October 2015 scan results

Because the previous two months were published with a much longer delay than usual (sorry about that, will explain myself in future post) the following analysis compares this month’s results to July, not September.

Number of servers supporting TLS has grown by over 4% during those 3 months. The most profound change during that time was decommissioning of over 10% of SHA-1 using certificates. Rest of changes is just continuation of established trends.

Cipher suites

3DES continues the somewhat surprising increase in support, gaining another 1.6%. AES in general and AES in CBC mode in particular have shown little change, gaining less than half a percent in use. AES-GCM has grown by over 5% at the same time. Similarly to AES, Camellia and ChaCha20 support is relatively stable, both gaining about 0.2% each.

Use of insecure ciphers has decreased somewhat, loosing nearly 3% since last publication of results. RC4 has lost a staggering 10% of market share, for the first time since scans began falling below Camellia levels.

Unfortunately, there are still over 1100 servers which require use of RC4 for a successful connection, or over 1600 if you’re using Firefox 35.

Use of server side cipher ordering also plateaued, with just 0.2% more servers opting to ignore client presented order of ciphers for negotiation.

Key exchange

Support for the modern ECDHE key exchange has grown by nearly 5% during that time, reaching over 79% of servers.

The older and slower DHE key exchange has lost 1.6% of support among the servers.

The insecure ADH and AECDH key exchanges have also fallen, the former to a level of below 1000 servers, the latter by 1.5% to just over 2.1%.

Most of the increases in the ECDHE support are due to P-256 NIST curve, gaining nearly 4.5%.

We also see very good changes in DHE support, use of 1024 bit prime has fallen by 9% while use of 2048 bit prime has risen by 8%. For ciphersuites effectively negotiated, the changes are a bit less pronounced, with just 4.1% less servers picking a DHE ciphersuite with 1024 bit prime, making connections to 11.4% of servers a bit less secure. While preference for 2048 bit DH risen by just 1.12%.

Overall, 1.6% more servers support ciphersuites that provide Forward Secrecy while a very nice 4.4% more actually prefer them.

As usual, the support for ECDHE is mostly driven by P-256 (a.k.a. prime256v1), with it gaining 4.8% more market share. One other curve has finally risen to the double digit level (though just barely), with an increase of 0.2% – P-384, a.k.a. secp384r1.

Hash and signature algorithms

Support for SHA256 with RSA certificates has grown by nearly 5%, stronger hashes have seen smaller changes with SHA384 and SHA512 gaining only 3.8%.

Support for the insecure MD5 is also increasing, thankfully at a slower rate, with it gaining only 0.7%. Number of servers that support only the rather weak SHA1 is decreasing though, over those 3 months it has fallen by 1.2%.

Vulnerabilities

Support for secure renegotiation is still missing in 3.6% of servers, loosing just over half a percent. Similarly, 1.2% of servers are vulnerable to the CRIME attack, a change of only 0.2%.

Certificates

Certificates used by servers have seen comparatively the biggest change. SHA-1 use has fallen by nearly 13%! The switch was shared by SHA-256 with RSA (increase by just over 12%) and SHA-256 with ECDSA (increase by 2.6%).

We’ve also finally reached a “less than 100 servers with 1024 bit RSA keys” milestone. Use of 2048 bit RSA has fallen by just one percent, at the same time use of 256 bit ECDSA has grown by 2.67%.

The list of CA’s with more than 1% of servers have also shrunk by 2 positions.

Protocols

Still over half a thousand of servers support only the insecure SSLv2 and SSLv3 protocols.

At the same time, more than 4 in 5 servers support the newest and most secure TLS v1.2 protocol.

Results

SSL/TLS survey of 523658 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      450366    86.0038
3DES Only                 598       0.1142
AES                       516026    98.5426
AES Only                  22924     4.3777
AES-CBC                   515568    98.4551
AES-CBC Only              10087     1.9263
AES-GCM                   388464    74.1828
AES-GCM Only              378       0.0722
CAMELLIA                  234209    44.7256
CAMELLIA Only             3         0.0006
CHACHA20                  64701     12.3556
CHACHA20 Only             1         0.0002
Insecure                  61963     11.8327
RC4                       213861    40.8398
RC4 Only                  1101      0.2103
RC4 Preferred             22873     4.3679
RC4 forced in TLS1.1+     11792     2.2519
x:FF 29 RC4 Only          1377      0.263
x:FF 29 RC4 Preferred     26049     4.9744
x:FF 29 incompatible      312       0.0596
x:FF 35 RC4 Only          1656      0.3162
x:FF 35 RC4 Preferred     26149     4.9935
x:FF 35 incompatible      315       0.0602
y:DHE-RSA-SEED-SHA        84215     16.0821
y:IDEA-CBC-SHA            78851     15.0577
y:SEED-SHA                95873     18.3083
z:ADH-AES128-GCM-SHA256   395       0.0754
z:ADH-AES128-SHA          756       0.1444
z:ADH-AES128-SHA256       295       0.0563
z:ADH-AES256-GCM-SHA384   403       0.077
z:ADH-AES256-SHA          764       0.1459
z:ADH-AES256-SHA256       297       0.0567
z:ADH-CAMELLIA128-SHA     380       0.0726
z:ADH-CAMELLIA256-SHA     388       0.0741
z:ADH-DES-CBC-SHA         305       0.0582
z:ADH-DES-CBC3-SHA        775       0.148
z:ADH-RC4-MD5             638       0.1218
z:ADH-SEED-SHA            313       0.0598
z:AECDH-AES128-SHA        11266     2.1514
z:AECDH-AES256-SHA        11290     2.156
z:AECDH-DES-CBC3-SHA      11231     2.1447
z:AECDH-NULL-SHA          59        0.0113
z:AECDH-RC4-SHA           10599     2.024
z:DES-CBC-MD5             11791     2.2517
z:DES-CBC-SHA             36853     7.0376
z:DES-CBC3-MD5            24006     4.5843
z:ECDHE-RSA-NULL-SHA      63        0.012
z:EDH-RSA-DES-CBC-SHA     31633     6.0408
z:EXP-ADH-DES-CBC-SHA     208       0.0397
z:EXP-ADH-RC4-MD5         205       0.0391
z:EXP-DES-CBC-SHA         15360     2.9332
z:EXP-EDH-RSA-DES-CBC-SHA 12356     2.3596
z:EXP-RC2-CBC-MD5         18735     3.5777
z:EXP-RC4-MD5             19564     3.736
z:EXP1024-DES-CBC-SHA     4870      0.93
z:EXP1024-RC4-SHA         4967      0.9485
z:IDEA-CBC-MD5            2349      0.4486
z:NULL-MD5                227       0.0433
z:NULL-SHA                232       0.0443
z:NULL-SHA256             29        0.0055
z:RC2-CBC-MD5             12033     2.2979
z:RC4-64-MD5              968       0.1849

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               134694    25.7217
Server side               388964    74.2783

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       903       0.1724
AECDH                     11321     2.1619
DHE                       286818    54.772
ECDH                      3         0.0006
ECDHE                     415495    79.3447
ECDHE and DHE             219028    41.8265
RSA                       471189    89.9803

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               162798    31.0886  56.76
DH,1536bits               1         0.0002   0.0003
DH,2048bits               116370    22.2225  40.5728
DH,2236bits               11        0.0021   0.0038
DH,2432bits               1         0.0002   0.0003
DH,3072bits               109       0.0208   0.038
DH,3092bits               1         0.0002   0.0003
DH,4094bits               1         0.0002   0.0003
DH,4096bits               7102      1.3562   2.4761
DH,512bits                43        0.0082   0.015
DH,768bits                450       0.0859   0.1569
DH,8192bits               2         0.0004   0.0007
ECDH,B-571,570bits        1628      0.3109   0.3918
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,K-571,570bits        1         0.0002   0.0002
ECDH,P-192,192bits        8         0.0015   0.0019
ECDH,P-224,224bits        71        0.0136   0.0171
ECDH,P-256,256bits        402982    76.9552  96.9884
ECDH,P-384,384bits        2860      0.5462   0.6883
ECDH,P-521,521bits        8826      1.6855   2.1242
Prefer DH,1024bits        59986     11.4552  20.9143
Prefer DH,1536bits        1         0.0002   0.0003
Prefer DH,2048bits        9957      1.9014   3.4715
Prefer DH,3072bits        13        0.0025   0.0045
Prefer DH,4096bits        345       0.0659   0.1203
Prefer DH,768bits         65        0.0124   0.0227
Prefer ECDH,B-571,570bits 1429      0.2729   0.3439
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,K-571,570bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 55        0.0105   0.0132
Prefer ECDH,P-256,256bits 358890    68.5352  86.3765
Prefer ECDH,P-384,384bits 2659      0.5078   0.64
Prefer ECDH,P-521,521bits 7931      1.5145   1.9088
Prefer PFS                441333    84.2789  0
Support PFS               483285    92.2902  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           1825      0.3485   
brainpoolP384r1           1827      0.3489   
brainpoolP512r1           1828      0.3491   
prime192v1                1461      0.279    
prime256v1                413390    78.9427  
prime256v1 Only           360620    68.8656  
secp160k1                 1415      0.2702   
secp160r1                 1422      0.2716   
secp160r2                 1414      0.27     
secp192k1                 1433      0.2737   
secp224k1                 1489      0.2843   
secp224r1                 3846      0.7344   
secp256k1                 3218      0.6145   
secp384r1                 53089     10.1381  
secp384r1 Only            364       0.0695   
secp521r1                 22417     4.2808   
secp521r1 Only            125       0.0239   
sect163k1                 1415      0.2702   
sect163k1 Only            1         0.0002   
sect163r1                 1414      0.27     
sect163r2                 1414      0.27     
sect193r1                 1412      0.2696   
sect193r2                 1412      0.2696   
sect233k1                 1482      0.283    
sect233r1                 1481      0.2828   
sect239k1                 1481      0.2828   
sect283k1                 3187      0.6086   
sect283r1                 3187      0.6086   
sect409k1                 3189      0.609    
sect409r1                 3189      0.609    
sect571k1                 3201      0.6113   
sect571r1                 3201      0.6113   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          70006     13.3686  
True                           291129    55.5953  
order-specific                 72        0.0137   
unknown                        162451    31.0223  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    4674      0.8926   
inconclusive-noecc        10        0.0019   
server                    409225    78.1474  
unknown                   109749    20.9581  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     38366     7.3265   
ECDSA-SHA1 Only                3         0.0006   
ECDSA-SHA224                   38357     7.3248   
ECDSA-SHA256                   49346     9.4233   
ECDSA-SHA384                   49344     9.4229   
ECDSA-SHA512                   49347     9.4235   
ECDSA-SHA512 Only              3         0.0006   
RSA-MD5                        168481    32.1739  
RSA-SHA1                       361209    68.978   
RSA-SHA1 Only                  43815     8.3671   
RSA-SHA224                     296284    56.5797  
RSA-SHA256                     324294    61.9286  
RSA-SHA256 Only                5869      1.1208   
RSA-SHA384                     297506    56.813   
RSA-SHA384 Only                1         0.0002   
RSA-SHA512                     297620    56.8348  
RSA-SHA512 Only                137       0.0262   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         238653    45.5742  
indeterminate                  202       0.0386   
intolerant                     4295      0.8202   
order-fallback                 10        0.0019   
server                         163641    31.2496  
unsupported                    21408     4.0882   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     38349     7.3233   
ECDSA intolerant               24        0.0046   
ECDSA pfs-rsa-SHA512           10983     2.0974   
ECDSA soft-nopfs               1         0.0002   
RSA False                      167225    31.934   
RSA SHA1                       166732    31.8399  
RSA intolerant                 34038     6.5      
RSA pfs-ecdsa-SHA512           5         0.001    
RSA soft-nopfs                 1316      0.2513   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     6661      1.272    
insecure                  19263     3.6785   
secure                    497734    95.0494  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      9887      1.8881   
False                     6661      1.272    
NONE                      507110    96.8399  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         2         0.0004   
5 only                    2         0.0004   
10                        8         0.0015   
10 only                   8         0.0015   
15                        9         0.0017   
15 only                   9         0.0017   
30                        10        0.0019   
30 only                   9         0.0017   
60                        96        0.0183   
60 only                   89        0.017    
65                        1         0.0002   
65 only                   1         0.0002   
70                        7         0.0013   
75                        1         0.0002   
75 only                   1         0.0002   
100                       18        0.0034   
100 only                  18        0.0034   
120                       26        0.005    
120 only                  26        0.005    
128                       3         0.0006   
128 only                  3         0.0006   
150                       2         0.0004   
180                       42        0.008    
180 only                  39        0.0074   
200                       1         0.0002   
200 only                  1         0.0002   
240                       12        0.0023   
240 only                  12        0.0023   
300                       242606    46.3291  
300 only                  238057    45.4604  
302                       3         0.0006   
302 only                  3         0.0006   
360                       2         0.0004   
360 only                  1         0.0002   
400                       8         0.0015   
400 only                  8         0.0015   
420                       119       0.0227   
420 only                  88        0.0168   
480                       12        0.0023   
480 only                  12        0.0023   
500                       5         0.001    
500 only                  5         0.001    
540                       1         0.0002   
540 only                  1         0.0002   
600                       25719     4.9114   
600 only                  25574     4.8837   
700                       1         0.0002   
700 only                  1         0.0002   
720                       2         0.0004   
720 only                  2         0.0004   
840                       1         0.0002   
840 only                  1         0.0002   
900                       781       0.1491   
900 only                  766       0.1463   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      2230      0.4259   
1200 only                 2222      0.4243   
1320                      1         0.0002   
1320 only                 1         0.0002   
1500                      10        0.0019   
1500 only                 9         0.0017   
1800                      490       0.0936   
1800 only                 476       0.0909   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      8         0.0015   
2400 only                 8         0.0015   
2700                      8         0.0015   
2700 only                 8         0.0015   
3000                      23        0.0044   
3000 only                 23        0.0044   
3600                      575       0.1098   
3600 only                 566       0.1081   
3900                      1         0.0002   
3900 only                 1         0.0002   
4100                      1         0.0002   
4100 only                 1         0.0002   
4200                      1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      20        0.0038   
5400 only                 8         0.0015   
6000                      66        0.0126   
6000 only                 66        0.0126   
7200                      14981     2.8608   
7200 only                 14963     2.8574   
10800                     2576      0.4919   
10800 only                2570      0.4908   
14400                     102       0.0195   
14400 only                102       0.0195   
18000                     7         0.0013   
18000 only                7         0.0013   
21600                     4999      0.9546   
21600 only                4999      0.9546   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2018      0.3854   
28800 only                1601      0.3057   
36000                     1153      0.2202   
36000 only                1144      0.2185   
43200                     34        0.0065   
43200 only                34        0.0065   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     53897     10.2924  
64800 only                53896     10.2922  
72000                     16        0.0031   
72000 only                16        0.0031   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     39        0.0074   
86000 only                39        0.0074   
86400                     3516      0.6714   
86400 only                3512      0.6707   
100800                    10300     1.9669   
100800 only               10290     1.965    
129600                    9         0.0017   
129600 only               9         0.0017   
172800                    6         0.0011   
172800 only               6         0.0011   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    2         0.0004   
432000 only               2         0.0004   
604800                    1         0.0002   
864000                    4         0.0008   
864000 only               4         0.0008   
None                      162322    30.9977  
None only                 157058    29.9925  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      11981     2.2879   
ecdsa-with-SHA256         49307     9.4159   
sha1WithRSAEncryption     86227     16.4663  
sha256WithRSAEncryption   399420    76.275   
sha384WithRSAEncryption   6         0.0011   
sha512WithRSAEncryption   28        0.0053   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 49343     9.4228   
ECDSA 384                 15        0.0029   
RSA 1024                  56        0.0107   
RSA 10240                 8         0.0015   
RSA 2047                  1         0.0002   
RSA 2048                  464934    88.7858  
RSA 2049                  4         0.0008   
RSA 2056                  4         0.0008   
RSA 2058                  2         0.0004   
RSA 2064                  2         0.0004   
RSA 2084                  4         0.0008   
RSA 2096                  2         0.0004   
RSA 2408                  2         0.0004   
RSA 2432                  1         0.0002   
RSA 2480                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  127       0.0243   
RSA 3096                  2         0.0004   
RSA 3248                  2         0.0004   
RSA 4042                  1         0.0002   
RSA 4048                  1         0.0002   
RSA 4056                  25        0.0048   
RSA 4069                  3         0.0006   
RSA 4086                  2         0.0004   
RSA 4092                  6         0.0011   
RSA 4094                  1         0.0002   
RSA 4096                  20149     3.8477   
RSA 4098                  1         0.0002   
RSA 8192                  4         0.0008   
RSA/ECDSA Dual Stack      11039     2.1081

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 113302    21.6366  
Unsupported               410356    78.3634  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      24244     4.6297
SSL2 Only                 19        0.0036
SSL3                      122263    23.3479
SSL3 Only                 484       0.0924
SSL3 or TLS1 Only         69496     13.2713
SSL3 or lower Only        503       0.0961
TLS1                      518406    98.9971
TLS1 Only                 41584     7.9411
TLS1 or lower Only        92178     17.6027
TLS1.1                    418156    79.8529
TLS1.1 Only               267       0.051
TLS1.1 or up Only         4492      0.8578
TLS1.2                    428200    81.7709
TLS1.2 Only               1845      0.3523
TLS1.2, 1.0 but not 1.1   10863     2.0744



Statistics from 549280 chains provided by 697275 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  487661    69.9381
incomplete                27391     3.9283
untrusted                 182223    26.1336

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         114       0.0208
3                         547038    99.5918
4                         2101      0.3825
5                         27        0.0049

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 48991     
ECDSA 384                 48992     
RSA 1024                  101       
RSA 2045                  3         
RSA 2048                  865095    
RSA 4096                  137419    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 48991     8.9191
ECDSA 384                 48992     8.9193
RSA 1024                  99        0.018
RSA 2045                  3         0.0005
RSA 2048                  499889    91.008
RSA 4096                  136911    24.9255

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              48986     
sha1WithRSAEncryption          92825     
sha256WithRSAEncryption        287083    
sha384WithRSAEncryption        122355    
sha512WithRSAEncryption        72        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        92922     16.9171
112                       407358    74.1622
128                       49000     8.9208

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 113492    20.662
(2c543cd1) GeoTrust Global CA                 107601    19.5895
(eed8c118) COMODO ECC Certification Authority 48977     8.9166
(cbf06781) Go Daddy Root Certificate Authorit 47939     8.7276
(5ad8a5d6) GlobalSign Root CA                 44123     8.0329
(b204d74a) VeriSign Class 3 Public Primary Ce 29359     5.345
(244b5494) DigiCert High Assurance EV Root CA 25999     4.7333
(2e4eed3c) thawte Primary Root CA             23372     4.255
(157753a5) AddTrust External CA Root          20188     3.6754
(653b494a) Baltimore CyberTrust Root          12053     2.1943
(ae8153b9) StartCom Certification Authority   9139      1.6638
(fc5a8f99) USERTrust RSA Certification Author 8775      1.5975
(3513523f) DigiCert Global Root CA            8281      1.5076
(4bfab552) Starfield Root Certificate Authori 8226      1.4976
(480720ec) GeoTrust Primary Certification Aut 5570      1.0141


Scan performed between 19th of October and 9th of November 2015

September 2015 scan results

(I have declared “analysis bankruptcy”, only raw results available for this month. Sorry! 🙇)

SSL/TLS survey of 514491 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      441032    85.722
3DES Only                 662       0.1287
AES                       506240    98.3963
AES Only                  20155     3.9175
AES-CBC                   506132    98.3753
AES-CBC Only              9532      1.8527
AES-GCM                   372880    72.4755
AES-GCM Only              53        0.0103
CAMELLIA                  228600    44.4323
CAMELLIA Only             1         0.0002
CHACHA20                  63632     12.368
CHACHA20 Only             1         0.0002
Insecure                  64742     12.5837
RC4                       231507    44.9973
RC4 Only                  1252      0.2433
RC4 Preferred             27685     5.381
RC4 forced in TLS1.1+     15710     3.0535
x:FF 29 RC4 Only          1532      0.2978
x:FF 29 RC4 Preferred     31430     6.109
x:FF 29 incompatible      137       0.0266
x:FF 35 RC4 Only          1845      0.3586
x:FF 35 RC4 Preferred     31550     6.1323
x:FF 35 incompatible      138       0.0268
y:DHE-RSA-SEED-SHA        86011     16.7177
y:IDEA-CBC-SHA            78923     15.34
y:SEED-SHA                96111     18.6808
z:ADH-AES128-GCM-SHA256   333       0.0647
z:ADH-AES128-SHA          745       0.1448
z:ADH-AES128-SHA256       236       0.0459
z:ADH-AES256-GCM-SHA384   343       0.0667
z:ADH-AES256-SHA          749       0.1456
z:ADH-AES256-SHA256       236       0.0459
z:ADH-CAMELLIA128-SHA     344       0.0669
z:ADH-CAMELLIA256-SHA     350       0.068
z:ADH-DES-CBC-SHA         321       0.0624
z:ADH-DES-CBC3-SHA        759       0.1475
z:ADH-RC4-MD5             621       0.1207
z:ADH-SEED-SHA            272       0.0529
z:AECDH-AES128-SHA        12374     2.4051
z:AECDH-AES256-SHA        12403     2.4107
z:AECDH-DES-CBC3-SHA      12331     2.3967
z:AECDH-NULL-SHA          55        0.0107
z:AECDH-RC4-SHA           11656     2.2655
z:DES-CBC-MD5             12201     2.3715
z:DES-CBC-SHA             37676     7.323
z:DES-CBC3-MD5            24906     4.8409
z:ECDHE-RSA-NULL-SHA      59        0.0115
z:EDH-RSA-DES-CBC-SHA     32341     6.286
z:EXP-ADH-DES-CBC-SHA     225       0.0437
z:EXP-ADH-RC4-MD5         222       0.0431
z:EXP-DES-CBC-SHA         16253     3.159
z:EXP-EDH-RSA-DES-CBC-SHA 13136     2.5532
z:EXP-RC2-CBC-MD5         19785     3.8455
z:EXP-RC4-MD5             20799     4.0426
z:EXP1024-DES-CBC-SHA     5124      0.9959
z:EXP1024-RC4-SHA         5211      1.0128
z:IDEA-CBC-MD5            2368      0.4603
z:NULL-MD5                228       0.0443
z:NULL-SHA                231       0.0449
z:NULL-SHA256             22        0.0043
z:RC2-CBC-MD5             12471     2.4239
z:RC4-64-MD5              1000      0.1944

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               131154    25.492
Server side               383337    74.508

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       872       0.1695
AECDH                     12430     2.416
DHE                       282349    54.8793
ECDH                      3         0.0006
ECDHE                     400761    77.8947
ECDHE and DHE             210872    40.9865
RSA                       466026    90.58

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               176947    34.3926  62.6696
DH,1536bits               1         0.0002   0.0004
DH,2048bits               97579     18.9661  34.5597
DH,2236bits               10        0.0019   0.0035
DH,2560bits               1         0.0002   0.0004
DH,3072bits               1027      0.1996   0.3637
DH,3092bits               1         0.0002   0.0004
DH,4096bits               6303      1.2251   2.2323
DH,512bits                53        0.0103   0.0188
DH,768bits                502       0.0976   0.1778
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        1         0.0002   0.0002
ECDH,B-571,570bits        1514      0.2943   0.3778
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,K-571,570bits        1         0.0002   0.0002
ECDH,P-192,192bits        2         0.0004   0.0005
ECDH,P-224,224bits        89        0.0173   0.0222
ECDH,P-256,256bits        389270    75.6612  97.1327
ECDH,P-384,384bits        2668      0.5186   0.6657
ECDH,P-521,521bits        8073      1.5691   2.0144
Prefer DH,1024bits        63712     12.3835  22.565
Prefer DH,1536bits        1         0.0002   0.0004
Prefer DH,2048bits        9342      1.8158   3.3087
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,3072bits        14        0.0027   0.005
Prefer DH,4096bits        342       0.0665   0.1211
Prefer DH,768bits         102       0.0198   0.0361
Prefer ECDH,B-163,163bits 1         0.0002   0.0002
Prefer ECDH,B-571,570bits 1305      0.2536   0.3256
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,K-571,570bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 55        0.0107   0.0137
Prefer ECDH,P-256,256bits 337269    65.5539  84.1571
Prefer ECDH,P-384,384bits 2525      0.4908   0.6301
Prefer ECDH,P-521,521bits 7266      1.4123   1.8131
Prefer PFS                421937    82.0106  0
Support PFS               472238    91.7874  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           1285      0.2498   
brainpoolP384r1           1285      0.2498   
brainpoolP512r1           1285      0.2498   
prime192v1                1409      0.2739   
prime256v1                399379    77.626   
prime256v1 Only           346484    67.345   
secp160k1                 1372      0.2667   
secp160r1                 1376      0.2674   
secp160r2                 1372      0.2667   
secp192k1                 1393      0.2708   
secp224k1                 1466      0.2849   
secp224r1                 3478      0.676    
secp224r1 Only            2         0.0004   
secp256k1                 2664      0.5178   
secp384r1                 53002     10.3018  
secp384r1 Only            342       0.0665   
secp521r1                 22491     4.3715   
secp521r1 Only            118       0.0229   
sect163k1                 1376      0.2674   
sect163k1 Only            2         0.0004   
sect163r1                 1374      0.2671   
sect163r2                 1375      0.2673   
sect163r2 Only            1         0.0002   
sect193r1                 1374      0.2671   
sect193r2                 1374      0.2671   
sect233k1                 1460      0.2838   
sect233r1                 1458      0.2834   
sect239k1                 1458      0.2834   
sect283k1                 2637      0.5125   
sect283r1                 2637      0.5125   
sect409k1                 2637      0.5125   
sect409r1                 2637      0.5125   
sect571k1                 2650      0.5151   
sect571r1                 2650      0.5151   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          69342     13.4778  
True                           279091    54.246   
order-specific                 247       0.048    
unknown                        165811    32.2282  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    4128      0.8023   
inconclusive-noecc        10        0.0019   
server                    395723    76.9154  
unknown                   114630    22.2803  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     36846     7.1616   
ECDSA-SHA1 Only                3         0.0006   
ECDSA-SHA224                   36847     7.1618   
ECDSA-SHA256                   36861     7.1646   
ECDSA-SHA384                   36862     7.1648   
ECDSA-SHA512                   36877     7.1677   
ECDSA-SHA512 Only              15        0.0029   
RSA-MD5                        169404    32.9265  
RSA-SHA1                       349277    67.8879  
RSA-SHA1 Only                  46373     9.0134   
RSA-SHA224                     283789    55.1592  
RSA-SHA256                     309288    60.1153  
RSA-SHA256 Only                5302      1.0305   
RSA-SHA384                     284974    55.3895  
RSA-SHA384 Only                1         0.0002   
RSA-SHA512                     285175    55.4286  
RSA-SHA512 Only                218       0.0424   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         247485    48.1029  
indeterminate                  113       0.022    
intolerant                     3917      0.7613   
order-fallback                 6         0.0012   
server                         141461    27.4953  
unsupported                    22160     4.3072   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     36832     7.1589   
ECDSA intolerant               63        0.0122   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      168019    32.6573  
RSA SHA1                       154614    30.0518  
RSA intolerant                 32671     6.3502   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 1437      0.2793   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     6340      1.2323   
insecure                  19961     3.8798   
secure                    488190    94.888   

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      10392     2.0199   
False                     6340      1.2323   
NONE                      497759    96.7479  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         4         0.0008   
1 only                    4         0.0008   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        7         0.0014   
10 only                   7         0.0014   
15                        8         0.0016   
15 only                   8         0.0016   
30                        11        0.0021   
30 only                   10        0.0019   
60                        93        0.0181   
60 only                   87        0.0169   
65                        1         0.0002   
65 only                   1         0.0002   
70                        7         0.0014   
100                       14        0.0027   
100 only                  14        0.0027   
120                       30        0.0058   
120 only                  30        0.0058   
128                       2         0.0004   
128 only                  2         0.0004   
150                       2         0.0004   
180                       39        0.0076   
180 only                  37        0.0072   
240                       14        0.0027   
240 only                  14        0.0027   
300                       232702    45.2296  
300 only                  227970    44.3098  
302                       2         0.0004   
302 only                  2         0.0004   
360                       2         0.0004   
360 only                  1         0.0002   
400                       7         0.0014   
400 only                  7         0.0014   
420                       113       0.022    
420 only                  87        0.0169   
480                       11        0.0021   
480 only                  11        0.0021   
500                       4         0.0008   
500 only                  4         0.0008   
540                       1         0.0002   
540 only                  1         0.0002   
600                       24187     4.7012   
600 only                  24031     4.6708   
720                       2         0.0004   
720 only                  2         0.0004   
840                       2         0.0004   
840 only                  2         0.0004   
900                       718       0.1396   
900 only                  702       0.1364   
960                       3         0.0006   
960 only                  3         0.0006   
1200                      2085      0.4053   
1200 only                 2080      0.4043   
1320                      1         0.0002   
1320 only                 1         0.0002   
1500                      11        0.0021   
1500 only                 10        0.0019   
1800                      473       0.0919   
1800 only                 468       0.091    
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      6         0.0012   
2400 only                 6         0.0012   
2700                      7         0.0014   
2700 only                 7         0.0014   
3000                      19        0.0037   
3000 only                 19        0.0037   
3600                      512       0.0995   
3600 only                 498       0.0968   
3900                      1         0.0002   
3900 only                 1         0.0002   
4200                      1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      14        0.0027   
5400 only                 6         0.0012   
6000                      3         0.0006   
6000 only                 3         0.0006   
7200                      16177     3.1443   
7200 only                 16154     3.1398   
10800                     2416      0.4696   
10800 only                2411      0.4686   
14400                     70        0.0136   
14400 only                70        0.0136   
18000                     7         0.0014   
18000 only                7         0.0014   
21600                     4966      0.9652   
21600 only                4963      0.9646   
28800                     2049      0.3983   
28800 only                637       0.1238   
36000                     1187      0.2307   
36000 only                1176      0.2286   
43200                     35        0.0068   
43200 only                35        0.0068   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     51944     10.0962  
64800 only                51911     10.0898  
72000                     13        0.0025   
72000 only                13        0.0025   
86000                     31        0.006    
86000 only                31        0.006    
86400                     3546      0.6892   
86400 only                3543      0.6886   
100800                    11273     2.1911   
100800 only               11263     2.1892   
129600                    9         0.0017   
129600 only               9         0.0017   
172800                    7         0.0014   
172800 only               7         0.0014   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    2         0.0004   
432000 only               2         0.0004   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
2592000                   1         0.0002   
2592000 only              1         0.0002   
None                      166108    32.2859  
None only                 159631    31.027   

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      13099     2.546    
ecdsa-with-SHA256         36858     7.164    
sha1WithRSAEncryption     100797    19.5916  
sha256WithRSAEncryption   377291    73.3329  
sha384WithRSAEncryption   6         0.0012   
sha512WithRSAEncryption   26        0.0051   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 36891     7.1704   
ECDSA 384                 8         0.0016   
RSA 1024                  68        0.0132   
RSA 10240                 5         0.001    
RSA 2048                  459006    89.2156  
RSA 2049                  3         0.0006   
RSA 2056                  2         0.0004   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2078                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  6         0.0012   
RSA 2096                  2         0.0004   
RSA 2408                  1         0.0002   
RSA 2432                  2         0.0004   
RSA 2480                  1         0.0002   
RSA 2890                  1         0.0002   
RSA 3024                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  119       0.0231   
RSA 3248                  3         0.0006   
RSA 4042                  1         0.0002   
RSA 4048                  1         0.0002   
RSA 4056                  26        0.0051   
RSA 4069                  2         0.0004   
RSA 4092                  6         0.0012   
RSA 4094                  1         0.0002   
RSA 4096                  18374     3.5713   
RSA 8192                  5         0.001    
RSA/ECDSA Dual Stack      44        0.0086

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 110108    21.4013  
Unsupported               404383    78.5987  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      25202     4.8984
SSL2 Only                 15        0.0029
SSL3                      126817    24.649
SSL3 Only                 549       0.1067
SSL3 or TLS1 Only         72846     14.1588
SSL3 or lower Only        571       0.111
TLS1                      510753    99.2735
TLS1 Only                 43061     8.3696
TLS1 or lower Only        96394     18.7358
TLS1.1                    405071    78.7324
TLS1.1 Only               30        0.0058
TLS1.1 or up Only         2939      0.5712
TLS1.2                    415131    80.6877
TLS1.2 Only               1267      0.2463
TLS1.2, 1.0 but not 1.1   11078     2.1532

Statistics from 481615 chains provided by 696385 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  438491    62.9667
incomplete                20877     2.9979
untrusted                 237017    34.0353

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         214       0.0444
3                         479299    99.5191
4                         2064      0.4286
5                         38        0.0079

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 21571     
ECDSA 384                 21574     
RSA 1024                  189       
RSA 2045                  3         
RSA 2048                  797792    
RSA 4096                  124027    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 21571     4.4789
ECDSA 384                 21574     4.4795
RSA 1024                  187       0.0388
RSA 2045                  3         0.0006
RSA 2048                  459556    95.4198
RSA 4096                  123505    25.6439

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              21569     
sha1WithRSAEncryption          87272     
sha256WithRSAEncryption        264799    
sha384WithRSAEncryption        109831    
sha512WithRSAEncryption        70        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        87432     18.1539
112                       372602    77.3651
128                       21581     4.481

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 102403    21.2624
(d6325660) COMODO RSA Certification Authority 101866    21.1509
(cbf06781) Go Daddy Root Certificate Authorit 47350     9.8315
(5ad8a5d6) GlobalSign Root CA                 41408     8.5977
(b204d74a) VeriSign Class 3 Public Primary Ce 26837     5.5723
(244b5494) DigiCert High Assurance EV Root CA 25125     5.2168
(2e4eed3c) thawte Primary Root CA             22902     4.7553
(eed8c118) COMODO ECC Certification Authority 21557     4.476
(653b494a) Baltimore CyberTrust Root          11908     2.4725
(157753a5) AddTrust External CA Root          10009     2.0782
(ae8153b9) StartCom Certification Authority   8637      1.7933
(fc5a8f99) USERTrust RSA Certification Author 7875      1.6351
(3513523f) DigiCert Global Root CA            7502      1.5577
(4bfab552) Starfield Root Certificate Authori 6246      1.2969
(480720ec) GeoTrust Primary Certification Aut 5252      1.0905
(f387163d) Starfield Technologies, Inc.       4889      1.0151


Scan performed between 18th and 28th of September 2015.

August 2015 scan results

Another rather uneventful month – more TLS servers among Alexa top 1 million, more support for AES-GCM, ECDHE, TLS1.2. Less servers with bad configurations – RC4 and other insecure ciphers, SSL2 and SSL3, SHA-1 certificates.

Cipher suites

AES in CBC mode remains unchanged but we see continued growth of the GCM, with it gaining another 2%. Despite its age, 3DES is still showing growth with 1% more servers supporting it, likely because of removal of RC4, which lost another 3% overall and 0.4% for servers which prefer it. There are still over 1300 servers among Alexa top 1 million that support only RC4 (0.27% of total).

Similarly, the overall percentage of servers which support completely insecure ciphers has dropped by over 1.5%.

Despite FREAK and Logjam, over 6.5% of servers support export grade ciphers.

Key exchange

ECDHE support is still growing, although at a rather slow pace – this month 2.2% more servers were willing to use this mechanism. DHE has fallen by nearly 1.5%

As always, the growth was fuelled by adding support for the P-256 curve.

Support as well as preference for PFS has grown – by just under a 1% and 1.5% respectively

Hash and signature algorithms

Unfortunately the roll-out of TLS 1.2 also brings with itself additional servers willing to negotiate MD5 signature algorithm on ServerKeyExchange messages, it has grown by 1% month over month.

Support for SHA-256 has grown by 2% so deployment of more capable systems is at least higher.

Vulnerabilities

Support for insecure renegotiation is still at a fairly high level of 4%, falling just by 0.2% since last month.

Compression has fallen by a same amount, reducing the percentage of servers vulnerable to CRIME to 2.1%

Certificates

Certificates using SHA-1 signatures have fallen by just over 6%, getting replaced mostly by RSA certificates signed with SHA-256 with some signed by ECDSA.

2048 bit RSA sees little changes, towering at nearly 90% of all servers.

Protocols

SSLv2 and SSLv3 continue their journey down, at the same slow pace. But we are at a level of just 600 servers in Alexa Top 1 million requiring use of SSLv3 to connect. Over 99% of servers support at least TLSv1.0.

At the same time, we have reached the milestone of “only one in five servers supporting TLSv1.0 as the highest protocol version”. We are shy of just 0.3% to be able to say that 4 in 5 servers support TLSv1.2!

Results

SSL/TLS survey of 509351 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      435183    85.4387
3DES Only                 725       0.1423
AES                       500583    98.2786
AES Only                  18647     3.6609
AES-CBC                   500485    98.2594
AES-CBC Only              9344      1.8345
AES-GCM                   363787    71.4217
AES-GCM Only              37        0.0073
CAMELLIA                  225125    44.1984
CAMELLIA Only             3         0.0006
CHACHA20                  63145     12.3971
CHACHA20 Only             2         0.0004
Insecure                  67027     13.1593
RC4                       239979    47.1147
RC4 Only                  1395      0.2739
RC4 Preferred             29355     5.7632
RC4 forced in TLS1.1+     16525     3.2443
x:FF 29 RC4 Only          1696      0.333
x:FF 29 RC4 Preferred     33338     6.5452
x:FF 29 incompatible      107       0.021
x:FF 35 RC4 Only          2022      0.397
x:FF 35 RC4 Preferred     33466     6.5703
x:FF 35 incompatible      112       0.022
y:DHE-RSA-SEED-SHA        85997     16.8836
y:IDEA-CBC-SHA            78567     15.4249
y:SEED-SHA                95725     18.7935
z:ADH-AES128-GCM-SHA256   290       0.0569
z:ADH-AES128-SHA          690       0.1355
z:ADH-AES128-SHA256       194       0.0381
z:ADH-AES256-GCM-SHA384   300       0.0589
z:ADH-AES256-SHA          701       0.1376
z:ADH-AES256-SHA256       196       0.0385
z:ADH-CAMELLIA128-SHA     306       0.0601
z:ADH-CAMELLIA256-SHA     312       0.0613
z:ADH-DES-CBC-SHA         295       0.0579
z:ADH-DES-CBC3-SHA        712       0.1398
z:ADH-RC4-MD5             569       0.1117
z:ADH-SEED-SHA            230       0.0452
z:AECDH-AES128-SHA        13191     2.5898
z:AECDH-AES256-SHA        13214     2.5943
z:AECDH-DES-CBC3-SHA      13149     2.5815
z:AECDH-NULL-SHA          51        0.01
z:AECDH-RC4-SHA           12459     2.4461
z:DES-CBC-MD5             12757     2.5046
z:DES-CBC-SHA             38652     7.5885
z:DES-CBC3-MD5            25783     5.0619
z:ECDHE-RSA-NULL-SHA      60        0.0118
z:EDH-RSA-DES-CBC-SHA     33192     6.5165
z:EXP-ADH-DES-CBC-SHA     214       0.042
z:EXP-ADH-RC4-MD5         213       0.0418
z:EXP-DES-CBC-SHA         17083     3.3539
z:EXP-EDH-RSA-DES-CBC-SHA 13893     2.7276
z:EXP-RC2-CBC-MD5         20743     4.0724
z:EXP-RC4-MD5             21811     4.2821
z:EXP1024-DES-CBC-SHA     5319      1.0443
z:EXP1024-RC4-SHA         5395      1.0592
z:IDEA-CBC-MD5            2435      0.4781
z:NULL-MD5                230       0.0452
z:NULL-SHA                232       0.0455
z:NULL-SHA256             22        0.0043
z:RC2-CBC-MD5             13042     2.5605
z:RC4-64-MD5              1052      0.2065

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               130864    25.6923
Server side               378487    74.3077

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       817       0.1604
AECDH                     13248     2.601
DHE                       280098    54.9912
ECDH                      3         0.0006
ECDHE                     390772    76.7196
ECDHE and DHE             205466    40.3388
RSA                       463146    90.9287

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               187360    36.7841  66.8909
DH,1536bits               2         0.0004   0.0007
DH,2048bits               83731     16.4388  29.8935
DH,2236bits               3         0.0006   0.0011
DH,3072bits               2656      0.5214   0.9482
DH,3092bits               1         0.0002   0.0004
DH,4096bits               5788      1.1363   2.0664
DH,512bits                59        0.0116   0.0211
DH,768bits                553       0.1086   0.1974
DH,8192bits               2         0.0004   0.0007
ECDH,B-163,163bits        1         0.0002   0.0003
ECDH,B-571,570bits        1431      0.2809   0.3662
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,K-571,570bits        1         0.0002   0.0003
ECDH,P-224,224bits        83        0.0163   0.0212
ECDH,P-256,256bits        379964    74.5977  97.2342
ECDH,P-384,384bits        2696      0.5293   0.6899
ECDH,P-521,521bits        7641      1.5001   1.9554
Prefer DH,1024bits        70139     13.7703  25.0409
Prefer DH,1536bits        1         0.0002   0.0004
Prefer DH,2048bits        6067      1.1911   2.166
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,3072bits        21        0.0041   0.0075
Prefer DH,4096bits        310       0.0609   0.1107
Prefer DH,768bits         170       0.0334   0.0607
Prefer ECDH,B-163,163bits 1         0.0002   0.0003
Prefer ECDH,B-571,570bits 1231      0.2417   0.315
Prefer ECDH,K-163,163bits 1         0.0002   0.0003
Prefer ECDH,K-571,570bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 49        0.0096   0.0125
Prefer ECDH,P-256,256bits 327275    64.2533  83.7509
Prefer ECDH,P-384,384bits 2552      0.501    0.6531
Prefer ECDH,P-521,521bits 6909      1.3564   1.768
Prefer PFS                414728    81.4228  0
Support PFS               465404    91.372   0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           1013      0.1989   
brainpoolP384r1           1014      0.1991   
brainpoolP512r1           1015      0.1993   
prime192v1                1346      0.2643   
prime256v1                389473    76.4646  
prime256v1 Only           338238    66.4057  
secp160k1                 1313      0.2578   
secp160r1                 1315      0.2582   
secp160r2                 1312      0.2576   
secp192k1                 1335      0.2621   
secp224k1                 1403      0.2754   
secp224r1                 3044      0.5976   
secp224r1 Only            2         0.0004   
secp256k1                 2305      0.4525   
secp384r1                 51317     10.075   
secp384r1 Only            330       0.0648   
secp521r1                 20958     4.1146   
secp521r1 Only            124       0.0243   
sect163k1                 1322      0.2595   
sect163k1 Only            2         0.0004   
sect163r1                 1320      0.2592   
sect163r2                 1319      0.259    
sect163r2 Only            1         0.0002   
sect193r1                 1316      0.2584   
sect193r2                 1315      0.2582   
sect233k1                 1395      0.2739   
sect233r1                 1395      0.2739   
sect239k1                 1394      0.2737   
sect283k1                 2280      0.4476   
sect283r1                 2279      0.4474   
sect409k1                 2281      0.4478   
sect409r1                 2278      0.4472   
sect571k1                 2291      0.4498   
sect571r1                 2290      0.4496   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          76188     14.9579  
True                           263977    51.8261  
order-specific                 263       0.0516   
unknown                        168923    33.1644  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    3661      0.7188   
inconclusive-noecc        9         0.0018   
server                    386286    75.8389  
unknown                   119395    23.4406  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     35626     6.9944   
ECDSA-SHA1 Only                4         0.0008   
ECDSA-SHA224                   35618     6.9928   
ECDSA-SHA256                   35628     6.9948   
ECDSA-SHA384                   35625     6.9942   
ECDSA-SHA512                   35631     6.9954   
ECDSA-SHA512 Only              6         0.0012   
RSA-MD5                        165235    32.4403  
RSA-SHA1                       341873    67.1193  
RSA-SHA1 Only                  46530     9.1352   
RSA-SHA224                     277602    54.5011  
RSA-SHA256                     301111    59.1166  
RSA-SHA256 Only                4859      0.954    
RSA-SHA384                     278555    54.6882  
RSA-SHA512                     278643    54.7055  
RSA-SHA512 Only                93        0.0183   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         243146    47.7364  
indeterminate                  8         0.0016   
intolerant                     3556      0.6981   
order-fallback                 16        0.0031   
server                         136828    26.8632  
unsupported                    22608     4.4386   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     35612     6.9916   
ECDSA intolerant               39        0.0077   
RSA False                      163780    32.1546  
RSA SHA1                       152230    29.8871  
RSA intolerant                 30949     6.0762   
RSA soft-nopfs                 1543      0.3029   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     6729      1.3211   
insecure                  20615     4.0473   
secure                    482007    94.6316  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      10877     2.1355   
False                     6729      1.3211   
NONE                      491745    96.5434  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         4         0.0008   
5 only                    4         0.0008   
10                        7         0.0014   
10 only                   7         0.0014   
15                        10        0.002    
15 only                   10        0.002    
30                        10        0.002    
30 only                   9         0.0018   
60                        100       0.0196   
60 only                   92        0.0181   
65                        1         0.0002   
65 only                   1         0.0002   
70                        6         0.0012   
100                       12        0.0024   
100 only                  12        0.0024   
120                       32        0.0063   
120 only                  32        0.0063   
128                       3         0.0006   
128 only                  3         0.0006   
150                       2         0.0004   
180                       52        0.0102   
180 only                  50        0.0098   
240                       14        0.0027   
240 only                  14        0.0027   
300                       227236    44.6129  
300 only                  222350    43.6536  
302                       1         0.0002   
302 only                  1         0.0002   
360                       3         0.0006   
360 only                  1         0.0002   
400                       7         0.0014   
400 only                  7         0.0014   
420                       113       0.0222   
420 only                  82        0.0161   
450                       1         0.0002   
450 only                  1         0.0002   
480                       12        0.0024   
480 only                  12        0.0024   
500                       4         0.0008   
500 only                  4         0.0008   
540                       1         0.0002   
540 only                  1         0.0002   
600                       23677     4.6485   
600 only                  23483     4.6104   
720                       1         0.0002   
720 only                  1         0.0002   
840                       2         0.0004   
840 only                  2         0.0004   
900                       664       0.1304   
900 only                  648       0.1272   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      1996      0.3919   
1200 only                 1989      0.3905   
1500                      8         0.0016   
1500 only                 7         0.0014   
1800                      449       0.0882   
1800 only                 441       0.0866   
2400                      6         0.0012   
2400 only                 6         0.0012   
2700                      6         0.0012   
2700 only                 6         0.0012   
3000                      20        0.0039   
3000 only                 20        0.0039   
3600                      463       0.0909   
3600 only                 439       0.0862   
3900                      1         0.0002   
3900 only                 1         0.0002   
5400                      15        0.0029   
5400 only                 5         0.001    
6000                      6         0.0012   
6000 only                 6         0.0012   
7200                      15785     3.099    
7200 only                 15761     3.0943   
10800                     2395      0.4702   
10800 only                2391      0.4694   
14400                     73        0.0143   
14400 only                73        0.0143   
18000                     14        0.0027   
18000 only                14        0.0027   
21600                     5069      0.9952   
21600 only                5067      0.9948   
28800                     1936      0.3801   
28800 only                846       0.1661   
36000                     1219      0.2393   
36000 only                1212      0.2379   
43200                     32        0.0063   
43200 only                32        0.0063   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     50264     9.8682   
64800 only                50206     9.8569   
72000                     10        0.002    
72000 only                10        0.002    
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     37        0.0073   
86000 only                37        0.0073   
86400                     3516      0.6903   
86400 only                3515      0.6901   
100800                    12467     2.4476   
100800 only               12460     2.4463   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    7         0.0014   
129600 only               7         0.0014   
172800                    8         0.0016   
172800 only               8         0.0016   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    2         0.0004   
432000 only               2         0.0004   
604800                    1         0.0002   
864000                    2         0.0004   
864000 only               2         0.0004   
2592000                   1         0.0002   
2592000 only              1         0.0002   
None                      167946    32.9725  
None only                 161562    31.7192  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      13903     2.7296   
ecdsa-with-SHA256         35609     6.9911   
sha1WithRSAEncryption     118117    23.1897  
sha256WithRSAEncryption   355741    69.842   
sha384WithRSAEncryption   5         0.001    
sha512WithRSAEncryption   17        0.0033   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 35649     6.9989   
ECDSA 384                 6         0.0012   
ECDSA 521                 1         0.0002   
RSA 1024                  81        0.0159   
RSA 10240                 7         0.0014   
RSA 2048                  455461    89.4199  
RSA 2049                  3         0.0006   
RSA 2056                  2         0.0004   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  5         0.001    
RSA 2408                  1         0.0002   
RSA 2432                  2         0.0004   
RSA 2480                  1         0.0002   
RSA 2890                  1         0.0002   
RSA 3071                  2         0.0004   
RSA 3072                  111       0.0218   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 4042                  1         0.0002   
RSA 4048                  1         0.0002   
RSA 4056                  25        0.0049   
RSA 4069                  3         0.0006   
RSA 4086                  2         0.0004   
RSA 4092                  6         0.0012   
RSA 4094                  1         0.0002   
RSA 4096                  18024     3.5386   
RSA 8192                  5         0.001    
RSA/ECDSA Dual Stack      50        0.0098

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 109199    21.4389  
Unsupported               400152    78.5611  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      26076     5.1195
SSL2 Only                 24        0.0047
SSL3                      130306    25.5828
SSL3 Only                 584       0.1147
SSL3 or TLS1 Only         75720     14.866
SSL3 or lower Only        607       0.1192
TLS1                      506048    99.3515
TLS1 Only                 44327     8.7026
TLS1 or lower Only        100132    19.6587
TLS1.1                    396444    77.8332
TLS1.1 Only               30        0.0059
TLS1.1 or up Only         2473      0.4855
TLS1.2                    406149    79.7385
TLS1.2 Only               1063      0.2087
TLS1.2, 1.0 but not 1.1   11004     2.1604

Statistics from 528021 chains provided by 691201 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  479672    69.3969
incomplete                23576     3.4109
untrusted                 187953    27.1922

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         269       0.0509
3                         525613    99.544
4                         2106      0.3988
5                         33        0.0062

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 35610     
ECDSA 384                 35613     
RSA 1024                  255       
RSA 2045                  1         
RSA 2048                  860646    
RSA 4096                  125820    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 35610     6.744
ECDSA 384                 35613     6.7446
RSA 1024                  253       0.0479
RSA 2045                  1         0.0002
RSA 2048                  491885    93.1563
RSA 4096                  125302    23.7305

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              35609     
sha1WithRSAEncryption          136788    
sha256WithRSAEncryption        246213    
sha384WithRSAEncryption        111253    
sha512WithRSAEncryption        61        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        137062    25.9577
112                       355341    67.2968
128                       35618     6.7456

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 109891    20.8119
(d6325660) COMODO RSA Certification Authority 103786    19.6557
(5ad8a5d6) GlobalSign Root CA                 51859     9.8214
(cbf06781) Go Daddy Root Certificate Authorit 48094     9.1083
(eed8c118) COMODO ECC Certification Authority 35597     6.7416
(b204d74a) VeriSign Class 3 Public Primary Ce 30261     5.731
(244b5494) DigiCert High Assurance EV Root CA 26028     4.9293
(2e4eed3c) thawte Primary Root CA             24484     4.6369
(157753a5) AddTrust External CA Root          12314     2.3321
(653b494a) Baltimore CyberTrust Root          12080     2.2878
(ae8153b9) StartCom Certification Authority   9217      1.7456
(3513523f) DigiCert Global Root CA            7329      1.388
(fc5a8f99) USERTrust RSA Certification Author 7360      1.3939
(4bfab552) Starfield Root Certificate Authori 6079      1.1513
(f081611a) The Go Daddy Group, Inc.           5382      1.0193
(480720ec) GeoTrust Primary Certification Aut 5448      1.0318
(f387163d) Starfield Technologies, Inc.       5310      1.0056


Scan performed between 17th of August and 4th of September 2015.

The cryptopocalipse is near(er)!

That’s at least what NIST, CNSS and NSA think.

The primary reason for deploying cryptographic systems is to protect secrets. When the system carries information with a very long life (like locations of nuclear silos or evidence for marital infidelity) you need to stop using it well before it is broken. That means the usable life of a crypto-system is shorter than the time it remains unbroken.

Suite B is a set of cryptographic algorithms in very specific configurations that was originally published in 2005. Implementations certified by NIST in the FIPS program were allowed for protection of SECRET and TOP SECRET information depending on specific key sizes used. In practice SECRET was equivalent to 128 bit level of security, so SHA-256 signatures, AES-128 and P-256 curve, TOP SECRET required 192 bit level of security with SHA-384 signatures, P-384 curve and AES-256 for encryption.

They now claim that quantum computers are much closer than we think (less than 10 years time frame) and as such the keys used for protection of secure information need to be increased in short term (significantly in case of ECC) and research of quantum resistant algorithms is now a priority.

New recommendations

That means we get a new set of recommendations.

To summarise:

If you’re using TLS or IPsec with Pre-Shared Keys (PSK) with AES-256 encryption, you’ll most likely be fine.

If you were planning deployment of ECC in near future, you should just increase key sizes of existing RSA and DH systems and prepare for deployment of quantum resistant crypto in near future instead.

For RSA and finite-field DH (a new addition to Suite B but very old crypto systems by their own right) the recommended minimum is 3072 bit parameters. That is not particularly surprising, as that is the ENISA as well as NIST recommendation for 128 bit level of security.

What is a bit surprising is that they have changed the minimum hash size from 256 to 384 bit.

For ECC systems the P-256 curve was degraded to be secure enough only to protect unclassified information, so it was put together with 2048 bit RSA or DH. The minimum now is P-384 curve.

So now the table with equivalent systems looks like this:

 LoS RSA key size DH key size ECC key size Hash AES key size
112 bit 2048 bit 2048 bit 256 bit SHA-256 128 bit
128 bit 3072 bit 3072 bit 384 bit SHA-384 256 bit

What does that mean?

Most commercial systems don’t need to perform key rotation and reconfiguration of their systems just yet, as the vast majority of them (nearly 90%) still use just 2048 bit RSA for authentication. What that does mean is that the recent migration to ECC (like ECDHE key exchange and ECDSA certificates) didn’t bring increase in security, just in speed of key exchange. So if you’re an admin, that means you don’t need to do much, at least not until other groups of people don’t do their part.

Software vendors need to make their software actually negotiate the curve used for ECDHE key exchange. Situation in which 86% of servers that can do ECDHE can do it only with P-256 is… unhealthy. The strongest mutually supported algorithms should be negotiated automatically and by default. That means stronger signatures on ECDHE and DHE key exchanges, bigger curves selected for ECDHE and bigger parameters selected for DHE (at least as soon as draft-ietf-tls-negotiated-ff-dhe-10 becomes a standard).

Finally, we need quantum computing resistant cryptography. It would be also quite nice if we didn’t have to wait 15 or even 10 years before it reaches 74% of web servers market because of patent litigation fears.

July 2015 scan results

Number of servers with trusted certificates is rising again, but it’s not yet at they May levels. Mostly just continuation of established trends. One significant change is that I’ve used most recent Mozilla trust list, with few 1024 bit root CAs removed, causing the average length of certificate chain to drop significantly.

Cipher suites

A bit surprisingly 3DES use has grown by a 1%, likely as a result of servers still worrying about compatibility with Windows XP when deprecating RC4 ciphers (those are down by nearly 3%).

Support for AES remains strong, with CBC mode of it does’t have much space to grow, continuing to hover at around 98%. GCM mode has grown by just under 3%.

RC4 cipher market share is just over 50% mark due to a nearly 3% drop since last month. Count of servers that support only this cipher has also gone down, with just 1484 servers supporting only this cipher in Alexa top 1 million. Unfortunately the amount of servers which prefer RC4 and which use it even in TLS1.1 or later is largely unchanged, falling by just 0.4% and 0.2% respectively.

Completely insecure ciphers also remain unchanged, with a decrease of just 0.5%.

Nearly 7% of servers still support the Logjam vulnerable export grade ciphersuites, a decrease of less than 0.2%.

Key exchange

ECDHE support is still growing, this month increasing by over 2.2% and reaching nearly 75%. As usual, the change is due to increased support for NIST P-256 curve, both in general as well as for preferred ciphersuites.

DHE support remains unchanged.

Nearly 80% of servers now prefer PFS key exchange and just over 90% support it.

This is also the first month where there are no servers which prefer key exchange with 512bit DHE! (last month there were just two, so it’s not a bit change…)

Hash and signature algorithms

No landslides here either. Both support for RSA-MD5 as well as RSA-MD5 keeps growing (by just under 1% and 2% respectively), while support for the more secure RSA-SHA256 is much slower, with just 1.3% increase.

Vulnerabilities

Servers missing secure renegotiation indication and vulnerable to CRIME are falling rather slowly, decreasing nearly insignificantly.

Certificates

Certificates signed with SHA256 are clearly gaining, with a 3% increase since last month. SHA-1 is also nicely falling, reaching a 30% mark now.

Still, most of those newly deployed certificates are using 2048 bit RSA keys, as those have decreased by just 0.3%.

We will also most likely see the first time when less than 100 servers use just 1024 bit RSA certificates.

As I’ve updated the Mozilla trust store, the average length of trust chain has decreased, with over 99% servers using just one intermediate certificate. At the same time the number of CAs above the 1% mark has grown by 4.

Protocols

SSLv3 and SSLv2 protocol keep their slow depreciation walk, with decreases of just 1% and 0.2% respectively. Thankfully, the vast majority of them supports at least TLSv1.0, with just 735 servers supporting SSLv3 at most (decrease of 0.04% since last month).

TLS1.2 market penetration is also reaching new heights, with 78% of servers supporting this protocol, its adoption is also rather slow, with increase of just 1.1%.

Results

SSL/TLS survey of 501992 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      424054    84.4743
3DES Only                 812       0.1618
AES                       492491    98.1073
AES Only                  17862     3.5582
AES-CBC                   492390    98.0872
AES-CBC Only              9258      1.8443
AES-GCM                   347128    69.1501
AES-GCM Only              41        0.0082
CAMELLIA                  223605    44.5435
CAMELLIA Only             1         0.0002
CHACHA20                  60925     12.1366
Insecure                  74098     14.7608
RC4                       254399    50.6779
RC4 Only                  1484      0.2956
RC4 Preferred             31098     6.1949
RC4 forced in TLS1.1+     17264     3.4391
x:FF 29 RC4 Only          1823      0.3632
x:FF 29 RC4 Preferred     35210     7.0141
x:FF 29 incompatible      101       0.0201
x:FF 35 RC4 Only          2132      0.4247
x:FF 35 RC4 Preferred     35335     7.039
x:FF 35 incompatible      103       0.0205
y:DHE-RSA-SEED-SHA        90992     18.1262
y:IDEA-CBC-SHA            79674     15.8716
y:SEED-SHA                97028     19.3286
z:ADH-AES128-GCM-SHA256   289       0.0576
z:ADH-AES128-SHA          1315      0.262
z:ADH-AES128-SHA256       198       0.0394
z:ADH-AES256-GCM-SHA384   302       0.0602
z:ADH-AES256-SHA          1320      0.263
z:ADH-AES256-SHA256       200       0.0398
z:ADH-CAMELLIA128-SHA     897       0.1787
z:ADH-CAMELLIA256-SHA     902       0.1797
z:ADH-DES-CBC-SHA         338       0.0673
z:ADH-DES-CBC3-SHA        1333      0.2655
z:ADH-RC4-MD5             1206      0.2402
z:ADH-SEED-SHA            827       0.1647
z:AECDH-AES128-SHA        17845     3.5548
z:AECDH-AES256-SHA        17865     3.5588
z:AECDH-DES-CBC3-SHA      17799     3.5457
z:AECDH-NULL-SHA          50        0.01
z:AECDH-RC4-SHA           17077     3.4018
z:DES-CBC-MD5             13569     2.703
z:DES-CBC-SHA             40067     7.9816
z:DES-CBC3-MD5            26983     5.3752
z:ECDHE-RSA-NULL-SHA      61        0.0122
z:EDH-RSA-DES-CBC-SHA     34341     6.8409
z:EXP-ADH-DES-CBC-SHA     240       0.0478
z:EXP-ADH-RC4-MD5         240       0.0478
z:EXP-DES-CBC-SHA         18671     3.7194
z:EXP-EDH-RSA-DES-CBC-SHA 15391     3.066
z:EXP-RC2-CBC-MD5         22650     4.512
z:EXP-RC4-MD5             23797     4.7405
z:EXP1024-DES-CBC-SHA     5785      1.1524
z:EXP1024-RC4-SHA         5862      1.1677
z:IDEA-CBC-MD5            2484      0.4948
z:NULL-MD5                265       0.0528
z:NULL-SHA                267       0.0532
z:NULL-SHA256             19        0.0038
z:RC2-CBC-MD5             13857     2.7604
z:RC4-64-MD5              1138      0.2267

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               130910    26.0781
Server side               371082    73.9219

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1436      0.2861
AECDH                     17905     3.5668
DHE                       283230    56.4212
ECDH                      1         0.0002
ECDHE                     373639    74.4313
ECDHE and DHE             201985    40.2367
RSA                       459592    91.5537

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               204984    40.8341  72.3737
DH,1536bits               2         0.0004   0.0007
DH,2048bits               70215     13.9873  24.7908
DH,2236bits               3         0.0006   0.0011
DH,2430bits               1         0.0002   0.0004
DH,2432bits               1         0.0002   0.0004
DH,3072bits               2679      0.5337   0.9459
DH,4096bits               4693      0.9349   1.657
DH,512bits                76        0.0151   0.0268
DH,768bits                622       0.1239   0.2196
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        1         0.0002   0.0003
ECDH,B-571,570bits        1404      0.2797   0.3758
ECDH,K-571,570bits        1         0.0002   0.0003
ECDH,P-192,192bits        2         0.0004   0.0005
ECDH,P-224,224bits        72        0.0143   0.0193
ECDH,P-256,256bits        363944    72.5     97.4052
ECDH,P-384,384bits        3765      0.75     1.0077
ECDH,P-521,521bits        6951      1.3847   1.8604
Prefer DH,1024bits        78380     15.6138  27.6736
Prefer DH,1536bits        1         0.0002   0.0004
Prefer DH,2048bits        3926      0.7821   1.3862
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,3072bits        31        0.0062   0.0109
Prefer DH,4096bits        150       0.0299   0.053
Prefer DH,768bits         228       0.0454   0.0805
Prefer ECDH,B-163,163bits 1         0.0002   0.0003
Prefer ECDH,B-571,570bits 1210      0.241    0.3238
Prefer ECDH,K-571,570bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 42        0.0084   0.0112
Prefer ECDH,P-256,256bits 308148    61.385   82.4721
Prefer ECDH,P-384,384bits 2291      0.4564   0.6132
Prefer ECDH,P-521,521bits 6402      1.2753   1.7134
Prefer PFS                400812    79.8443  0
Support PFS               454884    90.6158  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           405       0.0807   
brainpoolP384r1           405       0.0807   
brainpoolP512r1           405       0.0807   
prime192v1                1373      0.2735   
prime256v1                372791    74.2623  
prime256v1 Only           323403    64.4239  
secp160k1                 1334      0.2657   
secp160r1                 1338      0.2665   
secp160r2                 1334      0.2657   
secp192k1                 1358      0.2705   
secp224k1                 1414      0.2817   
secp224r1                 2898      0.5773   
secp224r1 Only            2         0.0004   
secp256k1                 1708      0.3402   
secp384r1                 49700     9.9006   
secp384r1 Only            314       0.0626   
secp521r1                 17736     3.5331   
secp521r1 Only            116       0.0231   
sect163k1                 1337      0.2663   
sect163k1 Only            2         0.0004   
sect163r1                 1335      0.2659   
sect163r2                 1336      0.2661   
sect163r2 Only            1         0.0002   
sect193r1                 1334      0.2657   
sect193r2                 1333      0.2655   
sect233k1                 1402      0.2793   
sect233r1                 1402      0.2793   
sect239k1                 1401      0.2791   
sect283k1                 1678      0.3343   
sect283r1                 1678      0.3343   
sect409k1                 1678      0.3343   
sect409r1                 1678      0.3343   
sect571k1                 1692      0.3371   
sect571r1                 1691      0.3369   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          83042     16.5425  
True                           242989    48.405   
order-specific                 27        0.0054   
unknown                        175934    35.0472  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    3093      0.6161   
inconclusive-noecc        24        0.0048   
server                    370124    73.7311  
unknown                   128751    25.648   

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     33890     6.7511   
ECDSA-SHA1 Only                2         0.0004   
ECDSA-SHA224                   33884     6.7499   
ECDSA-SHA256                   33890     6.7511   
ECDSA-SHA384                   33889     6.7509   
ECDSA-SHA512                   33893     6.7517   
ECDSA-SHA512 Only              4         0.0008   
RSA-MD5                        157874    31.4495  
RSA-SHA1                       329494    65.6373  
RSA-SHA1 Only                  48447     9.651    
RSA-SHA224                     265179    52.8253  
RSA-SHA256                     286453    57.0633  
RSA-SHA256 Only                4521      0.9006   
RSA-SHA384                     266091    53.007   
RSA-SHA512                     266166    53.022   
RSA-SHA512 Only                71        0.0141   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         233019    46.4189  
indeterminate                  10        0.002    
intolerant                     3229      0.6432   
order-fallback                 23        0.0046   
server                         132720    26.4387  
unsupported                    23607     4.7027   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     33882     6.7495   
ECDSA intolerant               21        0.0042   
RSA False                      153463    30.5708  
RSA SHA1                       148645    29.611   
RSA intolerant                 28673     5.7118   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 4517      0.8998   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     7266      1.4474   
insecure                  21303     4.2437   
secure                    473423    94.3089  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      11567     2.3042   
False                     7266      1.4474   
NONE                      483159    96.2483  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         2         0.0004   
5 only                    2         0.0004   
10                        7         0.0014   
10 only                   7         0.0014   
15                        9         0.0018   
15 only                   9         0.0018   
30                        12        0.0024   
30 only                   12        0.0024   
60                        106       0.0211   
60 only                   99        0.0197   
70                        7         0.0014   
100                       12        0.0024   
100 only                  12        0.0024   
120                       28        0.0056   
120 only                  28        0.0056   
128                       3         0.0006   
128 only                  3         0.0006   
150                       2         0.0004   
180                       47        0.0094   
180 only                  45        0.009    
240                       10        0.002    
240 only                  10        0.002    
300                       220792    43.9832  
300 only                  215544    42.9377  
400                       8         0.0016   
400 only                  8         0.0016   
420                       117       0.0233   
420 only                  79        0.0157   
480                       13        0.0026   
480 only                  13        0.0026   
500                       5         0.001    
500 only                  5         0.001    
540                       1         0.0002   
540 only                  1         0.0002   
600                       22097     4.4019   
600 only                  21925     4.3676   
720                       3         0.0006   
720 only                  2         0.0004   
900                       597       0.1189   
900 only                  577       0.1149   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      1891      0.3767   
1200 only                 1887      0.3759   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      9         0.0018   
1500 only                 8         0.0016   
1800                      414       0.0825   
1800 only                 407       0.0811   
2400                      6         0.0012   
2400 only                 5         0.001    
2700                      6         0.0012   
2700 only                 6         0.0012   
3000                      21        0.0042   
3000 only                 21        0.0042   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      428       0.0853   
3600 only                 415       0.0827   
3900                      2         0.0004   
3900 only                 2         0.0004   
4200                      1         0.0002   
5400                      18        0.0036   
5400 only                 3         0.0006   
6000                      4         0.0008   
6000 only                 4         0.0008   
7200                      15459     3.0795   
7200 only                 12872     2.5642   
10800                     2078      0.414    
10800 only                2074      0.4132   
14400                     77        0.0153   
14400 only                77        0.0153   
18000                     17        0.0034   
18000 only                17        0.0034   
21600                     5026      1.0012   
21600 only                5024      1.0008   
28800                     2346      0.4673   
28800 only                1578      0.3143   
36000                     1236      0.2462   
36000 only                1230      0.245    
43200                     26        0.0052   
43200 only                26        0.0052   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     47900     9.542    
64800 only                47888     9.5396   
72000                     12        0.0024   
72000 only                12        0.0024   
86000                     41        0.0082   
86000 only                41        0.0082   
86400                     3432      0.6837   
86400 only                3430      0.6833   
100800                    12605     2.511    
100800 only               12595     2.509    
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    7         0.0014   
129600 only               7         0.0014   
172800                    8         0.0016   
172800 only               8         0.0016   
604800                    2         0.0004   
604800 only               2         0.0004   
864000                    2         0.0004   
864000 only               2         0.0004   
None                      173956    34.6531  
None only                 165035    32.876   

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      18593     3.7038   
ecdsa-with-SHA256         33851     6.7433   
sha1WithRSAEncryption     147349    29.3529  
sha256WithRSAEncryption   320910    63.9273  
sha384WithRSAEncryption   4         0.0008   
sha512WithRSAEncryption   9         0.0018   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 33898     6.7527   
ECDSA 384                 7         0.0014   
RSA 1024                  106       0.0211   
RSA 10240                 5         0.001    
RSA 2047                  1         0.0002   
RSA 2048                  450327    89.708   
RSA 2049                  3         0.0006   
RSA 2056                  2         0.0004   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  6         0.0012   
RSA 2096                  1         0.0002   
RSA 2408                  1         0.0002   
RSA 2432                  4         0.0008   
RSA 2612                  2         0.0004   
RSA 2848                  1         0.0002   
RSA 3024                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  118       0.0235   
RSA 3096                  1         0.0002   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 4042                  1         0.0002   
RSA 4048                  1         0.0002   
RSA 4056                  22        0.0044   
RSA 4069                  1         0.0002   
RSA 4086                  1         0.0002   
RSA 4092                  6         0.0012   
RSA 4094                  1         0.0002   
RSA 4096                  17521     3.4903   
RSA 8192                  7         0.0014   
RSA/ECDSA Dual Stack      56        0.0112

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 101152    20.1501  
Unsupported               400840    79.8499  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      27268     5.432
SSL2 Only                 24        0.0048
SSL3                      136796    27.2506
SSL3 Only                 707       0.1408
SSL3 or TLS1 Only         80735     16.0829
SSL3 or lower Only        735       0.1464
TLS1                      498809    99.3659
TLS1 Only                 47086     9.3798
TLS1 or lower Only        106223    21.1603
TLS1.1                    382607    76.2177
TLS1.1 Only               28        0.0056
TLS1.1 or up Only         2220      0.4422
TLS1.2                    392594    78.2072
TLS1.2 Only               994       0.198
TLS1.2, 1.0 but not 1.1   11334     2.2578

Statistics from 526034 chains provided by 685991 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  475051    69.2503
incomplete                24873     3.6258
untrusted                 186067    27.1238

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         327       0.0622
3                         523536    99.5251
4                         2138      0.4064
5                         33        0.0063

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 33853     
ECDSA 384                 33855     
RSA 1024                  308       
RSA 2045                  1         
RSA 2048                  866336    
RSA 4096                  119592    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 33853     6.4355
ECDSA 384                 33855     6.4359
RSA 1024                  306       0.0582
RSA 2045                  1         0.0002
RSA 2048                  491599    93.4538
RSA 4096                  119050    22.6316

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              33853     
sha1WithRSAEncryption          162869    
sha256WithRSAEncryption        225699    
sha384WithRSAEncryption        105464    
sha512WithRSAEncryption        26        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        163116    31.0086
112                       329059    62.5547
128                       33859     6.4367

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 112037    21.2984
(d6325660) COMODO RSA Certification Authority 98541     18.7328
(5ad8a5d6) GlobalSign Root CA                 51559     9.8015
(cbf06781) Go Daddy Root Certificate Authorit 47005     8.9357
(eed8c118) COMODO ECC Certification Authority 33844     6.4338
(b204d74a) VeriSign Class 3 Public Primary Ce 30749     5.8454
(2e4eed3c) thawte Primary Root CA             25383     4.8254
(244b5494) DigiCert High Assurance EV Root CA 25365     4.8219
(157753a5) AddTrust External CA Root          15024     2.8561
(653b494a) Baltimore CyberTrust Root          11832     2.2493
(ae8153b9) StartCom Certification Authority   9405      1.7879
(3513523f) DigiCert Global Root CA            6987      1.3282
(fc5a8f99) USERTrust RSA Certification Author 6820      1.2965
(f081611a) The Go Daddy Group, Inc.           6456      1.2273
(480720ec) GeoTrust Primary Certification Aut 5857      1.1134
(f387163d) Starfield Technologies, Inc.       5842      1.1106
(4bfab552) Starfield Root Certificate Authori 5499      1.0454


Scan performed between 14th and 24th of July 2015.


June 2015 scan results

This month we have a small decrease in overall number of servers which support TLS protocol, down by 1.5%. Giving less than half a million of servers supporting secure communication in the Alex top 1 million sites.

Cipher suites

We have very small changes in used ciphers, all secure cipher types have gained below 0.5% each.

Surprisingly, there have been 22 servers which supported just ChaCha20 based ciphers.

Use of insecure ciphers is also mostly constant, loosing about 0.2%. RC4 use has also decreased, with 2% fewer servers supporting this cipher and server which support only this cipher has fallen by another 328 servers, bringing the overall number to just over 1.7 thousand servers. Servers which prefer RC4 ciphers have also decreased by 1.1%, most of it – 0.8% – driven by servers which no longer prefer RC4 with TLS1.1 and later protocol.

Cipher ordering remains unchanged, with server side ordering gaining less than 0.1%.

Key  exchange

Support for ECDHE key exchange grown by over 2.2%, nearly all of it caused by added support and preference for NIST P-256 curve.

The net effect was an increase of 1.2% in ciphersuites providing forward secrecy.

Hash and signature algorithms

Overall the changes were not drastic. Support for the MD5-RSA unfortunately keeps rising, this month by 1.3%. Support for SHA1-RSA has also increased by 2%. Support for the secure SHA256-RSA has grown by 2.3% so at least it’s growing faster than the others.

Client ordering of signature algorithms has grown by 2.4%, while server side ordering has lost 0.8%.

Majority of servers still either force use of SHA1 or abort connection in case the client didn’t advertise acceptable signature algorithms.

Vulnerabilities

Support for both insecure renegotiation and compression is still relatively high, at 4.44% and 2.45% respectively, falling by less than 0.4 and 0.1% month-on-month.

Many servers are also still vulnerable to Logjam, with still over 3.2% of servers using export grade DHE ciphersuites. Decrease of only 0.22%

Certificates

SHA-1 use keeps falling, but with a slightly less vigour – this month saw just 5.1% decrease.

Vast majority of those certificates were replaced by SHA-256 RSA signatures, bringing the overall market share of it to just above 60%.

2048 bit RSA still remains the chosen type of server key type, with just under 90% of server administrators opting for it.

Protocols

Use of SSL 2 and SSL 3 despite their insecurity still remains high, with 5.7% supporting the former and 28.2% the latter, decrease of 0.16% and 0.04% respectively.

Fortunately, just 919 servers (0.18% of total) support just those two protocols.

TLS1.0 support keeps dropping, albeit at a very slow pace (0.1% decrease), and still is above 99%.

TLS1.2 support increased by 0.8%, reaching 77%.

Results

SSL/TLS survey of 496355 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      414245    83.4574
3DES Only                 840       0.1692
AES                       485964    97.9065
AES Only                  17816     3.5894
AES-CBC                   485837    97.881
AES-CBC Only              9490      1.9119
AES-GCM                   331682    66.8235
AES-GCM Only              32        0.0064
CAMELLIA                  216922    43.703
CAMELLIA Only             4         0.0008
CHACHA20                  58723     11.8308
CHACHA20 Only             22        0.0044
Insecure                  75670     15.2451
RC4                       263495    53.086
RC4 Only                  1710      0.3445
RC4 Preferred             33485     6.7462
RC4 forced in TLS1.1+     18129     3.6524
x:FF 29 RC4 Only          2047      0.4124
x:FF 29 RC4 Preferred     37569     7.569
x:FF 29 incompatible      124       0.025
x:FF 35 RC4 Only          2377      0.4789
x:FF 35 RC4 Preferred     37715     7.5984
x:FF 35 incompatible      128       0.0258
y:DHE-RSA-SEED-SHA        101229    20.3945
y:IDEA-CBC-SHA            85830     17.2921
y:SEED-SHA                103066    20.7646
z:ADH-AES128-GCM-SHA256   311       0.0627
z:ADH-AES128-SHA          1107      0.223
z:ADH-AES128-SHA256       213       0.0429
z:ADH-AES256-GCM-SHA384   318       0.0641
z:ADH-AES256-SHA          1115      0.2246
z:ADH-AES256-SHA256       215       0.0433
z:ADH-CAMELLIA128-SHA     669       0.1348
z:ADH-CAMELLIA256-SHA     677       0.1364
z:ADH-DES-CBC-SHA         349       0.0703
z:ADH-DES-CBC3-SHA        1128      0.2273
z:ADH-RC4-MD5             1007      0.2029
z:ADH-SEED-SHA            605       0.1219
z:AECDH-AES128-SHA        17615     3.5489
z:AECDH-AES256-SHA        17629     3.5517
z:AECDH-DES-CBC3-SHA      17568     3.5394
z:AECDH-NULL-SHA          41        0.0083
z:AECDH-RC4-SHA           16900     3.4048
z:DES-CBC-MD5             14286     2.8782
z:DES-CBC-SHA             40810     8.2219
z:DES-CBC3-MD5            28088     5.6589
z:ECDHE-RSA-NULL-SHA      53        0.0107
z:EDH-RSA-DES-CBC-SHA     34934     7.0381
z:EXP-ADH-DES-CBC-SHA     252       0.0508
z:EXP-ADH-RC4-MD5         252       0.0508
z:EXP-DES-CBC-SHA         19650     3.9589
z:EXP-EDH-RSA-DES-CBC-SHA 16259     3.2757
z:EXP-RC2-CBC-MD5         23866     4.8083
z:EXP-RC4-MD5             25158     5.0685
z:EXP1024-DES-CBC-SHA     6288      1.2668
z:EXP1024-RC4-SHA         6374      1.2842
z:IDEA-CBC-MD5            2558      0.5154
z:NULL-MD5                259       0.0522
z:NULL-SHA                261       0.0526
z:NULL-SHA256             20        0.004
z:RC2-CBC-MD5             14614     2.9443
z:RC4-64-MD5              1161      0.2339

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               132994    26.7941
Server side               363361    73.2059

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1238      0.2494
AECDH                     17668     3.5595
DHE                       280798    56.572
ECDH                      1         0.0002
ECDHE                     358229    72.1719
ECDHE and DHE             196228    39.5338
RSA                       455866    91.8427

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               210208    42.3503  74.8609
DH,1536bits               2         0.0004   0.0007
DH,2048bits               62891     12.6706  22.3972
DH,2236bits               3         0.0006   0.0011
DH,3072bits               2689      0.5417   0.9576
DH,4096bits               4249      0.856    1.5132
DH,512bits                73        0.0147   0.026
DH,6144bits               1         0.0002   0.0004
DH,768bits                729       0.1469   0.2596
ECDH,B-163,163bits        1         0.0002   0.0003
ECDH,B-571,570bits        1330      0.268    0.3713
ECDH,K-571,570bits        1         0.0002   0.0003
ECDH,P-192,192bits        2         0.0004   0.0006
ECDH,P-224,224bits        67        0.0135   0.0187
ECDH,P-256,256bits        349478    70.4089  97.5571
ECDH,P-384,384bits        3644      0.7342   1.0172
ECDH,P-521,521bits        6198      1.2487   1.7302
Prefer DH,1024bits        81235     16.3663  28.93
Prefer DH,1536bits        1         0.0002   0.0004
Prefer DH,2048bits        3908      0.7873   1.3917
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,3072bits        27        0.0054   0.0096
Prefer DH,4096bits        120       0.0242   0.0427
Prefer DH,512bits         2         0.0004   0.0007
Prefer DH,768bits         347       0.0699   0.1236
Prefer ECDH,B-163,163bits 1         0.0002   0.0003
Prefer ECDH,B-571,570bits 1124      0.2265   0.3138
Prefer ECDH,K-571,570bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 40        0.0081   0.0112
Prefer ECDH,P-256,256bits 293410    59.1129  81.9057
Prefer ECDH,P-384,384bits 2068      0.4166   0.5773
Prefer ECDH,P-521,521bits 5823      1.1732   1.6255
Prefer PFS                388108    78.1916  0
Support PFS               442799    89.2101  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           364       0.0733   
brainpoolP384r1           364       0.0733   
brainpoolP512r1           364       0.0733   
prime192v1                1331      0.2682   
prime256v1                357188    71.9622  
prime256v1 Only           311537    62.765   
secp160k1                 1298      0.2615   
secp160r1                 1303      0.2625   
secp160r2                 1298      0.2615   
secp192k1                 1315      0.2649   
secp224k1                 1370      0.276    
secp224r1                 2711      0.5462   
secp224r1 Only            2         0.0004   
secp256k1                 1587      0.3197   
secp384r1                 45900     9.2474   
secp384r1 Only            249       0.0502   
secp521r1                 13918     2.804    
secp521r1 Only            115       0.0232   
sect163k1                 1300      0.2619   
sect163k1 Only            3         0.0006   
sect163r1                 1297      0.2613   
sect163r2                 1298      0.2615   
sect163r2 Only            1         0.0002   
sect193r1                 1297      0.2613   
sect193r2                 1297      0.2613   
sect233k1                 1362      0.2744   
sect233r1                 1361      0.2742   
sect239k1                 1360      0.274    
sect283k1                 1566      0.3155   
sect283r1                 1566      0.3155   
sect409k1                 1566      0.3155   
sect409r1                 1565      0.3153   
sect571k1                 1575      0.3173   
sect571r1                 1574      0.3171   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          80483     16.2148  
True                           231859    46.7123  
order-specific                 16        0.0032   
unknown                        183997    37.0696  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    2665      0.5369   
inconclusive-noecc        16        0.0032   
server                    354894    71.5     
unknown                   138780    27.9598  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     31932     6.4333   
ECDSA-SHA1 Only                1         0.0002   
ECDSA-SHA224                   31953     6.4375   
ECDSA-SHA256                   31989     6.4448   
ECDSA-SHA384                   32035     6.4541   
ECDSA-SHA512                   32097     6.4665   
ECDSA-SHA512 Only              62        0.0125   
RSA-MD5                        151912    30.6055  
RSA-SHA1                       316124    63.6891  
RSA-SHA1 Only                  44717     9.0091   
RSA-SHA224                     256857    51.7486  
RSA-SHA256                     276593    55.7248  
RSA-SHA256 Only                4237      0.8536   
RSA-SHA384                     257841    51.9469  
RSA-SHA512                     258008    51.9805  
RSA-SHA512 Only                160       0.0322   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         237214    47.7912  
indeterminate                  8         0.0016   
intolerant                     3109      0.6264   
order-fallback                 18        0.0036   
server                         113482    22.8631  
unsupported                    28681     5.7783   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     31910     6.4289   
ECDSA intolerant               295       0.0594   
ECDSA soft-nopfs               1         0.0002   
RSA False                      147535    29.7237  
RSA SHA1                       141919    28.5922  
RSA intolerant                 28072     5.6556   
RSA soft-nopfs                 4494      0.9054   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     7988      1.6093   
insecure                  22086     4.4496   
secure                    466281    93.941   

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      12174     2.4527   
False                     7988      1.6093   
NONE                      476193    95.938   

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         3         0.0006   
1 only                    3         0.0006   
2                         2         0.0004   
2 only                    2         0.0004   
5                         2         0.0004   
5 only                    2         0.0004   
10                        7         0.0014   
10 only                   7         0.0014   
15                        10        0.002    
15 only                   10        0.002    
30                        11        0.0022   
30 only                   11        0.0022   
60                        95        0.0191   
60 only                   90        0.0181   
70                        6         0.0012   
100                       15        0.003    
100 only                  15        0.003    
120                       31        0.0062   
120 only                  31        0.0062   
128                       2         0.0004   
128 only                  2         0.0004   
150                       2         0.0004   
180                       52        0.0105   
180 only                  50        0.0101   
240                       9         0.0018   
240 only                  9         0.0018   
300                       215043    43.3244  
300 only                  209657    42.2393  
400                       7         0.0014   
400 only                  7         0.0014   
420                       112       0.0226   
420 only                  68        0.0137   
480                       12        0.0024   
480 only                  12        0.0024   
500                       3         0.0006   
500 only                  3         0.0006   
540                       1         0.0002   
540 only                  1         0.0002   
600                       21511     4.3338   
600 only                  21353     4.302    
720                       2         0.0004   
720 only                  1         0.0002   
900                       604       0.1217   
900 only                  585       0.1179   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      1894      0.3816   
1200 only                 1888      0.3804   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      11        0.0022   
1500 only                 10        0.002    
1800                      411       0.0828   
1800 only                 405       0.0816   
2400                      6         0.0012   
2400 only                 6         0.0012   
2700                      8         0.0016   
2700 only                 8         0.0016   
3000                      14        0.0028   
3000 only                 13        0.0026   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      424       0.0854   
3600 only                 409       0.0824   
3900                      2         0.0004   
3900 only                 2         0.0004   
4200                      1         0.0002   
5400                      15        0.003    
5400 only                 3         0.0006   
6000                      4         0.0008   
6000 only                 4         0.0008   
7200                      15262     3.0748   
7200 only                 10520     2.1195   
10800                     1975      0.3979   
10800 only                1968      0.3965   
14400                     74        0.0149   
14400 only                73        0.0147   
18000                     11        0.0022   
18000 only                11        0.0022   
21600                     4863      0.9797   
21600 only                4863      0.9797   
28800                     2439      0.4914   
28800 only                2009      0.4048   
36000                     1142      0.2301   
36000 only                1136      0.2289   
43200                     28        0.0056   
43200 only                26        0.0052   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     45917     9.2508   
64800 only                45644     9.1958   
72000                     10        0.002    
72000 only                10        0.002    
86000                     43        0.0087   
86000 only                43        0.0087   
86400                     3392      0.6834   
86400 only                3391      0.6832   
100800                    12408     2.4998   
100800 only               12385     2.4952   
129600                    7         0.0014   
129600 only               7         0.0014   
172800                    5         0.001    
172800 only               5         0.001    
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    2         0.0004   
604800 only               2         0.0004   
864000                    1         0.0002   
864000 only               1         0.0002   
None                      179585    36.1808  
None only                 168439    33.9352  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      18390     3.705    
ecdsa-with-SHA256         32196     6.4865   
sha1WithRSAEncryption     162789    32.7969  
sha256WithRSAEncryption   301606    60.7642  
sha384WithRSAEncryption   3         0.0006   
sha512WithRSAEncryption   7         0.0014   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 32226     6.4925   
ECDSA 384                 7         0.0014   
ECDSA 521                 1         0.0002   
RSA 1024                  139       0.028    
RSA 10240                 4         0.0008   
RSA 2047                  1         0.0002   
RSA 2048                  446454    89.9465  
RSA 2049                  3         0.0006   
RSA 2056                  3         0.0006   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  9         0.0018   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  3         0.0006   
RSA 2432                  5         0.001    
RSA 2612                  2         0.0004   
RSA 3071                  1         0.0002   
RSA 3072                  96        0.0193   
RSA 3096                  1         0.0002   
RSA 3102                  1         0.0002   
RSA 3248                  2         0.0004   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  26        0.0052   
RSA 4069                  1         0.0002   
RSA 4086                  2         0.0004   
RSA 4092                  7         0.0014   
RSA 4096                  17401     3.5058   
RSA 8192                  5         0.001    
RSA/ECDSA Dual Stack      45        0.0091

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 97129     19.5685  
Unsupported               399226    80.4315  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      28373     5.7163
SSL2 Only                 30        0.006
SSL3                      139997    28.205
SSL3 Only                 891       0.1795
SSL3 or TLS1 Only         84026     16.9286
SSL3 or lower Only        919       0.1851
TLS1                      493251    99.3746
TLS1 Only                 48794     9.8305
TLS1 or lower Only        110400    22.2421
TLS1.1                    372212    74.9891
TLS1.1 Only               33        0.0066
TLS1.1 or up Only         1982      0.3993
TLS1.2                    382499    77.0616
TLS1.2 Only               916       0.1845
TLS1.2, 1.0 but not 1.1   11830     2.3834


Statistics from 517131 chains provided by 680456 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  470323    69.1188
incomplete                19965     2.9341
untrusted                 190168    27.9471

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         328       0.0634
3                         262695    50.7985
4                         249615    48.2692
5                         4493      0.8688

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 32189     
ECDSA 384                 32184     
RSA 1024                  65659     
RSA 2045                  1         
RSA 2048                  1046763   
RSA 4096                  115739    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 32189     6.2245
ECDSA 384                 32184     6.2236
RSA 1024                  65657     12.6964
RSA 2045                  1         0.0002
RSA 2048                  484420    93.6745
RSA 4096                  114849    22.2089

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              32189     
sha1WithRSAEncryption          287125    
sha256WithRSAEncryption        256796    
sha384WithRSAEncryption        199294    

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        236752    45.7818
112                       248197    47.995
128                       32182     6.2232

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(861a399d) AddTrust Class 1 CA Root           126586    24.4785
(2c543cd1) GeoTrust Global CA                 111618    21.5841
(f081611a) The Go Daddy Group, Inc.           52765     10.2034
(5ad8a5d6) GlobalSign Root CA                 52501     10.1524
(eed8c118) COMODO ECC Certification Authority 32182     6.2232
(415660c1) VeriSign, Inc.                     30856     5.9668
(aee5f10d) Entrust.net Certification Authorit 28570     5.5247
(6cc3c4c3) Thawte Server CA                   25221     4.8771
(f387163d) Starfield Technologies, Inc.       11117     2.1497
(ae8153b9) StartCom Certification Authority   9414      1.8204
(653b494a) Baltimore CyberTrust Root          8928      1.7264
(578d5c04) Equifax                            6563      1.2691
(244b5494) DigiCert High Assurance EV Root CA 6432      1.2438

Scan performed between 18th and 28th of June 2015.

May 2015 scan results

Despite the Logjam attack very few servers have actually disabled export grade Diffie-Hellman ciphers. At the same time, we have reached another milestone, where over 500 thousand servers from Alexa top 1 million sites support TLS or SSL.

Cipher suites

Use of AES-GCM cipher mode combination has grown most significantly – by 2.6%. At the same time Camellia use has fallen by just under 0.2% and other secure ciphers remained mostly unchanged.

RC4 continues the slow decrease in use. Nearly 5% fewer servers support this insecure cipher. About 1.5% less prefer this ciphersuite over others, and 1.1% fewer force its use in TLSv1.1 or later. At the same time, still over 2000 servers support only this symmetric cipher.

Leaving single DES ciphers remains the most common server misconfiguration with nearly 8.5% of servers having this configuration error, a decrease of 0.5% since last month. Second most common misconfiguration are export grade ciphers, over 7.1% have them enabled. Finally anonymous ECDH ciphers, which are enabled on over 3.5% of servers.

1.5% more servers also dictate the cipher ordering instead of using the client side order.

Key exchange

More and more servers opt not to support RSA key exchange and provide support just for the ciphersuites which provide forward secrecy. RSA key exchange has lost nearly 1% of the market share, while both DHE and ECDHE has grown by over 1% and 3% respectively.

That also caused an overall increase of over 1.8% in servers which prefer forward secrecy enabled ciphersuites.

Unfortunately that has also brought with it slight increase in servers which use the breakable and almost-breakable 512 bit and 768 bit DH. But set of those servers is rather small so it may be just a fluctuation caused by current Alexa ranking.

ECC curves

As in previous months, most of ECDHE support increase is provided by the NIST P-256 curve, increase of about 2.8%. At the same time, servers which prefer P-521 curve has broken the 1% barrier.

In general, support for more obscure curves is growing slowly, but is overshadowed by the three most popular curves – P256, P-384 and P-521.

The vast majority of servers also support just one curve – P256. Domination which increased by nearly 3%.

Hash and signature algorithms

Support for the insecure MD5-RSA and SHA1-RSA keeps growing. The former increased by 0.7% while the latter increased by 2.14%. What’s more problematic, is that servers which support only SHA1-RSA has also grown, by about 0.13%.

Support for SHA256 and SHA512 has also grown, by 2.1% and 1.5% respectively.

Vulnerabilities

About 5% servers still don’t support secure renegotiation, situation which hasn’t change since last month.

Similarly, support for compression is still enabled at more than 2.5% of servers.

Certificates

Use of SHA-1 keeps dropping significantly, this month by nearly 5%. This is mostly replaced by SHA256-RSA, but some of it is thanks to SHA256-ECDSA (0.8%).

Use of 1024 bit RSA certificates has fallen to just 194 machines. At the same time, use of 2048 bit RSA lost about 0.5% of servers, scattered across ECDSA 256 and RSA 3072bit.

Amount of servers with incomplete trust chains has risen by 1.1%.

Protocols

Support for the vulnerable SSLv2 and SSLv3 is only very slowly dropping, by 0.36% and 1.76% respectively.

Thankfully, only 968 servers require use of SSLv3 or lower for connection, 0.192% of total.

TLSv1.0 seems to have reached its peak, with this months scan showing a very slight decrease of 0.04%. It still remains the highest protocol version supported by over 23% of servers, a decrease of just under 2%.

TLSv1.1 and TLSv1.2 keep gaining market share, with 76% and increase of over 2% for the latter.

As TLSv1.0 penetration would let us guess, very few servers operators decide to support only the newest protocols – currently 0.3% of total.

Results

SSL/TLS survey of 504133 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      422205    83.7487
3DES Only                 902       0.1789
AES                       492766    97.7452
AES Only                  15398     3.0544
AES-CBC                   492668    97.7258
AES-CBC Only              8199      1.6264
AES-GCM                   328750    65.211
AES-GCM Only              32        0.0063
CAMELLIA                  216646    42.974
CAMELLIA Only             2         0.0004
CHACHA20                  63418     12.5796
Insecure                  78500     15.5713
RC4                       277296    55.0045
RC4 Only                  2038      0.4043
RC4 Preferred             39565     7.8481
RC4 forced in TLS1.1+     22536     4.4702
x:FF 29 RC4 Only          2395      0.4751
x:FF 29 RC4 Preferred     44134     8.7544
x:FF 29 incompatible      105       0.0208
x:FF 35 RC4 Only          2735      0.5425
x:FF 35 RC4 Preferred     44278     8.783
x:FF 35 incompatible      108       0.0214
y:DHE-RSA-SEED-SHA        105410    20.9092
y:IDEA-CBC-SHA            86047     17.0683
y:SEED-SHA                103682    20.5664
z:ADH-AES128-GCM-SHA256   332       0.0659
z:ADH-AES128-SHA          1298      0.2575
z:ADH-AES128-SHA256       242       0.048
z:ADH-AES256-GCM-SHA384   344       0.0682
z:ADH-AES256-SHA          1307      0.2593
z:ADH-AES256-SHA256       244       0.0484
z:ADH-CAMELLIA128-SHA     803       0.1593
z:ADH-CAMELLIA256-SHA     814       0.1615
z:ADH-DES-CBC-SHA         368       0.073
z:ADH-DES-CBC3-SHA        1324      0.2626
z:ADH-RC4-MD5             1177      0.2335
z:ADH-SEED-SHA            719       0.1426
z:AECDH-AES128-SHA        17948     3.5602
z:AECDH-AES256-SHA        17959     3.5624
z:AECDH-DES-CBC3-SHA      17905     3.5516
z:AECDH-NULL-SHA          43        0.0085
z:AECDH-RC4-SHA           17242     3.4201
z:DES-CBC-MD5             15026     2.9806
z:DES-CBC-SHA             42323     8.3952
z:DES-CBC3-MD5            29340     5.8199
z:ECDHE-RSA-NULL-SHA      56        0.0111
z:EDH-RSA-DES-CBC-SHA     36108     7.1624
z:EXP-ADH-DES-CBC-SHA     279       0.0553
z:EXP-ADH-RC4-MD5         280       0.0555
z:EXP-DES-CBC-SHA         21187     4.2027
z:EXP-EDH-RSA-DES-CBC-SHA 17630     3.4971
z:EXP-RC2-CBC-MD5         25641     5.0862
z:EXP-RC4-MD5             27062     5.368
z:EXP1024-DES-CBC-SHA     6792      1.3473
z:EXP1024-RC4-SHA         6883      1.3653
z:IDEA-CBC-MD5            2594      0.5145
z:NULL-MD5                281       0.0557
z:NULL-SHA                286       0.0567
z:NULL-SHA256             23        0.0046
z:RC2-CBC-MD5             15367     3.0482
z:RC4-64-MD5              1245      0.247

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               135237    26.8257
Server side               368896    73.1743

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1435      0.2846
AECDH                     17990     3.5685
DHE                       286817    56.8931
ECDH                      1         0.0002
ECDHE                     352323    69.8869
ECDHE and DHE             195467    38.7729
RSA                       459524    91.1513

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               229119    45.4481  79.8833
DH,1536bits               1         0.0002   0.0003
DH,2048bits               50894     10.0954  17.7444
DH,2236bits               3         0.0006   0.001
DH,3072bits               2379      0.4719   0.8294
DH,4094bits               1         0.0002   0.0003
DH,4096bits               3569      0.7079   1.2443
DH,512bits                81        0.0161   0.0282
DH,768bits                805       0.1597   0.2807
DH,8192bits               1         0.0002   0.0003
ECDH,B-163,163bits        1         0.0002   0.0003
ECDH,B-571,570bits        1580      0.3134   0.4485
ECDH,K-571,570bits        1         0.0002   0.0003
ECDH,P-224,224bits        63        0.0125   0.0179
ECDH,P-256,256bits        344044    68.2447  97.6502
ECDH,P-384,384bits        3587      0.7115   1.0181
ECDH,P-521,521bits        5548      1.1005   1.5747
Prefer DH,1024bits        87818     17.4196  30.6181
Prefer DH,2048bits        3211      0.6369   1.1195
Prefer DH,2236bits        1         0.0002   0.0003
Prefer DH,3072bits        30        0.006    0.0105
Prefer DH,4096bits        105       0.0208   0.0366
Prefer DH,512bits         4         0.0008   0.0014
Prefer DH,768bits         404       0.0801   0.1409
Prefer ECDH,B-163,163bits 1         0.0002   0.0003
Prefer ECDH,B-571,570bits 1365      0.2708   0.3874
Prefer ECDH,K-571,570bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 36        0.0071   0.0102
Prefer ECDH,P-256,256bits 286974    56.9243  81.452
Prefer ECDH,P-384,384bits 2591      0.514    0.7354
Prefer ECDH,P-521,521bits 5220      1.0354   1.4816
Prefer PFS                387761    76.9164  0
Support PFS               443673    88.0071  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           294       0.0583   
brainpoolP384r1           294       0.0583   
brainpoolP512r1           294       0.0583   
prime192v1                1589      0.3152   
prime256v1                351551    69.7338  
prime256v1 Only           305875    60.6735  
secp160k1                 1561      0.3096   
secp160r1                 1566      0.3106   
secp160r2                 1561      0.3096   
secp192k1                 1580      0.3134   
secp224k1                 1628      0.3229   
secp224r1                 2813      0.558    
secp224r1 Only            3         0.0006   
secp256k1                 1637      0.3247   
secp384r1                 45923     9.1093   
secp384r1 Only            242       0.048    
secp521r1                 13392     2.6564   
secp521r1 Only            97        0.0192   
sect163k1                 1569      0.3112   
sect163k1 Only            1         0.0002   
sect163r1                 1568      0.311    
sect163r2                 1568      0.311    
sect163r2 Only            1         0.0002   
sect193r1                 1566      0.3106   
sect193r2                 1566      0.3106   
sect233k1                 1625      0.3223   
sect233r1                 1624      0.3221   
sect239k1                 1624      0.3221   
sect283k1                 1623      0.3219   
sect283r1                 1621      0.3215   
sect409k1                 1620      0.3213   
sect409r1                 1617      0.3207   
sect571k1                 1627      0.3227   
sect571r1                 1627      0.3227   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          80726     16.0128  
True                           223171    44.2683  
order-specific                 14        0.0028   
unknown                        200222    39.7161  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    2652      0.5261   
inconclusive-noecc        26        0.0052   
server                    349247    69.2768  
unknown                   152208    30.192   

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     34911     6.925    
ECDSA-SHA1 Only                1         0.0002   
ECDSA-SHA224                   34925     6.9277   
ECDSA-SHA256                   34948     6.9323   
ECDSA-SHA384                   34966     6.9359   
ECDSA-SHA512                   34985     6.9396   
ECDSA-SHA512 Only              19        0.0038   
RSA-MD5                        147472    29.2526  
RSA-SHA1                       310804    61.6512  
RSA-SHA1 Only                  46467     9.2172   
RSA-SHA224                     250624    49.7139  
RSA-SHA256                     269299    53.4182  
RSA-SHA256 Only                4125      0.8182   
RSA-SHA384                     251575    49.9025  
RSA-SHA512                     251692    49.9257  
RSA-SHA512 Only                54        0.0107   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         228686    45.3622  
indeterminate                  15        0.003    
intolerant                     2751      0.5457   
order-fallback                 23        0.0046   
server                         119546    23.7132  
unsupported                    33304     6.6062   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     34893     6.9214   
ECDSA intolerant               113       0.0224   
RSA False                      143034    28.3723  
RSA SHA1                       141505    28.069   
RSA intolerant                 27098     5.3752   
RSA soft-nopfs                 4560      0.9045   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     8495      1.6851   
insecure                  24563     4.8723   
secure                    471075    93.4426  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      12816     2.5422   
False                     8495      1.6851   
NONE                      482822    95.7727  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         3         0.0006   
1 only                    3         0.0006   
2                         3         0.0006   
2 only                    3         0.0006   
5                         2         0.0004   
5 only                    2         0.0004   
10                        7         0.0014   
10 only                   7         0.0014   
15                        10        0.002    
15 only                   10        0.002    
30                        10        0.002    
30 only                   9         0.0018   
60                        98        0.0194   
60 only                   93        0.0184   
70                        7         0.0014   
100                       21        0.0042   
100 only                  21        0.0042   
120                       27        0.0054   
120 only                  27        0.0054   
128                       2         0.0004   
128 only                  2         0.0004   
150                       2         0.0004   
180                       48        0.0095   
180 only                  46        0.0091   
240                       10        0.002    
240 only                  10        0.002    
300                       219015    43.4439  
300 only                  213209    42.2922  
360                       1         0.0002   
400                       8         0.0016   
400 only                  8         0.0016   
420                       108       0.0214   
420 only                  66        0.0131   
480                       12        0.0024   
480 only                  12        0.0024   
500                       4         0.0008   
500 only                  4         0.0008   
600                       16066     3.1869   
600 only                  15898     3.1535   
720                       2         0.0004   
720 only                  2         0.0004   
900                       742       0.1472   
900 only                  707       0.1402   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      2024      0.4015   
1200 only                 2018      0.4003   
1320                      1         0.0002   
1320 only                 1         0.0002   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      10        0.002    
1500 only                 9         0.0018   
1800                      406       0.0805   
1800 only                 397       0.0787   
2400                      6         0.0012   
2400 only                 6         0.0012   
2700                      11        0.0022   
2700 only                 11        0.0022   
3000                      14        0.0028   
3000 only                 14        0.0028   
3600                      442       0.0877   
3600 only                 422       0.0837   
3900                      1         0.0002   
3900 only                 1         0.0002   
4100                      2         0.0004   
4100 only                 2         0.0004   
4200                      1         0.0002   
5400                      20        0.004    
5400 only                 3         0.0006   
6000                      5         0.001    
6000 only                 5         0.001    
7200                      16629     3.2985   
7200 only                 13329     2.6439   
10800                     2315      0.4592   
10800 only                2310      0.4582   
14400                     73        0.0145   
14400 only                72        0.0143   
18000                     13        0.0026   
18000 only                13        0.0026   
21600                     4826      0.9573   
21600 only                4825      0.9571   
28800                     13        0.0026   
28800 only                13        0.0026   
36000                     1108      0.2198   
36000 only                1103      0.2188   
43200                     28        0.0056   
43200 only                25        0.005    
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     50705     10.0579  
64800 only                50654     10.0477  
72000                     17        0.0034   
72000 only                17        0.0034   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     45        0.0089   
86000 only                45        0.0089   
86400                     3437      0.6818   
86400 only                3436      0.6816   
100800                    12226     2.4252   
100800 only               12226     2.4252   
129600                    8         0.0016   
129600 only               8         0.0016   
172800                    2         0.0004   
172800 only               2         0.0004   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      183010    36.3019  
None only                 173532    34.4219  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      18818     3.7327   
ecdsa-with-SHA256         34966     6.9359   
sha1WithRSAEncryption     191053    37.8973  
sha256WithRSAEncryption   278185    55.1809  
sha384WithRSAEncryption   2         0.0004   
sha512WithRSAEncryption   7         0.0014   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 35000     6.9426   
ECDSA 384                 6         0.0012   
ECDSA 521                 2         0.0004   
RSA 1024                  194       0.0385   
RSA 10240                 7         0.0014   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  451485    89.5567  
RSA 2049                  3         0.0006   
RSA 2056                  2         0.0004   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  9         0.0018   
RSA 2096                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  4         0.0008   
RSA 2480                  1         0.0002   
RSA 2612                  2         0.0004   
RSA 3050                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  104       0.0206   
RSA 3096                  1         0.0002   
RSA 3248                  2         0.0004   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  24        0.0048   
RSA 4069                  1         0.0002   
RSA 4086                  4         0.0008   
RSA 4092                  8         0.0016   
RSA 4096                  17305     3.4326   
RSA 8192                  6         0.0012   
RSA/ECDSA Dual Stack      45        0.0089

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 94341     18.7135  
Unsupported               409792    81.2865  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      29625     5.8764
SSL2 Only                 35        0.0069
SSL3                      142402    28.2469
SSL3 Only                 936       0.1857
SSL3 or TLS1 Only         88722     17.5989
SSL3 or lower Only        968       0.192
TLS1                      501347    99.4474
TLS1 Only                 51184     10.1529
TLS1 or lower Only        116300    23.0693
TLS1.1                    373523    74.0922
TLS1.1 Only               25        0.005
TLS1.1 or up Only         1606      0.3186
TLS1.2                    384312    76.2323
TLS1.2 Only               845       0.1676
TLS1.2, 1.0 but not 1.1   12411     2.4619


Statistics from 515219 chains provided by 689528 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  449551    65.1969
incomplete                37540     5.4443
untrusted                 202437    29.3588

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         345       0.067
3                         295875    57.427
4                         213966    41.5291
5                         5031      0.9765
6                         2         0.0004

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 34881     
ECDSA 384                 60711     
RSA 1024                  39543     
RSA 2045                  1         
RSA 2048                  1016373   
RSA 4096                  102618    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 34881     6.7701
ECDSA 384                 60711     11.7835
RSA 1024                  39539     7.6742
RSA 2045                  1         0.0002
RSA 2048                  479801    93.1256
RSA 4096                  102053    19.8077

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              34881     
sha1WithRSAEncryption          285370    
sha256WithRSAEncryption        244990    
sha384WithRSAEncryption        173666    
sha512WithRSAEncryption        1         

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        240612    46.7009
112                       239734    46.5305
128                       34873     6.7686

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(861a399d) AddTrust Class 1 CA Root           126924    24.635
(2c543cd1) GeoTrust Global CA                 111533    21.6477
(f081611a) The Go Daddy Group, Inc.           54113     10.5029
(5ad8a5d6) GlobalSign Root CA                 52056     10.1037
(eed8c118) COMODO ECC Certification Authority 34873     6.7686
(415660c1) VeriSign, Inc.                     29756     5.7754
(aee5f10d) Entrust.net Certification Authorit 29671     5.7589
(c089bbbd) thawte Primary Root CA - G2        25836     5.0146
(f387163d) Starfield Technologies, Inc.       11081     2.1507
(ae8153b9) StartCom Certification Authority   9729      1.8883
(578d5c04) Equifax                            6768      1.3136
(244b5494) DigiCert High Assurance EV Root CA 6686      1.2977


Scan performed between 24th of May and 3rd of June 2015.

April 2015 scan results

All in all, rather few insignificant changes, just continuation of established good trends.

Cipher suites

Not much happened in cipher suites, AES-GCM use grown by over 2%. 3DES and AES-CBC have gained just under a percent each.

On the bad end of the spectrum, amount of servers with completely insecure ciphers has fallen a bit by about 1.5%. RC4 use also dropped a bit, by 5%. Fortunately servers which prefer RC4 also dropped, but by just 1.5% to 9.4% of total.

Servers which support only RC4 also decreased by 511 servers, finally reaching under 0.5% of total.

Unfortunately, it doesn’t look like administrators verify their settings after system updates – amount of servers that support anonymous ECDH has grown again – to just over 3%.

Rest of bad ciphers have rather continued the downward trend.

Cipher ordering is still in relatively large part of servers dictated by the client side of connection. Situation unchanged since last scan.

Key Exchange

Support for ECDHE key exchange has increased by just over 1.5%, support for DHE key exchange has increased by about 1%.

Amount of servers which don’t support the key exchange that doesn’t provide forward secrecy – RSA – is also steadily growing, reaching 8% this time.

Unfortunately those changes don’t translate directly to preference for PFS ciphersuites – it has grown by less than 0.5%. Mostly caused by support for ECDHE with NIST P-256 curve.

ECC curves

NIST P-256 curve, also known as prime256v1 still reigns supreme. Though alternative curves grown by nearly 30% month over month, but they still are present less than 1% of servers.

Behaviour with respect to curve ordering or handling mismatch between curves advertised by client and curves supported by server haven’t changed much.

Hash and signature algorithms

There is a still a significant amount of servers which support just the SHA-1 signature algorithm with RSA signature, and it isn’t shrinking.

Support for stronger algorithms has grown by about 0.5%

Similarly to ECC curves, behaviour with relation to mismatch between what is supported and what client advertised haven’t changed much.

Vulnerabilities

Support both for insecure renegotiation as well as support for compression has fallen very insignificantly, just by few tenths of a percent. Still hovering at 5% and 3% respectively.

Certificates

Certificate signatures are still changing, with servers using SHA-1 signed certificates loosing about 5% of market share, while SHA-256 finally reaching the half way mark with 51%.

The key sizes remain relatively unchanged, with 2048 bit RSA remaining still at 90%. ECDSA with 256 bit curves has grown by 0.4%.

Protocols

Support for the broken SSL 2 and SSL 3 remains mostly unchanged with the former loosing just 0.5% while the latter 1.5%, placing them at 6 and 30% respectively.

Support for TLS 1.0 reached full saturation, with 99.5% of all servers supporting it. TLS 1.1 and 1.2 in turn have gained 2% each.

That means just 0.2% of servers support only TLS 1.1 or better.

Results

SSL/TLS survey of 484573 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      406786    83.9473
3DES Only                 794       0.1639
AES                       472659    97.5413
AES Only                  10959     2.2616
AES-CBC                   472558    97.5205
AES-CBC Only              4829      0.9965
AES-GCM                   303174    62.5652
AES-GCM Only              29        0.006
CAMELLIA                  209131    43.1578
CAMELLIA Only             1         0.0002
CHACHA20                  58829     12.1404
CHACHA20 Only             37        0.0076
Insecure                  77058     15.9022
RC4                       292575    60.3779
RC4 Only                  2401      0.4955
RC4 Preferred             45677     9.4262
RC4 forced in TLS1.1+     27055     5.5833
x:FF 29 RC4 Only          2759      0.5694
x:FF 29 RC4 Preferred     50228     10.3654
x:FF 29 incompatible      166       0.0343
x:FF 35 RC4 Only          3002      0.6195
x:FF 35 RC4 Preferred     50330     10.3865
x:FF 35 incompatible      169       0.0349
y:DHE-RSA-SEED-SHA        106435    21.9647
y:IDEA-CBC-SHA            86288     17.807
y:SEED-SHA                104010    21.4643
z:ADH-AES128-GCM-SHA256   403       0.0832
z:ADH-AES128-SHA          1245      0.2569
z:ADH-AES128-SHA256       285       0.0588
z:ADH-AES256-GCM-SHA384   411       0.0848
z:ADH-AES256-SHA          1251      0.2582
z:ADH-AES256-SHA256       288       0.0594
z:ADH-CAMELLIA128-SHA     757       0.1562
z:ADH-CAMELLIA256-SHA     767       0.1583
z:ADH-DES-CBC-SHA         370       0.0764
z:ADH-DES-CBC3-SHA        1264      0.2608
z:ADH-RC4-MD5             1068      0.2204
z:ADH-SEED-SHA            624       0.1288
z:AECDH-AES128-SHA        14597     3.0123
z:AECDH-AES256-SHA        14601     3.0132
z:AECDH-DES-CBC3-SHA      14555     3.0037
z:AECDH-NULL-SHA          33        0.0068
z:AECDH-RC4-SHA           13915     2.8716
z:DES-CBC-MD5             15676     3.235
z:DES-CBC-SHA             43379     8.952
z:DES-CBC3-MD5            29965     6.1838
z:ECDHE-RSA-NULL-SHA      39        0.008
z:EDH-RSA-DES-CBC-SHA     36816     7.5976
z:EXP-ADH-DES-CBC-SHA     296       0.0611
z:EXP-ADH-RC4-MD5         298       0.0615
z:EXP-DES-CBC-SHA         23304     4.8092
z:EXP-EDH-RSA-DES-CBC-SHA 18924     3.9053
z:EXP-RC2-CBC-MD5         27382     5.6507
z:EXP-RC4-MD5             29880     6.1663
z:EXP1024-DES-CBC-SHA     7448      1.537
z:EXP1024-RC4-SHA         7538      1.5556
z:IDEA-CBC-MD5            2648      0.5465
z:NULL-MD5                269       0.0555
z:NULL-SHA                277       0.0572
z:NULL-SHA256             17        0.0035
z:RC2-CBC-MD5             16012     3.3044
z:RC4-64-MD5              1266      0.2613

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               137690    28.4147
Server side               346883    71.5853

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1408      0.2906
AECDH                     14635     3.0202
DHE                       270437    55.8093
ECDHE                     323781    66.8178
ECDHE and DHE             176359    36.3947
RSA                       446206    92.0823

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               223209    46.063   82.5364
DH,1536bits               1         0.0002   0.0004
DH,2048bits               43655     9.009    16.1424
DH,2236bits               3         0.0006   0.0011
DH,2430bits               1         0.0002   0.0004
DH,3072bits               21        0.0043   0.0078
DH,4096bits               2722      0.5617   1.0065
DH,512bits                78        0.0161   0.0288
DH,768bits                777       0.1603   0.2873
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        5         0.001    0.0015
ECDH,B-571,570bits        986       0.2035   0.3045
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,K-571,570bits        1         0.0002   0.0003
ECDH,P-224,224bits        41        0.0085   0.0127
ECDH,P-256,256bits        316799    65.3769  97.8436
ECDH,P-384,384bits        3387      0.699    1.0461
ECDH,P-521,521bits        4921      1.0155   1.5199
Prefer DH,1024bits        90273     18.6294  33.3804
Prefer DH,2048bits        2959      0.6106   1.0942
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,4096bits        100       0.0206   0.037
Prefer DH,512bits         3         0.0006   0.0011
Prefer DH,768bits         394       0.0813   0.1457
Prefer ECDH,B-163,163bits 5         0.001    0.0015
Prefer ECDH,B-571,570bits 777       0.1603   0.24
Prefer ECDH,K-163,163bits 1         0.0002   0.0003
Prefer ECDH,K-571,570bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 16        0.0033   0.0049
Prefer ECDH,P-256,256bits 262300    54.1301  81.0115
Prefer ECDH,P-384,384bits 2417      0.4988   0.7465
Prefer ECDH,P-521,521bits 4606      0.9505   1.4226
Prefer PFS                363853    75.0873  0
Support PFS               417859    86.2324  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           275       0.0568   
brainpoolP384r1           275       0.0568   
brainpoolP512r1           276       0.057    
prime192v1                1006      0.2076   
prime256v1                322585    66.571   
prime256v1 Only           280643    57.9155  
secp160k1                 973       0.2008   
secp160r1                 977       0.2016   
secp160r2                 973       0.2008   
secp192k1                 994       0.2051   
secp224k1                 1021      0.2107   
secp224r1                 1909      0.394    
secp224r1 Only            1         0.0002   
secp256k1                 1031      0.2128   
secp384r1                 42157     8.6998   
secp384r1 Only            214       0.0442   
secp521r1                 11163     2.3037   
secp521r1 Only            85        0.0175   
sect163k1                 974       0.201    
sect163k1 Only            1         0.0002   
sect163r1                 973       0.2008   
sect163r2                 978       0.2018   
sect163r2 Only            5         0.001    
sect193r1                 973       0.2008   
sect193r2                 972       0.2006   
sect233k1                 1012      0.2088   
sect233r1                 1012      0.2088   
sect239k1                 1011      0.2086   
sect283k1                 1011      0.2086   
sect283r1                 1011      0.2086   
sect409k1                 1012      0.2088   
sect409r1                 1011      0.2086   
sect571k1                 1023      0.2111   
sect571r1                 1023      0.2111   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          79371     16.3796  
True                           201893    41.6641  
order-specific                 25        0.0052   
unknown                        203284    41.9512  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1937      0.3997   
inconclusive-noecc        23        0.0047   
server                    320951    66.2338  
unknown                   161662    33.3617  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     29961     6.183    
ECDSA-SHA224                   29962     6.1832   
ECDSA-SHA256                   29968     6.1844   
ECDSA-SHA384                   29969     6.1846   
ECDSA-SHA512                   29973     6.1854   
ECDSA-SHA512 Only              4         0.0008   
RSA-MD5                        138363    28.5536  
RSA-SHA1                       288373    59.5107  
RSA-SHA1 Only                  44023     9.0849   
RSA-SHA224                     233398    48.1657  
RSA-SHA256                     248405    51.2627  
RSA-SHA256 Only                3440      0.7099   
RSA-SHA384                     234083    48.3071  
RSA-SHA512                     234329    48.3578  
RSA-SHA512 Only                236       0.0487   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         213825    44.1265  
indeterminate                  7         0.0014   
intolerant                     2102      0.4338   
order-fallback                 14        0.0029   
server                         106987    22.0786  
unsupported                    37608     7.7611   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     29954     6.1815   
ECDSA intolerant               26        0.0054   
ECDSA pfs-rsa-SHA512           2         0.0004   
RSA False                      136825    28.2362  
RSA SHA1                       130262    26.8818  
RSA intolerant                 24807     5.1194   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 1684      0.3475   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     8680      1.7913   
insecure                  23543     4.8585   
secure                    452350    93.3502  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      13301     2.7449   
False                     8680      1.7913   
NONE                      462592    95.4638  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         2         0.0004   
5 only                    2         0.0004   
10                        6         0.0012   
10 only                   6         0.0012   
15                        10        0.0021   
15 only                   10        0.0021   
30                        8         0.0017   
30 only                   8         0.0017   
60                        95        0.0196   
60 only                   90        0.0186   
65                        1         0.0002   
65 only                   1         0.0002   
70                        6         0.0012   
100                       13        0.0027   
100 only                  13        0.0027   
120                       31        0.0064   
120 only                  31        0.0064   
128                       2         0.0004   
128 only                  2         0.0004   
150                       2         0.0004   
180                       46        0.0095   
180 only                  43        0.0089   
240                       11        0.0023   
240 only                  11        0.0023   
300                       211464    43.6392  
300 only                  204443    42.1903  
360                       1         0.0002   
400                       7         0.0014   
400 only                  7         0.0014   
420                       117       0.0241   
420 only                  65        0.0134   
480                       13        0.0027   
480 only                  12        0.0025   
500                       3         0.0006   
500 only                  3         0.0006   
600                       14992     3.0939   
600 only                  14817     3.0577   
660                       1         0.0002   
660 only                  1         0.0002   
720                       1         0.0002   
720 only                  1         0.0002   
900                       527       0.1088   
900 only                  499       0.103    
960                       2         0.0004   
960 only                  2         0.0004   
1200                      574       0.1185   
1200 only                 562       0.116    
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      13        0.0027   
1500 only                 12        0.0025   
1800                      368       0.0759   
1800 only                 362       0.0747   
2400                      6         0.0012   
2400 only                 6         0.0012   
2700                      9         0.0019   
2700 only                 9         0.0019   
3000                      12        0.0025   
3000 only                 12        0.0025   
3600                      371       0.0766   
3600 only                 355       0.0733   
3900                      1         0.0002   
3900 only                 1         0.0002   
4200                      1         0.0002   
5400                      14        0.0029   
5400 only                 2         0.0004   
6000                      5         0.001    
6000 only                 5         0.001    
7200                      14319     2.955    
7200 only                 13804     2.8487   
10800                     1786      0.3686   
10800 only                1780      0.3673   
14400                     1343      0.2772   
14400 only                1335      0.2755   
18000                     11        0.0023   
18000 only                11        0.0023   
21600                     4962      1.024    
21600 only                4955      1.0225   
28800                     10        0.0021   
28800 only                9         0.0019   
36000                     980       0.2022   
36000 only                972       0.2006   
43200                     27        0.0056   
43200 only                23        0.0047   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     46419     9.5794   
64800 only                46415     9.5785   
72000                     7         0.0014   
72000 only                7         0.0014   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     34        0.007    
86000 only                34        0.007    
86400                     363       0.0749   
86400 only                363       0.0749   
100800                    12150     2.5074   
100800 only               12149     2.5072   
129600                    9         0.0019   
129600 only               9         0.0019   
172800                    2         0.0004   
172800 only               2         0.0004   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    1         0.0002   
432000 only               1         0.0002   
600000                    1         0.0002   
600000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      181287    37.4117  
None only                 173413    35.7868  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15526     3.2041   
ecdsa-with-SHA256         29954     6.1815   
sha1WithRSAEncryption     207522    42.8257  
sha256WithRSAEncryption   247164    51.0066  
sha384WithRSAEncryption   1         0.0002   
sha512WithRSAEncryption   11        0.0023   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 29979     6.1867   
ECDSA 384                 5         0.001    
RSA 1024                  222       0.0458   
RSA 10240                 3         0.0006   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  437533    90.2925  
RSA 2049                  3         0.0006   
RSA 2056                  3         0.0006   
RSA 2058                  2         0.0004   
RSA 2064                  2         0.0004   
RSA 2080                  2         0.0004   
RSA 2084                  8         0.0017   
RSA 2096                  1         0.0002   
RSA 2408                  3         0.0006   
RSA 2432                  5         0.001    
RSA 2612                  2         0.0004   
RSA 3024                  1         0.0002   
RSA 3050                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  93        0.0192   
RSA 3096                  1         0.0002   
RSA 3102                  1         0.0002   
RSA 3248                  1         0.0002   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  30        0.0062   
RSA 4069                  1         0.0002   
RSA 4086                  4         0.0008   
RSA 4092                  10        0.0021   
RSA 4096                  16685     3.4432   
RSA 8192                  6         0.0012   
RSA/ECDSA Dual Stack      35        0.0072

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 85670     17.6795  
Unsupported               398903    82.3205  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      30248     6.2422
SSL2 Only                 63        0.013
SSL3                      145442    30.0145
SSL3 Only                 993       0.2049
SSL3 or TLS1 Only         92308     19.0493
SSL3 or lower Only        1029      0.2124
TLS1                      482080    99.4855
TLS1 Only                 53168     10.9721
TLS1 or lower Only        120432    24.8532
TLS1.1                    349742    72.1753
TLS1.1 Only               29        0.006
TLS1.1 or up Only         1151      0.2375
TLS1.2                    360532    74.402
TLS1.2 Only               703       0.1451
TLS1.2, 1.0 but not 1.1   12562     2.5924



Statistics from 501419 chains provided by 668131 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  444722    66.5621
incomplete                28787     4.3086
untrusted                 194622    29.1293

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         466       0.0929
3                         419080    83.5788
4                         81838     16.3213
5                         35        0.007

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 29837     
ECDSA 384                 29837     
RSA 1024                  447       
RSA 2045                  1         
RSA 2048                  932773    
RSA 4096                  91385     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 29837     5.9505
ECDSA 384                 29837     5.9505
RSA 1024                  443       0.0883
RSA 2045                  1         0.0002
RSA 2048                  470954    93.9242
RSA 4096                  90510     18.0508

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              29837     
sha1WithRSAEncryption          222155    
sha256WithRSAEncryption        174421    
sha384WithRSAEncryption        156409    
sha512WithRSAEncryption        39        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        222398    44.3537
112                       249181    49.6952
128                       29840     5.9511

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 108475    21.6336
(157753a5) AddTrust External CA Root          107019    21.3432
(5ad8a5d6) GlobalSign Root CA                 50472     10.0658
(cbf06781) Go Daddy Root Certificate Authorit 44010     8.7771
(eed8c118) COMODO ECC Certification Authority 29832     5.9495
(b204d74a) VeriSign Class 3 Public Primary Ce 27936     5.5714
(2e4eed3c) thawte Primary Root CA             25416     5.0688
(244b5494) DigiCert High Assurance EV Root CA 24612     4.9085
(653b494a) Baltimore CyberTrust Root          11515     2.2965
(ae8153b9) StartCom Certification Authority   9470      1.8886
(f081611a) The Go Daddy Group, Inc.           8925      1.7799
(b13cc6df) UTN-USERFirst-Hardware             8766      1.7482
(f387163d) Starfield Technologies, Inc.       6944      1.3849
(3513523f) DigiCert Global Root CA            6188      1.2341
(480720ec) GeoTrust Primary Certification Aut 5346      1.0662
(40547a79) COMODO Certification Authority     5333      1.0636

Scan performed between 17th and 29th of April 2015

March 2015 scan results

Update 2015-04-05: previous version of scan results was done using old version of script and as such had few insignificant errors, most importantly, the amount of servers which support DH,512bits was reported incorrectly

The population of TLS enabled servers have grown again, this time
by 2.5%.

Cipher suites

Among cipher suites supported by servers there are small changes. 3DES grew by 1.6%, AES in general by 2% while AES-GCM by 2.9%! Camellia remained unchanged. Chacha20 continues its ups and downs, this time registered at 12.3% (compared to last month’s 5.7%).

Finally RC4 usage has fallen significantly, by over 10%, to about 65%. As has number of servers which support just RC4, though just by 0.15% to 2912 servers. Servers which prefer RC4 over other ciphers have also fallen, by 2.3%, as did servers which prefer RC4 with TLSv1.1 and later (where it never was necessary), by 1.95%.

Servers which use insecure ciphers in general have also fallen, though only by one percent. Looks like most server admins still didn’t get the memo about FREAK…

Server side ordering of ciphersuites has grown by about 1%.

Key exchange

Support for insecure ADH and AECDH remains static, as does support for RSA key exchange.

Support for both key exchanges which provide forward secrecy, i.e. DHE and ECDHE, is still growing, by 1.2% and 1.4% respectively.

While more and more servers support DHE the preferred key exchange is ECDHE, causing the overall use of DHE to fall by 1.2%. At the same time ECDHE has grown by 1.9%.

Or in other words, while number of servers that support forward secrecy has grown by just 0.66%, the amount of servers which prefer to use ciphersuites with forward secrecy has grown by 0.73%.

ECC curves

NIST P-256 remains the curve of choice for most of the Internet, growing by 1.35% to 65%. The second most popular, NIST P-384 has grown by 0.18% to 8.5%. Rest of curves have experienced even smaller changes.

Basically all servers which support ECDHE cipher suites still use their own curve ordering.

Hash and signature algorithms

While support for ECDSA signatures has remained relatively unchanged, the RSA side of things shows a bit more changes.

Support for MD-5 signatures remains high, at 27.7%, without changes. SHA-1 hash has grown by just over 1.3%. Support for SHA-224 and SHA-256 has grown by a bit too – 0.84% and 1.21% respectively. At the same time, support for the most secure SHA-384 and SHA-512 grown by 0.84%.

Vulnerabilities

Support for insecure renegotiation remains strong at 5.1%, a fall by just 0.23%.

Similarly, support for compression has shown little change, falling by just 0.14%.

Certificates

Signatures on certificates used by servers have changed again, this time SHA-1 has lost another 3.4% placing it for the first time below the 50% mark at 48.2%! At the same time SHA-256 has grown by 3.5%, reaching 46%.

I expect the next month scan to show SHA-256 finally overtaking SHA-1 in at least end entity certficiates.

Key size and algorithm remains relatively unchanged, with 2048 bit RSA still dominating the market with 90.8% share.

Protocols

Despite SSLv2 and SSLv3 being insecure, their adoption rate hasn’t fallen significantly. SSLv2 is still at 6.7%, having lost just 0.4%. SSLv3 also remains at a relatively high 31.5%, having lost just 1.9%.

TLSv1.0 dominates the market with support at the level of 99.5%.

Support for TLSv1.1 and TLSv1.2 keeps growing, both gaining about 1%, reaching 70.5% and 72.8% respectively.

Results

SSL/TLS survey of 490866 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      407148    82.9448
3DES Only                 780       0.1589
AES                       473985    96.561
AES Only                  10460     2.1309
AES-CBC                   473911    96.5459
AES-CBC Only              4648      0.9469
AES-GCM                   296424    60.388
AES-GCM Only              18        0.0037
CAMELLIA                  207419    42.2557
CAMELLIA Only             1         0.0002
CHACHA20                  60469     12.3188
CHACHA20 Only             1         0.0002
Insecure                  85185     17.354
RC4                       320737    65.3411
RC4 Only                  2912      0.5932
RC4 Preferred             53442     10.8873
RC4 forced in TLS1.1+     32201     6.56
x:FF 29 RC4 Only          3384      0.6894
x:FF 29 RC4 Preferred     58166     11.8497
x:FF 29 incompatible      132       0.0269
x:FF 35 RC4 Only          7394      1.5063
x:FF 35 RC4 Preferred     58284     11.8737
x:FF 35 incompatible      133       0.0271
y:DHE-RSA-SEED-SHA        108308    22.0647
y:IDEA-CBC-MD5            2768      0.5639
y:IDEA-CBC-SHA            87595     17.845
y:SEED-SHA                105451    21.4826
z:ADH-AES128-GCM-SHA256   422       0.086
z:ADH-AES128-SHA          1103      0.2247
z:ADH-AES128-SHA256       311       0.0634
z:ADH-AES256-GCM-SHA384   433       0.0882
z:ADH-AES256-SHA          1109      0.2259
z:ADH-AES256-SHA256       314       0.064
z:ADH-CAMELLIA128-SHA     560       0.1141
z:ADH-CAMELLIA256-SHA     569       0.1159
z:ADH-DES-CBC-SHA         379       0.0772
z:ADH-DES-CBC3-SHA        1130      0.2302
z:ADH-RC4-MD5             884       0.1801
z:ADH-SEED-SHA            394       0.0803
z:AECDH-AES128-SHA        14471     2.9481
z:AECDH-AES256-SHA        14474     2.9487
z:AECDH-DES-CBC3-SHA      14430     2.9397
z:AECDH-NULL-SHA          29        0.0059
z:AECDH-RC4-SHA           13672     2.7853
z:DES-CBC-MD5             17518     3.5688
z:DES-CBC-SHA             47111     9.5975
z:DES-CBC3-MD5            32625     6.6464
z:ECDHE-RSA-NULL-SHA      35        0.0071
z:EDH-RSA-DES-CBC-SHA     40234     8.1965
z:EXP-ADH-DES-CBC-SHA     303       0.0617
z:EXP-ADH-RC4-MD5         305       0.0621
z:EXP-DES-CBC-SHA         29855     6.0821
z:EXP-EDH-RSA-DES-CBC-SHA 22110     4.5043
z:EXP-RC2-CBC-MD5         34449     7.018
z:EXP-RC4-MD5             37185     7.5754
z:EXP1024-DES-CBC-SHA     8663      1.7648
z:EXP1024-RC4-SHA         8830      1.7989
z:IDEA-CBC-MD5            2768      0.5639
z:NULL-MD5                278       0.0566
z:NULL-SHA                280       0.057
z:NULL-SHA256             11        0.0022
z:RC2-CBC-MD5             17890     3.6446
z:RC4-64-MD5              1436      0.2925

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               139786    28.4774
Server side               351080    71.5226

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1266      0.2579
AECDH                     14497     2.9534
DHE                       268820    54.7644
ECDHE                     320467    65.286
ECDHE and DHE             168192    34.2643
RSA                       456968    93.0942

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,512bits                84        0.0171   0.0312
DH,768bits                763       0.1554   0.2838
DH,1024bits               223064    45.443   82.9786
DH,1536bits               1         0.0002   0.0004
DH,2048bits               42555     8.6694   15.8302
DH,2226bits               1         0.0002   0.0004
DH,2236bits               2         0.0004   0.0007
DH,3072bits               19        0.0039   0.0071
DH,3248bits               2         0.0004   0.0007
DH,4096bits               2364      0.4816   0.8794
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        7         0.0014   0.0022
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,P-224,224bits        50        0.0102   0.0156
ECDH,P-256,256bits        313819    63.9317  97.9255
ECDH,P-384,384bits        3463      0.7055   1.0806
ECDH,B-409,409bits        1         0.0002   0.0003
ECDH,P-521,521bits        4730      0.9636   1.476
ECDH,B-571,570bits        750       0.1528   0.234
Prefer DH,512bits         3         0.0006   0.0011
Prefer DH,768bits         432       0.088    0.1607
Prefer DH,1024bits        95849     19.5265  35.6553
Prefer DH,2048bits        3048      0.6209   1.1338
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,3072bits        1         0.0002   0.0004
Prefer DH,4096bits        92        0.0187   0.0342
Prefer ECDH,B-163,163bits 7         0.0014   0.0022
Prefer ECDH,K-163,163bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 17        0.0035   0.0053
Prefer ECDH,P-256,256bits 259052    52.7745  80.8358
Prefer ECDH,P-384,384bits 2751      0.5604   0.8584
Prefer ECDH,P-521,521bits 4403      0.897    1.3739
Prefer ECDH,B-571,570bits 550       0.112    0.1716
Prefer PFS                366207    74.6043  0
Support PFS               421095    85.7861  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           106       0.0216   
brainpoolP384r1           106       0.0216   
brainpoolP512r1           106       0.0216   
prime192v1                762       0.1552   
prime256v1                319803    65.1508  
prime256v1 Only           277852    56.6045  
secp160k1                 729       0.1485   
secp160r1                 730       0.1487   
secp160r2                 728       0.1483   
secp192k1                 751       0.153    
secp224k1                 785       0.1599   
secp224r1                 1393      0.2838   
secp224r1 Only            1         0.0002   
secp256k1                 799       0.1628   
secp384r1                 42156     8.5881   
secp384r1 Only            204       0.0416   
secp521r1                 10564     2.1521   
secp521r1 Only            85        0.0173   
sect163k1                 734       0.1495   
sect163k1 Only            1         0.0002   
sect163r1                 733       0.1493   
sect163r2                 740       0.1508   
sect163r2 Only            7         0.0014   
sect193r1                 732       0.1491   
sect193r2                 732       0.1491   
sect233k1                 780       0.1589   
sect233r1                 780       0.1589   
sect239k1                 779       0.1587   
sect283k1                 779       0.1587   
sect283r1                 778       0.1585   
sect409k1                 777       0.1583   
sect409r1                 777       0.1583   
sect571k1                 791       0.1611   
sect571r1                 791       0.1611   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          79157     16.126   
True                           201745    41.0998  
order-specific                 13        0.0026   
unknown                        209951    42.7716  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1847      0.3763   
inconclusive-noecc        28        0.0057   
server                    318249    64.8342  
unknown                   170742    34.7838  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     27988     5.7018   
ECDSA-SHA1 Only                1         0.0002   
ECDSA-SHA224                   27987     5.7016   
ECDSA-SHA256                   27989     5.702    
ECDSA-SHA384                   27991     5.7024   
ECDSA-SHA512                   27993     5.7028   
ECDSA-SHA512 Only              2         0.0004   
RSA-MD5                        136241    27.7552  
RSA-SHA1                       288779    58.8305  
RSA-SHA1 Only                  44445     9.0544   
RSA-SHA224                     234597    47.7925  
RSA-SHA256                     247885    50.4995  
RSA-SHA256 Only                3147      0.6411   
RSA-SHA384                     235034    47.8815  
RSA-SHA512                     235096    47.8941  
RSA-SHA512 Only                58        0.0118   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         213446    43.4836  
indeterminate                  11        0.0022   
intolerant                     1648      0.3357   
order-fallback                 40        0.0081   
server                         105410    21.4743  
unsupported                    36763     7.4894   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     27982     5.7005   
ECDSA intolerant               14        0.0029   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      134610    27.423   
RSA SHA1                       133281    27.1522  
RSA intolerant                 23009     4.6874   
RSA pfs-ecdsa-SHA512           2         0.0004   
RSA soft-nopfs                 1784      0.3634   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     9310      1.8966   
insecure                  25318     5.1578   
secure                    456238    92.9455  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      14829     3.021    
False                     9310      1.8966   
NONE                      466727    95.0824  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        6         0.0012   
10 only                   6         0.0012   
15                        5         0.001    
15 only                   5         0.001    
30                        6         0.0012   
30 only                   6         0.0012   
60                        80        0.0163   
60 only                   76        0.0155   
65                        1         0.0002   
65 only                   1         0.0002   
70                        6         0.0012   
75                        1         0.0002   
75 only                   1         0.0002   
100                       13        0.0026   
100 only                  13        0.0026   
120                       28        0.0057   
120 only                  28        0.0057   
128                       2         0.0004   
128 only                  2         0.0004   
180                       47        0.0096   
180 only                  45        0.0092   
240                       8         0.0016   
240 only                  8         0.0016   
256                       1         0.0002   
256 only                  1         0.0002   
300                       208001    42.3743  
300 only                  200049    40.7543  
360                       1         0.0002   
400                       5         0.001    
400 only                  5         0.001    
420                       109       0.0222   
420 only                  55        0.0112   
480                       13        0.0026   
480 only                  13        0.0026   
500                       4         0.0008   
500 only                  4         0.0008   
600                       14341     2.9216   
600 only                  14057     2.8637   
660                       1         0.0002   
660 only                  1         0.0002   
720                       1         0.0002   
720 only                  1         0.0002   
900                       521       0.1061   
900 only                  504       0.1027   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      322       0.0656   
1200 only                 318       0.0648   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      12        0.0024   
1500 only                 11        0.0022   
1800                      349       0.0711   
1800 only                 339       0.0691   
2400                      7         0.0014   
2400 only                 7         0.0014   
2700                      7         0.0014   
2700 only                 7         0.0014   
3000                      12        0.0024   
3000 only                 12        0.0024   
3600                      397       0.0809   
3600 only                 377       0.0768   
4200                      1         0.0002   
5400                      14        0.0029   
5400 only                 2         0.0004   
6000                      3         0.0006   
6000 only                 3         0.0006   
7200                      14219     2.8967   
7200 only                 13909     2.8336   
10800                     2158      0.4396   
10800 only                2153      0.4386   
14400                     1534      0.3125   
14400 only                1529      0.3115   
18000                     2         0.0004   
18000 only                2         0.0004   
21600                     5398      1.0997   
21600 only                5398      1.0997   
28800                     13        0.0026   
28800 only                12        0.0024   
36000                     1015      0.2068   
36000 only                1008      0.2054   
43200                     25        0.0051   
43200 only                21        0.0043   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     46186     9.4091   
64800 only                46179     9.4077   
72000                     6         0.0012   
72000 only                6         0.0012   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     29        0.0059   
86000 only                29        0.0059   
86400                     271       0.0552   
86400 only                270       0.055    
100800                    13929     2.8376   
100800 only               13929     2.8376   
129600                    10        0.002    
129600 only               10        0.002    
172800                    1         0.0002   
172800 only               1         0.0002   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    5         0.001    
864000 only               5         0.001    
None                      190434    38.7955  
None only                 181732    37.0227  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15465     3.1506   
ecdsa-with-SHA256         27974     5.6989   
sha1WithRSAEncryption     236900    48.2616  
sha256WithRSAEncryption   226070    46.0553  
sha512WithRSAEncryption   10        0.002    

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 27993     5.7028   
ECDSA 384                 6         0.0012   
RSA 1024                  369       0.0752   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  445922    90.8439  
RSA 2049                  3         0.0006   
RSA 2056                  3         0.0006   
RSA 2058                  3         0.0006   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  13        0.0026   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  7         0.0014   
RSA 2612                  2         0.0004   
RSA 3024                  1         0.0002   
RSA 3072                  88        0.0179   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  23        0.0047   
RSA 4069                  1         0.0002   
RSA 4086                  2         0.0004   
RSA 4092                  9         0.0018   
RSA 4096                  16428     3.3467   
RSA 4098                  1         0.0002   
RSA 8192                  4         0.0008   
RSA 10240                 7         0.0014   
RSA/ECDSA Dual Stack      30        0.0061

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 84875     17.2909  
Unsupported               405991    82.7091  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      32906     6.7037
SSL2 Only                 70        0.0143
SSL3                      154674    31.5104
SSL3 Only                 1232      0.251
SSL3 or TLS1 Only         99145     20.198
SSL3 or lower Only        1271      0.2589
TLS1                      488375    99.4925
TLS1 Only                 56239     11.4571
TLS1 or lower Only        129642    26.4109
TLS1.1                    346511    70.5918
TLS1.1 Only               7         0.0014
TLS1.1 or up Only         883       0.1799
TLS1.2                    357304    72.7905
TLS1.2 Only               578       0.1178
TLS1.2, 1.0 but not 1.1   12762     2.5999




Statistics from 520507 chains provided by 672015 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  460603    68.5406
incomplete                28832     4.2904
untrusted                 182580    27.169

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1205      0.2315
3                         443210    85.1497
4                         76056     14.6119
5                         36        0.0069

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 27857     
ECDSA 384                 27857     
RSA 1024                  1171      
RSA 2045                  1         
RSA 2048                  973503    
RSA 4096                  85548     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 27857     5.3519
ECDSA 384                 27857     5.3519
RSA 1024                  1167      0.2242
RSA 2045                  1         0.0002
RSA 2048                  491325    94.3935
RSA 4096                  84807     16.2932

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              27857     
sha1WithRSAEncryption          262841    
sha256WithRSAEncryption        159502    
sha384WithRSAEncryption        145194    
sha512WithRSAEncryption        36        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        262927    50.5136
112                       229721    44.1341
128                       27859     5.3523

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 115769    22.2416
(157753a5) AddTrust External CA Root          107315    20.6174
(5ad8a5d6) GlobalSign Root CA                 53007     10.1837
(cbf06781) Go Daddy Root Certificate Authorit 45510     8.7434
(b204d74a) VeriSign Class 3 Public Primary Ce 29396     5.6476
(eed8c118) COMODO ECC Certification Authority 27851     5.3507
(2e4eed3c) thawte Primary Root CA             26160     5.0259
(244b5494) DigiCert High Assurance EV Root CA 25614     4.921
(653b494a) Baltimore CyberTrust Root          11786     2.2643
(f081611a) The Go Daddy Group, Inc.           10796     2.0741
(b13cc6df) UTN-USERFirst-Hardware             9685      1.8607
(ae8153b9) StartCom Certification Authority   9557      1.8361
(f387163d) Starfield Technologies, Inc.       7849      1.508
(40547a79) COMODO Certification Authority     6860      1.3179
(3513523f) DigiCert Global Root CA            6032      1.1589
(480720ec) GeoTrust Primary Certification Aut 5231      1.005

Scan performed between 16th and 27th of March 2015.