHA512           27        0.0045   
RSA soft-nopfs                 474       0.0798   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     4962      0.8356   
insecure                  16550     2.7869   
secure                    572339    96.3775  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      7077      1.1917   
False                     4962      0.8356   
NONE                      581812    97.9727  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0003   
1 only                    2         0.0003   
2                         1         0.0002   
2 only                    1         0.0002   
5                         5         0.0008   
5 only                    5         0.0008   
10                        8         0.0013   
10 only                   8         0.0013   
15                        8         0.0013   
15 only                   8         0.0013   
30                        25        0.0042   
30 only                   25        0.0042   
60                        166       0.028    
60 only                   161       0.0271   
65                        2         0.0003   
65 only                   2         0.0003   
70                        8         0.0013   
70 only                   8         0.0013   
75                        1         0.0002   
75 only                   1         0.0002   
90                        1         0.0002   
90 only                   1         0.0002   
100                       16        0.0027   
100 only                  16        0.0027   
120                       27        0.0045   
120 only                  27        0.0045   
128                       6         0.001    
128 only                  6         0.001    
150                       2         0.0003   
180                       78        0.0131   
180 only                  74        0.0125   
240                       14        0.0024   
240 only                  14        0.0024   
244                       2         0.0003   
244 only                  2         0.0003   
300                       298609    50.2835  
300 only                  295255    49.7187  
302                       2         0.0003   
302 only                  2         0.0003   
360                       3         0.0005   
360 only                  2         0.0003   
400                       6         0.001    
400 only                  6         0.001    
420                       129       0.0217   
420 only                  111       0.0187   
450                       1         0.0002   
450 only                  1         0.0002   
480                       11        0.0019   
480 only                  11        0.0019   
500                       3         0.0005   
500 only                  3         0.0005   
540                       4         0.0007   
540 only                  4         0.0007   
600                       28678     4.8292   
600 only                  28547     4.8071   
660                       1         0.0002   
660 only                  1         0.0002   
700                       1         0.0002   
700 only                  1         0.0002   
720                       3         0.0005   
720 only                  3         0.0005   
840                       2         0.0003   
840 only                  2         0.0003   
900                       1532      0.258    
900 only                  1515      0.2551   
960                       3         0.0005   
960 only                  3         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      3512      0.5914   
1200 only                 3508      0.5907   
1210                      2         0.0003   
1210 only                 2         0.0003   
1320                      1         0.0002   
1320 only                 1         0.0002   
1380                      1         0.0002   
1380 only                 1         0.0002   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      6         0.001    
1500 only                 5         0.0008   
1800                      751       0.1265   
1800 only                 734       0.1236   
1980                      2         0.0003   
1980 only                 2         0.0003   
2100                      2         0.0003   
2100 only                 1         0.0002   
2400                      10        0.0017   
2400 only                 10        0.0017   
2700                      11        0.0019   
2700 only                 11        0.0019   
3000                      42        0.0071   
3000 only                 42        0.0071   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      1079      0.1817   
3600 only                 1070      0.1802   
3900                      1         0.0002   
3900 only                 1         0.0002   
4200                      1         0.0002   
4500                      1         0.0002   
4500 only                 1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      19        0.0032   
5400 only                 6         0.001    
6000                      352       0.0593   
6000 only                 352       0.0593   
7200                      15154     2.5518   
7200 only                 15130     2.5478   
9000                      2         0.0003   
9000 only                 2         0.0003   
10800                     5334      0.8982   
10800 only                5324      0.8965   
14400                     116       0.0195   
14400 only                116       0.0195   
18000                     9         0.0015   
18000 only                9         0.0015   
21600                     4287      0.7219   
21600 only                4286      0.7217   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2555      0.4302   
28800 only                2555      0.4302   
30000                     3         0.0005   
30000 only                1         0.0002   
36000                     1220      0.2054   
36000 only                1209      0.2036   
43200                     65        0.0109   
43200 only                65        0.0109   
54000                     1         0.0002   
54000 only                1         0.0002   
54647                     1         0.0002   
54660                     1         0.0002   
54674                     1         0.0002   
54690                     1         0.0002   
54703                     1         0.0002   
54722                     1         0.0002   
54737                     1         0.0002   
54751                     1         0.0002   
60000                     2         0.0003   
60000 only                2         0.0003   
64800                     70759     11.9153  
64800 only                70736     11.9114  
72000                     12        0.002    
72000 only                12        0.002    
79200                     1         0.0002   
79200 only                1         0.0002   
86400                     2990      0.5035   
86400 only                2984      0.5025   
100800                    9026      1.5199   
100800 only               9015      1.5181   
108000                    1         0.0002   
108000 only               1         0.0002   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    6         0.001    
129600 only               6         0.001    
172800                    47        0.0079   
172800 only               47        0.0079   
216000                    4         0.0007   
216000 only               3         0.0005   
259200                    2         0.0003   
259200 only               2         0.0003   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    2         0.0003   
864000 only               2         0.0003   
7776000                   1         0.0002   
7776000 only              1         0.0002   
None                      150742    25.3838  
None only                 147105    24.7714  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      10920     1.8388   
ecdsa-with-SHA256         68463     11.5286  
sha1WithRSAEncryption     21372     3.5989   
sha256WithRSAEncryption   521742    87.8574  
sha384WithRSAEncryption   8         0.0013   
sha512WithRSAEncryption   69        0.0116   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 71108     11.974   
ECDSA 384                 38        0.0064   
ECDSA 521                 1         0.0002   
RSA 1024                  15        0.0025   
RSA 2048                  511834    86.189   
RSA 2049                  3         0.0005   
RSA 2056                  1         0.0002   
RSA 2058                  3         0.0005   
RSA 2059                  1         0.0002   
RSA 2080                  6         0.001    
RSA 2084                  2         0.0003   
RSA 2086                  1         0.0002   
RSA 2096                  3         0.0005   
RSA 2408                  1         0.0002   
RSA 2432                  3         0.0005   
RSA 2560                  1         0.0002   
RSA 2948                  1         0.0002   
RSA 3072                  163       0.0274   
RSA 3073                  1         0.0002   
RSA 3096                  2         0.0003   
RSA 3248                  3         0.0005   
RSA 4048                  4         0.0007   
RSA 4056                  18        0.003    
RSA 4069                  1         0.0002   
RSA 4086                  4         0.0007   
RSA 4092                  2         0.0003   
RSA 4094                  1         0.0002   
RSA 4095                  1         0.0002   
RSA 4096                  30991     5.2186   
RSA 4196                  1         0.0002   
RSA 8192                  10        0.0017   
RSA 8392                  1         0.0002   
RSA/ECDSA Dual Stack      20358     3.4281

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 126688    21.3333  
Unsupported               467163    78.6667  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      17236     2.9024
SSL2 Only                 12        0.002
SSL3                      99629     16.7768
SSL3 Only                 497       0.0837
SSL3 or TLS1 Only         52946     8.9157
SSL3 or lower Only        505       0.085
TLS1                      582034    98.0101
TLS1 Only                 32797     5.5228
TLS1 or lower Only        68913     11.6044
TLS1.1                    515189    86.7539
TLS1.1 Only               42        0.0071
TLS1.1 or up Only         11134     1.8749
TLS1.2                    522729    88.0236
TLS1.2 Only               3290      0.554
TLS1.2, 1.0 but not 1.1   5865      0.9876





Statistics from 628845 chains provided by 728648 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  570337    78.2733
incomplete                21286     2.9213
untrusted                 137025    18.8054

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1         0.0002
3                         625155    99.4132
4                         3676      0.5846
5                         13        0.0021

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 68458     
ECDSA 384                 68457     
RSA 1024                  8         
RSA 2045                  2         
RSA 2048                  927971    
RSA 4096                  196495    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 68458     10.8863
ECDSA 384                 68456     10.886
RSA 1024                  6         0.001
RSA 2045                  2         0.0003
RSA 2048                  559959    89.0456
RSA 4096                  195838    31.1425

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              68447     
sha1WithRSAEncryption          24541     
sha256WithRSAEncryption        363378    
sha384WithRSAEncryption        176120    
sha512WithRSAEncryption        60        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        24524     3.8998
112                       535845    85.211
128                       68476     10.8892

Most popular root CAs                         Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 158376    25.1852
(2c543cd1) GeoTrust Global CA                 95542     15.1933
(eed8c118) COMODO ECC Certification Authority 68438     10.8831
(cbf06781) Go Daddy Root Certificate Authorit 49514     7.8738
(5ad8a5d6) GlobalSign Root CA                 48382     7.6938
(b204d74a) VeriSign Class 3 Public Primary Ce 32086     5.1024
(2e5ac55d) DST Root CA X3                     26043     4.1414
(244b5494) DigiCert High Assurance EV Root CA 20408     3.2453
(2e4eed3c) thawte Primary Root CA             19033     3.0267
(fc5a8f99) USERTrust RSA Certification Author 17598     2.7985
(653b494a) Baltimore CyberTrust Root          11671     1.8559
(3513523f) DigiCert Global Root CA            10585     1.6832
(ae8153b9) StartCom Certification Authority   9453      1.5032
(4bfab552) Starfield Root Certificate Authori 8502      1.352


Scan performed between 19th of June and 6th of July 2016
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s