best practice

March 2015 scan results

Update 2015-04-05: previous version of scan results was done using old version of script and as such had few insignificant errors, most importantly, the amount of servers which support DH,512bits was reported incorrectly

The population of TLS enabled servers have grown again, this time
by 2.5%.

Cipher suites

Among cipher suites supported by servers there are small changes. 3DES grew by 1.6%, AES in general by 2% while AES-GCM by 2.9%! Camellia remained unchanged. Chacha20 continues its ups and downs, this time registered at 12.3% (compared to last month’s 5.7%).

Finally RC4 usage has fallen significantly, by over 10%, to about 65%. As has number of servers which support just RC4, though just by 0.15% to 2912 servers. Servers which prefer RC4 over other ciphers have also fallen, by 2.3%, as did servers which prefer RC4 with TLSv1.1 and later (where it never was necessary), by 1.95%.

Servers which use insecure ciphers in general have also fallen, though only by one percent. Looks like most server admins still didn’t get the memo about FREAK…

Server side ordering of ciphersuites has grown by about 1%.

Key exchange

Support for insecure ADH and AECDH remains static, as does support for RSA key exchange.

Support for both key exchanges which provide forward secrecy, i.e. DHE and ECDHE, is still growing, by 1.2% and 1.4% respectively.

While more and more servers support DHE the preferred key exchange is ECDHE, causing the overall use of DHE to fall by 1.2%. At the same time ECDHE has grown by 1.9%.

Or in other words, while number of servers that support forward secrecy has grown by just 0.66%, the amount of servers which prefer to use ciphersuites with forward secrecy has grown by 0.73%.

ECC curves

NIST P-256 remains the curve of choice for most of the Internet, growing by 1.35% to 65%. The second most popular, NIST P-384 has grown by 0.18% to 8.5%. Rest of curves have experienced even smaller changes.

Basically all servers which support ECDHE cipher suites still use their own curve ordering.

Hash and signature algorithms

While support for ECDSA signatures has remained relatively unchanged, the RSA side of things shows a bit more changes.

Support for MD-5 signatures remains high, at 27.7%, without changes. SHA-1 hash has grown by just over 1.3%. Support for SHA-224 and SHA-256 has grown by a bit too – 0.84% and 1.21% respectively. At the same time, support for the most secure SHA-384 and SHA-512 grown by 0.84%.

Vulnerabilities

Support for insecure renegotiation remains strong at 5.1%, a fall by just 0.23%.

Similarly, support for compression has shown little change, falling by just 0.14%.

Certificates

Signatures on certificates used by servers have changed again, this time SHA-1 has lost another 3.4% placing it for the first time below the 50% mark at 48.2%! At the same time SHA-256 has grown by 3.5%, reaching 46%.

I expect the next month scan to show SHA-256 finally overtaking SHA-1 in at least end entity certficiates.

Key size and algorithm remains relatively unchanged, with 2048 bit RSA still dominating the market with 90.8% share.

Protocols

Despite SSLv2 and SSLv3 being insecure, their adoption rate hasn’t fallen significantly. SSLv2 is still at 6.7%, having lost just 0.4%. SSLv3 also remains at a relatively high 31.5%, having lost just 1.9%.

TLSv1.0 dominates the market with support at the level of 99.5%.

Support for TLSv1.1 and TLSv1.2 keeps growing, both gaining about 1%, reaching 70.5% and 72.8% respectively.

Results

SSL/TLS survey of 490866 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      407148    82.9448
3DES Only                 780       0.1589
AES                       473985    96.561
AES Only                  10460     2.1309
AES-CBC                   473911    96.5459
AES-CBC Only              4648      0.9469
AES-GCM                   296424    60.388
AES-GCM Only              18        0.0037
CAMELLIA                  207419    42.2557
CAMELLIA Only             1         0.0002
CHACHA20                  60469     12.3188
CHACHA20 Only             1         0.0002
Insecure                  85185     17.354
RC4                       320737    65.3411
RC4 Only                  2912      0.5932
RC4 Preferred             53442     10.8873
RC4 forced in TLS1.1+     32201     6.56
x:FF 29 RC4 Only          3384      0.6894
x:FF 29 RC4 Preferred     58166     11.8497
x:FF 29 incompatible      132       0.0269
x:FF 35 RC4 Only          7394      1.5063
x:FF 35 RC4 Preferred     58284     11.8737
x:FF 35 incompatible      133       0.0271
y:DHE-RSA-SEED-SHA        108308    22.0647
y:IDEA-CBC-MD5            2768      0.5639
y:IDEA-CBC-SHA            87595     17.845
y:SEED-SHA                105451    21.4826
z:ADH-AES128-GCM-SHA256   422       0.086
z:ADH-AES128-SHA          1103      0.2247
z:ADH-AES128-SHA256       311       0.0634
z:ADH-AES256-GCM-SHA384   433       0.0882
z:ADH-AES256-SHA          1109      0.2259
z:ADH-AES256-SHA256       314       0.064
z:ADH-CAMELLIA128-SHA     560       0.1141
z:ADH-CAMELLIA256-SHA     569       0.1159
z:ADH-DES-CBC-SHA         379       0.0772
z:ADH-DES-CBC3-SHA        1130      0.2302
z:ADH-RC4-MD5             884       0.1801
z:ADH-SEED-SHA            394       0.0803
z:AECDH-AES128-SHA        14471     2.9481
z:AECDH-AES256-SHA        14474     2.9487
z:AECDH-DES-CBC3-SHA      14430     2.9397
z:AECDH-NULL-SHA          29        0.0059
z:AECDH-RC4-SHA           13672     2.7853
z:DES-CBC-MD5             17518     3.5688
z:DES-CBC-SHA             47111     9.5975
z:DES-CBC3-MD5            32625     6.6464
z:ECDHE-RSA-NULL-SHA      35        0.0071
z:EDH-RSA-DES-CBC-SHA     40234     8.1965
z:EXP-ADH-DES-CBC-SHA     303       0.0617
z:EXP-ADH-RC4-MD5         305       0.0621
z:EXP-DES-CBC-SHA         29855     6.0821
z:EXP-EDH-RSA-DES-CBC-SHA 22110     4.5043
z:EXP-RC2-CBC-MD5         34449     7.018
z:EXP-RC4-MD5             37185     7.5754
z:EXP1024-DES-CBC-SHA     8663      1.7648
z:EXP1024-RC4-SHA         8830      1.7989
z:IDEA-CBC-MD5            2768      0.5639
z:NULL-MD5                278       0.0566
z:NULL-SHA                280       0.057
z:NULL-SHA256             11        0.0022
z:RC2-CBC-MD5             17890     3.6446
z:RC4-64-MD5              1436      0.2925

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               139786    28.4774
Server side               351080    71.5226

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1266      0.2579
AECDH                     14497     2.9534
DHE                       268820    54.7644
ECDHE                     320467    65.286
ECDHE and DHE             168192    34.2643
RSA                       456968    93.0942

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,512bits                84        0.0171   0.0312
DH,768bits                763       0.1554   0.2838
DH,1024bits               223064    45.443   82.9786
DH,1536bits               1         0.0002   0.0004
DH,2048bits               42555     8.6694   15.8302
DH,2226bits               1         0.0002   0.0004
DH,2236bits               2         0.0004   0.0007
DH,3072bits               19        0.0039   0.0071
DH,3248bits               2         0.0004   0.0007
DH,4096bits               2364      0.4816   0.8794
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        7         0.0014   0.0022
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,P-224,224bits        50        0.0102   0.0156
ECDH,P-256,256bits        313819    63.9317  97.9255
ECDH,P-384,384bits        3463      0.7055   1.0806
ECDH,B-409,409bits        1         0.0002   0.0003
ECDH,P-521,521bits        4730      0.9636   1.476
ECDH,B-571,570bits        750       0.1528   0.234
Prefer DH,512bits         3         0.0006   0.0011
Prefer DH,768bits         432       0.088    0.1607
Prefer DH,1024bits        95849     19.5265  35.6553
Prefer DH,2048bits        3048      0.6209   1.1338
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,3072bits        1         0.0002   0.0004
Prefer DH,4096bits        92        0.0187   0.0342
Prefer ECDH,B-163,163bits 7         0.0014   0.0022
Prefer ECDH,K-163,163bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 17        0.0035   0.0053
Prefer ECDH,P-256,256bits 259052    52.7745  80.8358
Prefer ECDH,P-384,384bits 2751      0.5604   0.8584
Prefer ECDH,P-521,521bits 4403      0.897    1.3739
Prefer ECDH,B-571,570bits 550       0.112    0.1716
Prefer PFS                366207    74.6043  0
Support PFS               421095    85.7861  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           106       0.0216   
brainpoolP384r1           106       0.0216   
brainpoolP512r1           106       0.0216   
prime192v1                762       0.1552   
prime256v1                319803    65.1508  
prime256v1 Only           277852    56.6045  
secp160k1                 729       0.1485   
secp160r1                 730       0.1487   
secp160r2                 728       0.1483   
secp192k1                 751       0.153    
secp224k1                 785       0.1599   
secp224r1                 1393      0.2838   
secp224r1 Only            1         0.0002   
secp256k1                 799       0.1628   
secp384r1                 42156     8.5881   
secp384r1 Only            204       0.0416   
secp521r1                 10564     2.1521   
secp521r1 Only            85        0.0173   
sect163k1                 734       0.1495   
sect163k1 Only            1         0.0002   
sect163r1                 733       0.1493   
sect163r2                 740       0.1508   
sect163r2 Only            7         0.0014   
sect193r1                 732       0.1491   
sect193r2                 732       0.1491   
sect233k1                 780       0.1589   
sect233r1                 780       0.1589   
sect239k1                 779       0.1587   
sect283k1                 779       0.1587   
sect283r1                 778       0.1585   
sect409k1                 777       0.1583   
sect409r1                 777       0.1583   
sect571k1                 791       0.1611   
sect571r1                 791       0.1611   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          79157     16.126   
True                           201745    41.0998  
order-specific                 13        0.0026   
unknown                        209951    42.7716  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1847      0.3763   
inconclusive-noecc        28        0.0057   
server                    318249    64.8342  
unknown                   170742    34.7838  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     27988     5.7018   
ECDSA-SHA1 Only                1         0.0002   
ECDSA-SHA224                   27987     5.7016   
ECDSA-SHA256                   27989     5.702    
ECDSA-SHA384                   27991     5.7024   
ECDSA-SHA512                   27993     5.7028   
ECDSA-SHA512 Only              2         0.0004   
RSA-MD5                        136241    27.7552  
RSA-SHA1                       288779    58.8305  
RSA-SHA1 Only                  44445     9.0544   
RSA-SHA224                     234597    47.7925  
RSA-SHA256                     247885    50.4995  
RSA-SHA256 Only                3147      0.6411   
RSA-SHA384                     235034    47.8815  
RSA-SHA512                     235096    47.8941  
RSA-SHA512 Only                58        0.0118   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         213446    43.4836  
indeterminate                  11        0.0022   
intolerant                     1648      0.3357   
order-fallback                 40        0.0081   
server                         105410    21.4743  
unsupported                    36763     7.4894   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     27982     5.7005   
ECDSA intolerant               14        0.0029   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      134610    27.423   
RSA SHA1                       133281    27.1522  
RSA intolerant                 23009     4.6874   
RSA pfs-ecdsa-SHA512           2         0.0004   
RSA soft-nopfs                 1784      0.3634   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     9310      1.8966   
insecure                  25318     5.1578   
secure                    456238    92.9455  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      14829     3.021    
False                     9310      1.8966   
NONE                      466727    95.0824  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        6         0.0012   
10 only                   6         0.0012   
15                        5         0.001    
15 only                   5         0.001    
30                        6         0.0012   
30 only                   6         0.0012   
60                        80        0.0163   
60 only                   76        0.0155   
65                        1         0.0002   
65 only                   1         0.0002   
70                        6         0.0012   
75                        1         0.0002   
75 only                   1         0.0002   
100                       13        0.0026   
100 only                  13        0.0026   
120                       28        0.0057   
120 only                  28        0.0057   
128                       2         0.0004   
128 only                  2         0.0004   
180                       47        0.0096   
180 only                  45        0.0092   
240                       8         0.0016   
240 only                  8         0.0016   
256                       1         0.0002   
256 only                  1         0.0002   
300                       208001    42.3743  
300 only                  200049    40.7543  
360                       1         0.0002   
400                       5         0.001    
400 only                  5         0.001    
420                       109       0.0222   
420 only                  55        0.0112   
480                       13        0.0026   
480 only                  13        0.0026   
500                       4         0.0008   
500 only                  4         0.0008   
600                       14341     2.9216   
600 only                  14057     2.8637   
660                       1         0.0002   
660 only                  1         0.0002   
720                       1         0.0002   
720 only                  1         0.0002   
900                       521       0.1061   
900 only                  504       0.1027   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      322       0.0656   
1200 only                 318       0.0648   
1440                      1         0.0002   
1440 only                 1         0.0002   
1500                      12        0.0024   
1500 only                 11        0.0022   
1800                      349       0.0711   
1800 only                 339       0.0691   
2400                      7         0.0014   
2400 only                 7         0.0014   
2700                      7         0.0014   
2700 only                 7         0.0014   
3000                      12        0.0024   
3000 only                 12        0.0024   
3600                      397       0.0809   
3600 only                 377       0.0768   
4200                      1         0.0002   
5400                      14        0.0029   
5400 only                 2         0.0004   
6000                      3         0.0006   
6000 only                 3         0.0006   
7200                      14219     2.8967   
7200 only                 13909     2.8336   
10800                     2158      0.4396   
10800 only                2153      0.4386   
14400                     1534      0.3125   
14400 only                1529      0.3115   
18000                     2         0.0004   
18000 only                2         0.0004   
21600                     5398      1.0997   
21600 only                5398      1.0997   
28800                     13        0.0026   
28800 only                12        0.0024   
36000                     1015      0.2068   
36000 only                1008      0.2054   
43200                     25        0.0051   
43200 only                21        0.0043   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     46186     9.4091   
64800 only                46179     9.4077   
72000                     6         0.0012   
72000 only                6         0.0012   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     29        0.0059   
86000 only                29        0.0059   
86400                     271       0.0552   
86400 only                270       0.055    
100800                    13929     2.8376   
100800 only               13929     2.8376   
129600                    10        0.002    
129600 only               10        0.002    
172800                    1         0.0002   
172800 only               1         0.0002   
216000                    1         0.0002   
216000 only               1         0.0002   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    5         0.001    
864000 only               5         0.001    
None                      190434    38.7955  
None only                 181732    37.0227  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15465     3.1506   
ecdsa-with-SHA256         27974     5.6989   
sha1WithRSAEncryption     236900    48.2616  
sha256WithRSAEncryption   226070    46.0553  
sha512WithRSAEncryption   10        0.002    

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 27993     5.7028   
ECDSA 384                 6         0.0012   
RSA 1024                  369       0.0752   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  445922    90.8439  
RSA 2049                  3         0.0006   
RSA 2056                  3         0.0006   
RSA 2058                  3         0.0006   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  13        0.0026   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  7         0.0014   
RSA 2612                  2         0.0004   
RSA 3024                  1         0.0002   
RSA 3072                  88        0.0179   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  23        0.0047   
RSA 4069                  1         0.0002   
RSA 4086                  2         0.0004   
RSA 4092                  9         0.0018   
RSA 4096                  16428     3.3467   
RSA 4098                  1         0.0002   
RSA 8192                  4         0.0008   
RSA 10240                 7         0.0014   
RSA/ECDSA Dual Stack      30        0.0061

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 84875     17.2909  
Unsupported               405991    82.7091  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      32906     6.7037
SSL2 Only                 70        0.0143
SSL3                      154674    31.5104
SSL3 Only                 1232      0.251
SSL3 or TLS1 Only         99145     20.198
SSL3 or lower Only        1271      0.2589
TLS1                      488375    99.4925
TLS1 Only                 56239     11.4571
TLS1 or lower Only        129642    26.4109
TLS1.1                    346511    70.5918
TLS1.1 Only               7         0.0014
TLS1.1 or up Only         883       0.1799
TLS1.2                    357304    72.7905
TLS1.2 Only               578       0.1178
TLS1.2, 1.0 but not 1.1   12762     2.5999




Statistics from 520507 chains provided by 672015 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  460603    68.5406
incomplete                28832     4.2904
untrusted                 182580    27.169

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1205      0.2315
3                         443210    85.1497
4                         76056     14.6119
5                         36        0.0069

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 27857     
ECDSA 384                 27857     
RSA 1024                  1171      
RSA 2045                  1         
RSA 2048                  973503    
RSA 4096                  85548     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 27857     5.3519
ECDSA 384                 27857     5.3519
RSA 1024                  1167      0.2242
RSA 2045                  1         0.0002
RSA 2048                  491325    94.3935
RSA 4096                  84807     16.2932

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              27857     
sha1WithRSAEncryption          262841    
sha256WithRSAEncryption        159502    
sha384WithRSAEncryption        145194    
sha512WithRSAEncryption        36        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        262927    50.5136
112                       229721    44.1341
128                       27859     5.3523

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 115769    22.2416
(157753a5) AddTrust External CA Root          107315    20.6174
(5ad8a5d6) GlobalSign Root CA                 53007     10.1837
(cbf06781) Go Daddy Root Certificate Authorit 45510     8.7434
(b204d74a) VeriSign Class 3 Public Primary Ce 29396     5.6476
(eed8c118) COMODO ECC Certification Authority 27851     5.3507
(2e4eed3c) thawte Primary Root CA             26160     5.0259
(244b5494) DigiCert High Assurance EV Root CA 25614     4.921
(653b494a) Baltimore CyberTrust Root          11786     2.2643
(f081611a) The Go Daddy Group, Inc.           10796     2.0741
(b13cc6df) UTN-USERFirst-Hardware             9685      1.8607
(ae8153b9) StartCom Certification Authority   9557      1.8361
(f387163d) Starfield Technologies, Inc.       7849      1.508
(40547a79) COMODO Certification Authority     6860      1.3179
(3513523f) DigiCert Global Root CA            6032      1.1589
(480720ec) GeoTrust Primary Certification Aut 5231      1.005

Scan performed between 16th and 27th of March 2015.
Advertisements

January 2015 scan results

This time we have reached few milestones. First of all, we’re very close to half (46.8%) of the servers in Alexa top 1 million supporting TLS with valid certificates. Over half of the servers support and prefer NIST P-256 ECDHE key exchange and just under a half of servers have certificates signed with SHA-256.

Ciphers

3DES ciphers have suffered significant drop of 3.7%, at the same time AES is on road to completely dominate market up by 0.3% to 94.2%. AES in Galois/Counter Mode has increased more significantly, by 3.8% to 56.9%. Camellia has gained 2.7% while Chacha20 has remained in place.

Completely insecure ciphers have lost 2% to a level of 18.8%, still high, but at least going in right direction.

RC4 still remains as the 3rd most popular cipher, despite loosing 1.3% share, at 80.5%. While servers that support only RC4 ciphers lost only 0.07% it places them at an all time low of 0.79% (3712 servers). Still a large part (13.8%) of servers prefer RC4 even if client supports better ciphers, a drop of only 1.4%. Significant number of servers also force RC4 in TLS1.1 or TLS1.2: 8.75% (drop of 0.7%).

Server side ordering has increased by 2.5% to 70%.

Key exchange

Support for ECDHE key exchange has jumped by nearly 4% to 62.7%. That bumped support for ECDHE with NIST P-256 curve by over 4.1% to 50%! Unfortunately other PFS key exchanges have decreased, so in the end the total has grown by 2.3% to 73.8%.

Of other types, servers that prefer1024 bit finite-field DHE has lost 1.8% which brings them down to 20.8% of total.

ECC curves

In line with changes to key exchange, support for NIST P-256 curve has grown by just under 4%, all of which went to servers that support just this one curve. Other curves have shown little to no changes.

Similarly, all those servers don’t fallback to different cipher in case the client doesn’t support this NIST curve and use server side curve ordering, bringing them respectively to 15.9% and 62.3%.

Hash and signature algorithms

Significant portion of the new servers also support the MD5 algorithm when paired with RSA – it has increased by 3.2% to a total of 27.5%. SHA1-RSA increased by 3.6 to 56.3%, SHA2-RSA on average increased by 3.3%.

Client side ordering of hash and signature algorithms has unfortunately increased by the same 3.2% to 42.8%.

Vulnerabilities

Unfortunately a still rather big portion of servers are vulnerable to the renegotiation vulnerability and to CRIME, they have decreased by 0.5% and 0.44% respectively.

Certificates

By far the largest changes seen are related to certificates used by servers. End entity certificates signed by SHA-1 have dropped by over 7.2% to 55.4%. The increase was mostly visible at SHA-256 with RSA, which increased by 7%. Certificates signed with SHA-256 ECDSA increased by 0.19%.

While signature algorithms have changed significantly, the key sizes did not. 2048 bit RSA is still at 90.6%.

Protocols

Obsolete protocols are still supported by significant portion of the servers, with SSLv2 falling by just 0.88% to 7.2% and SSLv3 falling by 4.7% to 35%. I’d rather see both of them below 1%.

The good news is that the vast majority of servers support also newer protocols and just 0.3% of servers require SSLv3 or SSLv2 to connect. Also TLSv1.2 has increased by 3% bringing it up to 71%, but still rather far from the 99.5% of TLSv1.0.

Results

SSL/TLS survey of 468782 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      379700    80.9971
3DES Only                 439       0.0936
AES                       441928    94.2715
AES Only                  7037      1.5011
AES-CBC Only              4003      0.8539
AES-GCM                   266888    56.9322
AES-GCM Only              20        0.0043
CAMELLIA                  194963    41.5893
CAMELLIA Only             1         0.0002
CHACHA20                  14394     3.0705
Insecure                  88248     18.825
RC4                       377778    80.5871
RC4 Only                  3712      0.7918
RC4 Preferred             64613     13.7832
RC4 forced in TLS1.1+     41031     8.7527
x:FF 29 RC4 Only          541       0.1154
x:FF 29 RC4 Preferred     70622     15.065
x:FF 29 incompatible      136       0.029
y:DHE-RSA-SEED-SHA        103049    21.9823
y:IDEA-CBC-MD5            2923      0.6235
y:IDEA-CBC-SHA            85417     18.221
y:SEED-SHA                102704    21.9087
z:ADH-AES128-GCM-SHA256   340       0.0725
z:ADH-AES128-SHA          968       0.2065
z:ADH-AES128-SHA256       284       0.0606
z:ADH-AES256-GCM-SHA384   346       0.0738
z:ADH-AES256-SHA          980       0.2091
z:ADH-AES256-SHA256       285       0.0608
z:ADH-CAMELLIA128-SHA     426       0.0909
z:ADH-CAMELLIA256-SHA     435       0.0928
z:ADH-DES-CBC-SHA         374       0.0798
z:ADH-DES-CBC3-SHA        995       0.2123
z:ADH-RC4-MD5             771       0.1645
z:ADH-SEED-SHA            281       0.0599
z:AECDH-AES128-SHA        14166     3.0219
z:AECDH-AES256-SHA        14171     3.0229
z:AECDH-DES-CBC3-SHA      14128     3.0138
z:AECDH-NULL-SHA          30        0.0064
z:AECDH-RC4-SHA           13177     2.8109
z:DES-CBC-MD5             18509     3.9483
z:DES-CBC-SHA             50349     10.7404
z:DES-CBC3-MD5            33636     7.1752
z:ECDHE-RSA-NULL-SHA      36        0.0077
z:EDH-RSA-DES-CBC-SHA     42662     9.1006
z:EXP-ADH-DES-CBC-SHA     304       0.0648
z:EXP-ADH-RC4-MD5         307       0.0655
z:EXP-DES-CBC-SHA         35818     7.6407
z:EXP-EDH-RSA-DES-CBC-SHA 25232     5.3825
z:EXP-RC2-CBC-MD5         40481     8.6354
z:EXP-RC4-MD5             43298     9.2363
z:EXP1024-DES-CBC-SHA     9341      1.9926
z:EXP1024-RC4-SHA         9490      2.0244
z:NULL-MD5                272       0.058
z:NULL-SHA                271       0.0578
z:NULL-SHA256             10        0.0021
z:RC2-CBC-MD5             18871     4.0255
z:RC4-64-MD5              1585      0.3381

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               140561    29.9843
Server side               328221    70.0157

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1076      0.2295
AECDH                     14190     3.027
DHE                       245202    52.3062
ECDHE                     294046    62.7255
ECDHE and DHE             143454    30.6014
RSA                       437715    93.3728

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               214522    45.7616  87.4879
DH,1536bits               1         0.0002   0.0004
DH,2048bits               28062     5.9862   11.4444
DH,2226bits               1         0.0002   0.0004
DH,2236bits               3         0.0006   0.0012
DH,3072bits               12        0.0026   0.0049
DH,3248bits               2         0.0004   0.0008
DH,4096bits               1773      0.3782   0.7231
DH,512bits                25325     5.4023   10.3282
DH,768bits                754       0.1608   0.3075
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        7         0.0015   0.0024
ECDH,B-571,570bits        635       0.1355   0.216
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,P-224,224bits        47        0.01     0.016
ECDH,P-256,256bits        288396    61.5203  98.0785
ECDH,P-384,384bits        1689      0.3603   0.5744
ECDH,P-521,521bits        4134      0.8819   1.4059
Prefer DH,1024bits        97828     20.8685  39.8969

Prefer DH,2048bits        2713      0.5787   1.1064
Prefer DH,2236bits        2         0.0004   0.0008
Prefer DH,4096bits        92        0.0196   0.0375
Prefer DH,512bits         5         0.0011   0.002
Prefer DH,768bits         425       0.0907   0.1733
Prefer ECDH,B-163,163bits 7         0.0015   0.0024
Prefer ECDH,B-571,570bits 472       0.1007   0.1605
Prefer ECDH,P-224,224bits 18        0.0038   0.0061
Prefer ECDH,P-256,256bits 236264    50.3995  80.3493
Prefer ECDH,P-384,384bits 1629      0.3475   0.554
Prefer ECDH,P-521,521bits 3807      0.8121   1.2947
Prefer PFS                343262    73.2242  0
Support PFS               395794    84.4303  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           26        0.0055   
brainpoolP384r1           26        0.0055   
brainpoolP512r1           26        0.0055   
prime192v1                651       0.1389   
prime256v1                293388    62.5852  
prime256v1 Only           255238    54.4471  
secp160k1                 620       0.1323   
secp160r1                 620       0.1323   
secp160r2                 620       0.1323   
secp192k1                 643       0.1372   
secp224k1                 674       0.1438   
secp224r1                 1052      0.2244   
secp224r1 Only            1         0.0002   
secp256k1                 688       0.1468   
secp384r1                 38294     8.1688   
secp384r1 Only            149       0.0318   
secp521r1                 9560      2.0393   
secp521r1 Only            78        0.0166   
sect163k1                 619       0.132    
sect163k1 Only            2         0.0004   
sect163r1                 617       0.1316   
sect163r2                 624       0.1331   
sect163r2 Only            7         0.0015   
sect193r1                 617       0.1316   
sect193r2                 617       0.1316   
sect233k1                 663       0.1414   
sect233r1                 663       0.1414   
sect239k1                 663       0.1414   
sect283k1                 663       0.1414   
sect283r1                 663       0.1414   
sect409k1                 663       0.1414   
sect409r1                 663       0.1414   
sect571k1                 678       0.1446   
sect571r1                 678       0.1446   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          74840     15.9648  
True                           178977    38.1792  
order-specific                 4         0.0009   
unknown                        214961    45.8552  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1535      0.3274   
inconclusive-noecc        10        0.0021   
server                    292089    62.3081  
unknown                   175148    37.3624  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     27584     5.8842   
ECDSA-SHA224                   27586     5.8846   
ECDSA-SHA256                   27589     5.8853   
ECDSA-SHA384                   27589     5.8853   
ECDSA-SHA512                   27592     5.8859   
ECDSA-SHA512 Only              3         0.0006   
RSA-MD5                        129219    27.5648  
RSA-MD5 Only                   1         0.0002   
RSA-SHA1                       264047    56.3262  
RSA-SHA1 Only                  39893     8.5099   
RSA-SHA224                     218373    46.5831  
RSA-SHA256                     226747    48.3694  
RSA-SHA256 Only                2201      0.4695   
RSA-SHA384                     218786    46.6712  
RSA-SHA512                     218825    46.6795  
RSA-SHA512 Only                35        0.0075   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         200794    42.8331  
indeterminate                  7         0.0015   
intolerant                     1232      0.2628   
order-fallback                 4         0.0009   
server                         92359     19.7019  
unsupported                    38359     8.1827   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     27581     5.8835   
ECDSA intolerant               18        0.0038   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      127614    27.2225  
RSA SHA1                       118594    25.2983  
RSA intolerant                 19071     4.0682   
RSA pfs-ecdsa-SHA512           2         0.0004   
RSA soft-nopfs                 1735      0.3701   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     10263     2.1893   
insecure                  26115     5.5708   
secure                    432404    92.2399  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      17088     3.6452   
False                     10263     2.1893   
NONE                      441431    94.1655  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        7         0.0015   
10 only                   7         0.0015   
15                        6         0.0013   
15 only                   6         0.0013   
30                        8         0.0017   
30 only                   7         0.0015   
60                        59        0.0126   
60 only                   54        0.0115   
65                        1         0.0002   
65 only                   1         0.0002   
70                        3         0.0006   
100                       14        0.003    
100 only                  14        0.003    
120                       20        0.0043   
120 only                  20        0.0043   
128                       3         0.0006   
128 only                  3         0.0006   
180                       37        0.0079   
180 only                  36        0.0077   
240                       3         0.0006   
240 only                  3         0.0006   
256                       1         0.0002   
256 only                  1         0.0002   
300                       197397    42.1085  
300 only                  187977    40.099   
360                       1         0.0002   
360 only                  1         0.0002   
400                       2         0.0004   
400 only                  2         0.0004   
420                       34        0.0073   
420 only                  28        0.006    
480                       11        0.0023   
480 only                  11        0.0023   
600                       14041     2.9952   
600 only                  13846     2.9536   
720                       1         0.0002   
720 only                  1         0.0002   
900                       517       0.1103   
900 only                  503       0.1073   
960                       2         0.0004   
960 only                  2         0.0004   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      259       0.0552   
1200 only                 255       0.0544   
1500                      11        0.0023   
1500 only                 10        0.0021   
1800                      271       0.0578   
1800 only                 262       0.0559   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      2         0.0004   
2400 only                 2         0.0004   
2520                      1         0.0002   
2520 only                 1         0.0002   
2700                      6         0.0013   
2700 only                 6         0.0013   
3000                      9         0.0019   
3000 only                 9         0.0019   
3600                      317       0.0676   
3600 only                 297       0.0634   
5400                      3         0.0006   
6000                      4         0.0009   
6000 only                 4         0.0009   
7200                      12206     2.6038   
7200 only                 9111      1.9435   
10800                     15        0.0032   
10800 only                9         0.0019   
14400                     1229      0.2622   
14400 only                1229      0.2622   
18000                     3         0.0006   
18000 only                3         0.0006   
21600                     3169      0.676    
21600 only                3169      0.676    
28800                     10        0.0021   
28800 only                9         0.0019   
36000                     938       0.2001   
36000 only                932       0.1988   
43200                     2190      0.4672   
43200 only                2190      0.4672   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     44686     9.5324   
64800 only                44673     9.5296   
72000                     7         0.0015   
72000 only                7         0.0015   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     34        0.0073   
86000 only                34        0.0073   
86400                     206       0.0439   
86400 only                204       0.0435   
93600                     1         0.0002   
93600 only                1         0.0002   
100800                    14125     3.0131   
100800 only               14122     3.0125   
129600                    11        0.0023   
129600 only               11        0.0023   
172800                    1         0.0002   
172800 only               1         0.0002   
600000                    1         0.0002   
600000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    6         0.0013   
864000 only               6         0.0013   
None                      189285    40.378   
None only                 177289    37.8191  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15085     3.2179   
ecdsa-with-SHA256         27569     5.881    
sha1WithRSAEncryption     260100    55.4842  
sha256WithRSAEncryption   181166    38.6461  
sha512WithRSAEncryption   8         0.0017   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 27597     5.887    
ECDSA 384                 3         0.0006   
RSA 1024                  1100      0.2347   
RSA 10240                 4         0.0009   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  424764    90.6101  
RSA 2049                  3         0.0006   
RSA 2056                  5         0.0011   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  11        0.0023   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  5         0.0011   
RSA 2612                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  72        0.0154   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  35        0.0075   
RSA 4086                  2         0.0004   
RSA 4092                  3         0.0006   
RSA 4096                  15196     3.2416   
RSA 4098                  2         0.0004   
RSA 8192                  4         0.0009   
RSA/ECDSA Dual Stack      35        0.0075

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 79939     17.0525  
Unsupported               388843    82.9475  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      33923     7.2364
SSL2 Only                 81        0.0173
SSL3                      165570    35.3192
SSL3 Only                 1467      0.3129
SSL3 or TLS1 Only         100568    21.453
SSL3 or lower Only        1518      0.3238
TLS1                      466356    99.4825
TLS1 Only                 52609     11.2225
TLS1 or lower Only        131814    28.1184
TLS1.1                    322576    68.8115
TLS1.1 Only               7         0.0015
TLS1.1 or up Only         613       0.1308
TLS1.2                    332743    70.9803
TLS1.2 Only               464       0.099
TLS1.2, 1.0 but not 1.1   12283     2.6202



Statistics from 494138 chains provided by 657485 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  439749    66.8835
incomplete                25522     3.8818
untrusted                 192214    29.2347

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1550      0.3137
3                         459587    93.0078
4                         32976     6.6734
5                         25        0.0051

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 27473     
ECDSA 384                 27471     
RSA 1024                  26220     
RSA 2045                  1         
RSA 2048                  866093    
RSA 4096                  72494     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 27473     5.5598
ECDSA 384                 27471     5.5594
RSA 1024                  26219     5.306
RSA 2045                  1         0.0002
RSA 2048                  465353    94.1747
RSA 4096                  72026     14.5761

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              27473     
sha1WithRSAEncryption          318089    
sha256WithRSAEncryption        119575    
sha384WithRSAEncryption        60453     
sha512WithRSAEncryption        24        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        294492    59.5971
112                       172174    34.8433
128                       27472     5.5596

Scan performed between 17th and 30th of January 2015.

August 2014 scan results

This month the changes are not significant.

The most important change is related to signatures in certificates, 2% more servers use SHA-256.

The amount of servers that require RC4 haven’t dropped as significantly as in previous months, it’s still just below 1% in general and effectively at above 1.5% for Firefox.

About 2% more servers use server side cipher ordering. Unfortunately, amount of servers that use anonymous ECDH key exchange is still growing, this month by 0.3%. Significant amount of servers still use the less than optimal 1024 bit DH – now at 29%.

While used hash algorithms for certificates have changed, the key sizes did not, the most popular key size, at 96% is 2048 bit RSA.

Supported protocol versions have seen small changes – SSLv2 support has fallen by around 2%, SSLv3 and TLSv1 haven’t changed by much, but started to drop, TLSv1.2 has grown by 1%.

SSL/TLS survey of 397695 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      345059    86.7647
3DES Only                 209       0.0526
AES                       369030    92.7922
AES Only                  1951      0.4906
AES-CBC Only              1030      0.259
AES-GCM                   162425    40.8416
AES-GCM Only              41        0.0103
CAMELLIA                  164197    41.2872
CAMELLIA Only             4         0.001
CHACHA20                  14719     3.7011
CHACHA20 Only             6         0.0015
RC4                       350479    88.1276
RC4 Only                  3807      0.9573
RC4 Preferred             74692     18.7812
RC4 forced in TLS1.1+     51533     12.9579
x:FF 29 RC4 Only          6327      1.5909
x:FF 29 RC4 Preferred     16784     4.2203
x:FF 29 incompatible      301       0.0757
z:ADH-AES128-GCM-SHA256   348       0.0875
z:ADH-AES128-SHA          1444      0.3631
z:ADH-AES128-SHA256       324       0.0815
z:ADH-AES256-GCM-SHA384   335       0.0842
z:ADH-AES256-SHA          1447      0.3638
z:ADH-AES256-SHA256       328       0.0825
z:ADH-CAMELLIA128-SHA     692       0.174
z:ADH-CAMELLIA256-SHA     699       0.1758
z:ADH-DES-CBC-SHA         699       0.1758
z:ADH-DES-CBC3-SHA        1490      0.3747
z:ADH-RC4-MD5             1297      0.3261
z:ADH-SEED-SHA            514       0.1292
z:AECDH-AES128-SHA        14496     3.645
z:AECDH-AES256-SHA        14533     3.6543
z:AECDH-DES-CBC3-SHA      14471     3.6387
z:AECDH-NULL-SHA          22        0.0055
z:AECDH-RC4-SHA           13603     3.4205
z:DES-CBC-MD5             26778     6.7333
z:DES-CBC-SHA             69202     17.4008
z:DHE-RSA-SEED-SHA        70054     17.615
z:ECDHE-RSA-NULL-SHA      25        0.0063
z:EDH-RSA-DES-CBC-SHA     60963     15.3291
z:EXP-ADH-DES-CBC-SHA     489       0.123
z:EXP-ADH-RC4-MD5         493       0.124
z:EXP-DES-CBC-SHA         54942     13.8151
z:EXP-EDH-RSA-DES-CBC-SHA 43030     10.8198
z:EXP-RC2-CBC-MD5         59737     15.0208
z:IDEA-CBC-MD5            4021      1.0111
z:IDEA-CBC-SHA            64231     16.1508
z:NULL-MD5                353       0.0888
z:NULL-SHA                351       0.0883
z:NULL-SHA256             7         0.0018
z:RC2-CBC-MD5             30955     7.7836
z:SEED-SHA                83118     20.8999

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               177721    44.6878
Server side               219974    55.3122

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1555      0.391
AECDH                     14564     3.6621
DHE                       202555    50.9322
ECDHE                     184261    46.3322
ECDHE and DHE             73679     18.5265
RSA                       396177    99.6183

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               186744    46.9566  92.1942
DH,2048bits               14169     3.5628   6.9951
DH,2226bits               2         0.0005   0.001
DH,3072bits               4         0.001    0.002
DH,3242bits               1         0.0003   0.0005
DH,3248bits               2         0.0005   0.001
DH,4096bits               703       0.1768   0.3471
DH,512bits                43198     10.8621  21.3266
DH,768bits                759       0.1908   0.3747
DH,8192bits               2         0.0005   0.001
ECDH,B-163,163bits        13        0.0033   0.0071
ECDH,B-571,570bits        398       0.1001   0.216
ECDH,P-224,224bits        4         0.001    0.0022
ECDH,P-256,256bits        182896    45.989   99.2592
ECDH,P-384,384bits        232       0.0583   0.1259
ECDH,P-521,521bits        821       0.2064   0.4456
Prefer DH,1024bits        115759    29.1075  57.1494
Prefer DH,2048bits        1154      0.2902   0.5697
Prefer DH,4096bits        50        0.0126   0.0247
Prefer DH,512bits         2         0.0005   0.001
Prefer DH,768bits         87        0.0219   0.043
Prefer ECDH,B-163,163bits 13        0.0033   0.0071
Prefer ECDH,B-571,570bits 318       0.08     0.1726
Prefer ECDH,P-224,224bits 1         0.0003   0.0005
Prefer ECDH,P-256,256bits 134334    33.7781  72.9042
Prefer ECDH,P-384,384bits 157       0.0395   0.0852
Prefer ECDH,P-521,521bits 749       0.1883   0.4065
Prefer PFS                252624    63.522   0
Support PFS               313137    78.738   0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         1         0.0003   
5 only                    1         0.0003   
10                        3         0.0008   
10 only                   1         0.0003   
30                        2         0.0005   
30 only                   2         0.0005   
42                        1         0.0003   
60                        46        0.0116   
60 only                   41        0.0103   
100                       4         0.001    
100 only                  4         0.001    
120                       10        0.0025   
120 only                  10        0.0025   
128                       4         0.001    
128 only                  4         0.001    
180                       29        0.0073   
180 only                  29        0.0073   
240                       4         0.001    
240 only                  4         0.001    
300                       155200    39.0249  
300 only                  135627    34.1033  
420                       19        0.0048   
420 only                  10        0.0025   
480                       6         0.0015   
480 only                  6         0.0015   
600                       6888      1.732    
600 only                  6597      1.6588   
900                       216       0.0543   
900 only                  190       0.0478   
960                       2         0.0005   
960 only                  2         0.0005   
1200                      60        0.0151   
1200 only                 57        0.0143   
1500                      9         0.0023   
1500 only                 8         0.002    
1800                      123       0.0309   
1800 only                 120       0.0302   
2100                      1         0.0003   
2100 only                 1         0.0003   
2400                      1         0.0003   
2400 only                 1         0.0003   
2700                      2         0.0005   
2700 only                 2         0.0005   
3000                      5         0.0013   
3000 only                 4         0.001    
3600                      234       0.0588   
3600 only                 227       0.0571   
5400                      2         0.0005   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10748     2.7026   
7200 only                 8222      2.0674   
10800                     11        0.0028   
10800 only                6         0.0015   
14400                     722       0.1815   
14400 only                716       0.18     
18000                     1         0.0003   
21600                     26        0.0065   
21600 only                26        0.0065   
28800                     3         0.0008   
28800 only                3         0.0008   
30720                     1         0.0003   
30720 only                1         0.0003   
36000                     402       0.1011   
36000 only                399       0.1003   
43200                     6311      1.5869   
43200 only                6224      1.565    
64800                     9640      2.424    
64800 only                9602      2.4144   
86000                     32        0.008    
86000 only                29        0.0073   
86400                     92        0.0231   
86400 only                85        0.0214   
100800                    14758     3.7109   
100800 only               57        0.0143   
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    7         0.0018   
129600 only               6         0.0015   
604800                    1         0.0003   
604800 only               1         0.0003   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      229357    57.6716  
None only                 192066    48.2948  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15912     4.0011   
ecdsa-with-SHA256         3         0.0008   
sha1WithRSAEncryption     338957    85.2304  
sha256WithRSAEncryption   58772     14.7782  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8235      2.0707   
ECDSA 384                 1         0.0003   
RSA 1024                  1880      0.4727   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0005   
RSA 2048                  381923    96.0341  
RSA 2056                  5         0.0013   
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003
RSA 2080                  2         0.0005
RSA 2084                  5         0.0013
RSA 2408                  3         0.0008
RSA 2432                  28        0.007
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  37        0.0093
RSA 3096                  1         0.0003
RSA 3248                  4         0.001
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0003
RSA 4092                  2         0.0005
RSA 4096                  13721     3.4501
RSA 4098                  3         0.0008
RSA 4192                  1         0.0003
RSA 8192                  6         0.0015
RSA 16384                 1         0.0003   
RSA/ECDSA Dual Stack      8153      2.0501

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 41610     10.4628
Unsupported               356085    89.5372

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      48288     12.142
SSL2 Only                 6029      1.516
SSL3                      379667    95.4669
SSL3 Only                 4125      1.0372
SSL3 or TLS1 Only         117512    29.5483
TLS1                      385363    96.8991
TLS1 Only                 3015      0.7581
TLS1.1                    218025    54.8222
TLS1.1 Only               37        0.0093
TLS1.1 or up Only         709       0.1783
TLS1.2                    229097    57.6062
TLS1.2 Only               374       0.094
TLS1.2, 1.0 but not 1.1   15264     3.8381

Scan performed between 8th and 19th of August 2014.

CA certificates

No big changes here either, about 2% of servers more now have effective security level of 112 bit.
We’ve yet to see the effects of the recent changes in Mozilla trust store.

Statistics from 443385 chains provided by 585568 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  365544    62.4255
incomplete                29700     5.072
untrusted                 190324    32.5025

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2394      0.5399
3                         431592    97.3402
4                         9378      2.1151
5                         21        0.0047

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 3         
ECDSA 384                 3         
RSA 1024                  1733      
RSA 2045                  1         
RSA 2048                  874329    
RSA 4096                  17727     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 3         0.0007
ECDSA 384                 3         0.0007
RSA 1024                  1723      0.3886
RSA 2045                  1         0.0002
RSA 2048                  441708    99.6218
RSA 4096                  17345     3.912

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              3         
sha1WithRSAEncryption          387560    
sha256WithRSAEncryption        50026     
sha384WithRSAEncryption        12822     

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        388390    87.5966
112                       54992     12.4028
128                       3         0.0007

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 115908    26.1416
(157753a5) AddTrust External CA Root          69723     15.7252
(5ad8a5d6) GlobalSign Root CA                 44630     10.0657
(2e4eed3c) thawte Primary Root CA             29574     6.67
(cbf06781) Go Daddy Root Certificate Authorit 28151     6.3491
(f081611a) The Go Daddy Group, Inc.           26956     6.0796
(b204d74a) VeriSign Class 3 Public Primary Ce 26596     5.9984
(244b5494) DigiCert High Assurance EV Root CA 22613     5.1001
(b13cc6df) UTN-USERFirst-Hardware             12983     2.9282
(40547a79) COMODO Certification Authority     11362     2.5626
(653b494a) Baltimore CyberTrust Root          10593     2.3891
(ae8153b9) StartCom Certification Authority   9134      2.0601
(f387163d) Starfield Technologies, Inc.       7934      1.7894

Cleanup of 1024-bit CA certificates

Mozilla is working towards removal of all 1024 bit CA certificates in their trust store. That means that if you depend on root CA or intermediate CA that has those weak RSA keys, your website or server may stop working in near future.

The first batch of changes will affect Firefox 32 users and Fedora 20 (after updating to ca-certificates-2014.2.1-1.0.fc20).

Go to kuix.de for more information, how to tell if you’ll be affected (without using Qualys SSL Labs scanner) and what to do if you are.

Is RC4-less browsing possible?

As some of you know, YouTube now supports one other cipher except the venerable RC4. Unfortunately this other cipher suite is not supported by currently released Firefox (but is supported by the underlying cryptographic library – NSS).

So I went and implemented a patch that allows the user to enable this other cipher suite (among others).

Side note: while compiling Firefox requires quite a few dependencies and lots of patience (not to mention few gigabytes of disk space), the process itself is really easy with all the guides available on the Mozilla developer’s network. Props to all the people responsible for this documentation and scripts!

The patch I wrote unfortunately was shot down by Brian Smith because the current goal is to push server operators to implement support for ECDHE and AES-GCM. While this is a noble goal, I’m a bit more pragmatic (or impatient if you will) and want the cipher suite selection to represent what servers do not what we want them to do.

(While I write below about Firefox 29, the same is true about current development master branch.)

Current state of Firefox 29

I took this month’s scan results and checked them against Firefox offered ciphers.

The good news: Firefox 29 cipher selection is incompatible with less than 0.01% of sites (assuming that all Internet servers are supporting at least one cipher suite that OpenSSL supports).

The bad news: its cipher selection makes the number of servers that prefer RC4 over other cipher suites larger by another 2.68% (for a total of 21.3%).

Supported Ciphers         Count     Percent
-------------------------+---------+-------
RC4                       311666    88.8066
RC4 Only                  3458      0.9853
RC4 Preferred             65353     18.6218
RC4 forced in TLS1.1+     43096     12.2798
x:FF 29 RC4 Only          301       0.0858
x:FF 29 RC4 Preferred     9421      2.6844
x:FF 29 incompatible      31        0.0088

Lets look closer at the ciphers that cause some servers to be elevated to the RC4 Only state (excluding the obviously bad anonymous cipher suites or export grade):

FF 29 RC4 Only other ciphers  Count    Percent
-----------------------------+---------+------
AES128-GCM-SHA256              49        0.014
AES128-SHA256                  98        0.0279
AES256-GCM-SHA384              26        0.0074
AES256-SHA256                  98        0.0279
DHE-RSA-AES128-GCM-SHA256      7         0.002
DHE-RSA-AES128-SHA256          4         0.0011
DHE-RSA-AES256-GCM-SHA384      9         0.0026
DHE-RSA-AES256-SHA256          7         0.002
DHE-RSA-SEED-SHA               31        0.0088
ECDHE-RSA-AES128-SHA256        82        0.0234
ECDHE-RSA-AES256-GCM-SHA384    2         0.0006
ECDHE-RSA-AES256-SHA384        43        0.0123
IDEA-CBC-SHA                   32        0.0091
SEED-SHA                       32        0.0091

We can see that most of those servers support the non ephemeral AES128-SHA256 cipher or ECDHE-RSA-AES128-SHA256. In other words, secure ciphers but slower that the AES128-SHA or ECDHE-RSA-AES128-SHA ciphers (though not necessarily less secure than them).

Now, lets take a look at the set of ciphers that cause Firefox to prefer RC4 while it’s not actually the first cipher selected by server (again, excluding the obviously bad cipher suites):

FF 29 RC4 pref other ciphers  Count    Percent
-----------------------------+---------+------
AES128-GCM-SHA256              7935      2.261
AES128-SHA256                  9212      2.6249
AES256-GCM-SHA384              7887      2.2473
AES256-SHA256                  9212      2.6249
DHE-RSA-AES128-GCM-SHA256      110       0.0313
DHE-RSA-AES128-SHA256          110       0.0313
DHE-RSA-AES256-GCM-SHA384      112       0.0319
DHE-RSA-AES256-SHA256          113       0.0322
DHE-RSA-SEED-SHA               68        0.0194
ECDHE-RSA-AES128-SHA256        7050      2.0088
ECDHE-RSA-AES256-GCM-SHA384    6344      1.8077
ECDHE-RSA-AES256-SHA384        6698      1.9085
IDEA-CBC-SHA                   1770      0.5043
SEED-SHA                       1792      0.5106

We again see AES128-SHA256 and ECDHE-RSA-AES128-SHA256 high, additionally AES128-GCM-SHA256 and AES256-SHA256 is common and supported by NSS cryptographic library. AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-RSA-AES256-SHA384 are also common, but unsupported by NSS.

Interestingly, the sites that are unsupported by Firefox, are unsupported for a good reason:

FF 29 incompatible ciphers    Count    Percent
-----------------------------+---------+------
ADH-AES128-SHA                 8         0.0023
ADH-AES256-SHA                 8         0.0023
ADH-DES-CBC3-SHA               8         0.0023
ADH-RC4-MD5                    8         0.0023
AECDH-AES128-SHA               1         0.0003
AECDH-AES256-SHA               1         0.0003
AECDH-DES-CBC3-SHA             1         0.0003
AECDH-RC4-SHA                  1         0.0003
DES-CBC-SHA                    16        0.0046
DHE-RSA-AES128-GCM-SHA256      1         0.0003
DHE-RSA-AES256-GCM-SHA384      2         0.0006
DHE-RSA-AES256-SHA256          1         0.0003
ECDHE-RSA-AES256-GCM-SHA384    3         0.0009
EDH-RSA-DES-CBC-SHA            15        0.0043
EXP-DES-CBC-SHA                11        0.0031
EXP-EDH-RSA-DES-CBC-SHA        12        0.0034
EXP-RC2-CBC-MD5                11        0.0031
EXP-RC4-MD5                    11        0.0031
NULL-MD5                       4         0.0011
NULL-SHA                       4         0.0011
NULL-SHA256                    3         0.0009

That gives us at most 7 servers (but no less than 3 servers) that could be supported if NSS supported SHA384 as the TLSv1.2 PRF without adding any insecure cipher suites.

Firefox 29 with RC4 disabled

OK, so current cipher selection provides very good compatibility, but not security for over 20% of sites on the Internet. How this picture changes if we remove support for RC4 ciphers?

Supported Ciphers         Count     Percent
-------------------------+---------+-------
RC4                       311666    88.8066
RC4 Only                  3458      0.9853
RC4 Preferred             65353     18.6218
RC4 forced in TLS1.1+     43096     12.2798
x:FF 29 incompatible      3790      1.0799

We become incompatible with just a bit over 1% of servers. Lets take a look at ciphers we can enable then to become more compatible (excluding the obvious bad choices):

FF 29 incompatible ciphers    Count    Percent
-----------------------------+---------+------
AES128-GCM-SHA256              49        0.014
AES128-SHA256                  98        0.0279
AES256-GCM-SHA384              26        0.0074
AES256-SHA256                  98        0.0279
DHE-RSA-AES128-GCM-SHA256      8         0.0023
DHE-RSA-AES128-SHA256          4         0.0011
DHE-RSA-AES256-GCM-SHA384      11        0.0031
DHE-RSA-AES256-SHA256          8         0.0023
DHE-RSA-SEED-SHA               31        0.0088
ECDHE-RSA-AES128-SHA256        82        0.0234
ECDHE-RSA-AES256-GCM-SHA384    5         0.0014
ECDHE-RSA-AES256-SHA384        43        0.0123
ECDHE-RSA-RC4-SHA              104       0.0296
IDEA-CBC-SHA                   32        0.0091
RC4-MD5                        2136      0.6086
RC4-SHA                        3518      1.0024
SEED-SHA                       32        0.0091

The obvious solution would be to enable RC4, but as we’ve established, this is not a good idea.

Firefox 29 and one more cipher

If we could enable one more cipher, it would probably be ECDHE-RSA-AES128-SHA256. Result of such change would look like this:

Supported Ciphers         Count     Percent
-------------------------+---------+-------
RC4                       311666    88.8066
RC4 Only                  3458      0.9853
RC4 Preferred             65353     18.6218
RC4 forced in TLS1.1+     43096     12.2798
x:FF 29 RC4 Only          219       0.0624
x:FF 29 RC4 Preferred     2705      0.7708
x:FF 29 incompatible      31        0.0088

2% change by adding just a single cipher suite!

Firefox 29 with more cipher suites

We know that when we disable RC4 we loose access to about 1% of sites. Lets see if we can decrease the number of sites that select RC4 but don’t prefer it over all other ciphers.

When we enable ECDHE-RSA-AES128-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256 and DHE-RSA-AES256-SHA256 the statistics look like this:

Supported Ciphers         Count     Percent
-------------------------+---------+-------
RC4                       311666    88.8066
RC4 Only                  3458      0.9853
RC4 Preferred             65353     18.6218
RC4 forced in TLS1.1+     43096     12.2798
x:FF 29 RC4 Only          209       0.0596
x:FF 29 RC4 Preferred     2631      0.7497
x:FF 29 incompatible      29        0.0083

In other words, this decreases the number of sites that prefer RC4 by nearly 2%!.

Adding AES128-GCM-SHA256, AES128-SHA256 and AES256-SHA256 to the mix causes the percentage to drop further to less than 0.1%:

Supported Ciphers         Count     Percent
-------------------------+---------+-------
RC4                       311666    88.8066
RC4 Only                  3458      0.9853
RC4 Preferred             65353     18.6218
RC4 forced in TLS1.1+     43096     12.2798
x:FF 29 RC4 Only          161       0.0459
x:FF 29 RC4 Preferred     251       0.0715
x:FF 29 incompatible      29        0.0083

Firefox 29 with more ciphers but no RC4

Removing RC4 ciphers in Firefox with this extended cipher set causes it to be incompatible with 1.04% of sites, compared to 1.08% in default configuration:

Supported Ciphers         Count     Percent
-------------------------+---------+-------
RC4                       311666    88.8066
RC4 Only                  3458      0.9853
RC4 Preferred             65353     18.6218
RC4 forced in TLS1.1+     43096     12.2798
x:FF 29 incompatible      3648      1.0395

The cipher suites that cause this lack of compatibility:

FF 29 incompatible ciphers    Count    Percent
-----------------------------+---------+------
ADH-AES128-GCM-SHA256          1         0.0003
ADH-AES128-SHA                 10        0.0028
ADH-AES128-SHA256              1         0.0003
ADH-AES256-GCM-SHA384          1         0.0003
ADH-AES256-SHA                 10        0.0028
ADH-AES256-SHA256              1         0.0003
ADH-CAMELLIA128-SHA            1         0.0003
ADH-CAMELLIA256-SHA            1         0.0003
ADH-DES-CBC-SHA                2         0.0006
ADH-DES-CBC3-SHA               10        0.0028
ADH-RC4-MD5                    25        0.0071
ADH-SEED-SHA                   1         0.0003
AECDH-AES128-SHA               6         0.0017
AECDH-AES256-SHA               6         0.0017
AECDH-DES-CBC3-SHA             6         0.0017
AECDH-RC4-SHA                  8         0.0023
AES128-SHA256                  3         0.0009
DES-CBC-SHA                    59        0.0168
DHE-RSA-AES256-GCM-SHA384      1         0.0003
DHE-RSA-SEED-SHA               31        0.0088
ECDHE-RSA-AES256-GCM-SHA384    4         0.0011
ECDHE-RSA-RC4-SHA              94        0.0268
EDH-RSA-DES-CBC-SHA            44        0.0125
EXP-ADH-DES-CBC-SHA            1         0.0003
EXP-ADH-RC4-MD5                4         0.0011
EXP-DES-CBC-SHA                38        0.0108
EXP-EDH-RSA-DES-CBC-SHA        30        0.0085
EXP-RC2-CBC-MD5                128       0.0365
EXP-RC4-MD5                    228       0.065
IDEA-CBC-SHA                   32        0.0091
NULL-MD5                       16        0.0046
NULL-SHA                       14        0.004
NULL-SHA256                    3         0.0009
RC4-MD5                        2038      0.5807
RC4-SHA                        3398      0.9682
SEED-SHA                       32        0.0091

Summary

Enabling additional cipher suites already supported by NSS makes connections to more than 2% of sites more secure. While enabling support for them is statistically insignificant for configuration with RC4 disabled, the sites affected by it are not exactly small.

Most likely the reason for the 2% discrepancy between sites that prefer RC4 in general and that negotiate RC4 with Firefox are the servers that run old (2.2.x) versions of Apache which do not support ECDHE key exchange but do support TLSv1.2. Administrators of those servers that still consider BEAST a threat, may want to select different ciphers in TLSv1.1 and later (which makes all ciphers BEAST invulnerable) than in TLSv1.0. Unfortunately, Apache doesn’t really facilitate that, and so they are left with just putting all ciphers that require TLSv1.2 right before RC4 ciphers. Combined with the fact that Firefox supports only two cipher suites that require TLSv1.2 (ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256), makes the connections in the end use RC4.

Thankfully Apache 2.2 will gain support for ECDHE so this number should fall in the future.

May 2014 scan results – SNI enabled

I have extended the cipherscan tool I use for scanning to use SNI for communicating to the servers, tweaked the order of cipher suites so that google servers negotiate ECDSA cipher suites and also collect additional data like OCSP stapling support or TLS session ticket hints.

This makes this results a bit different from the previously published results for May.

SSL/TLS survey of 349511 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      304525    87.1289
3DES Only                 132       0.0378
AES                       327024    93.5662
AES Only                  896       0.2564
AES-CBC Only              610       0.1745
AES-GCM                   132866    38.0148
AES-GCM Only              5         0.0014
CAMELLIA                  139004    39.771
CAMELLIA Only             2         0.0006
CHACHA20                  16551     4.7355
CHACHA20 Only             1         0.0003
RC4                       310624    88.8739
RC4 Only                  4173      1.194
RC4 Preferred             66086     18.9081
RC4 forced in TLS1.1+     42640     12.1999
z:ADH-AES128-GCM-SHA256   312       0.0893
z:ADH-AES128-SHA          1380      0.3948
z:ADH-AES128-SHA256       293       0.0838
z:ADH-AES256-GCM-SHA384   297       0.085
z:ADH-AES256-SHA          1382      0.3954
z:ADH-AES256-SHA256       296       0.0847
z:ADH-CAMELLIA128-SHA     725       0.2074
z:ADH-CAMELLIA256-SHA     731       0.2091
z:ADH-DES-CBC-SHA         766       0.2192
z:ADH-DES-CBC3-SHA        1446      0.4137
z:ADH-RC4-MD5             1303      0.3728
z:ADH-SEED-SHA            622       0.178
z:AECDH-AES128-SHA        9402      2.69
z:AECDH-AES256-SHA        9405      2.6909
z:AECDH-DES-CBC3-SHA      9378      2.6832
z:AECDH-NULL-SHA          19        0.0054
z:AECDH-RC4-SHA           8953      2.5616
z:DES-CBC-SHA             68469     19.5899
z:DHE-RSA-SEED-SHA        57227     16.3734
z:ECDHE-RSA-NULL-SHA      22        0.0063
z:EDH-RSA-DES-CBC-SHA     52676     15.0713
z:EXP-ADH-DES-CBC-SHA     470       0.1345
z:EXP-ADH-RC4-MD5         473       0.1353
z:EXP-DES-CBC-SHA         56608     16.1963
z:EXP-EDH-RSA-DES-CBC-SHA 37766     10.8054
z:EXP-RC2-CBC-MD5         53602     15.3363
z:IDEA-CBC-SHA            60579     17.3325
z:NULL-MD5                350       0.1001
z:NULL-SHA                345       0.0987
z:NULL-SHA256             18        0.0052
z:SEED-SHA                71590     20.4829

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1502      0.4297
AECDH                     9435      2.6995
DHE                       168752    48.2823
ECDHE                     153342    43.8733
ECDHE and DHE             50336     14.4018
RSA                       349257    99.9273

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               157223    44.9837  93.1681
DH,2048bits               10153     2.9049   6.0165
DH,3072bits               5         0.0014   0.003
DH,3248bits               4         0.0011   0.0024
DH,4096bits               513       0.1468   0.304
DH,512bits                37886     10.8397  22.4507
DH,768bits                733       0.2097   0.4344
DH,8192bits               2         0.0006   0.0012
ECDH,B-163,163bits        3         0.0009   0.002
ECDH,B-571,570bits        328       0.0938   0.2139
ECDH,P-224,224bits        4         0.0011   0.0026
ECDH,P-256,256bits        152376    43.5969  99.37
ECDH,P-384,384bits        165       0.0472   0.1076
ECDH,P-521,521bits        532       0.1522   0.3469
Prefer DH,1024bits        105105    30.072   62.2837
Prefer DH,2048bits        2396      0.6855   1.4198
Prefer DH,4096bits        36        0.0103   0.0213
Prefer DH,512bits         1         0.0003   0.0006
Prefer DH,768bits         82        0.0235   0.0486
Prefer ECDH,B-163,163bits 3         0.0009   0.002
Prefer ECDH,B-571,570bits 259       0.0741   0.1689
Prefer ECDH,P-224,224bits 2         0.0006   0.0013
Prefer ECDH,P-256,256bits 109734    31.3964  71.5616
Prefer ECDH,P-384,384bits 105       0.03     0.0685
Prefer ECDH,P-521,521bits 479       0.137    0.3124
Prefer PFS                218202    62.4307  0
Support PFS               271758    77.7538  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         1         0.0003   
5 only                    1         0.0003   
10                        2         0.0006   
10 only                   2         0.0006   
30                        1         0.0003   
30 only                   1         0.0003   
42                        1         0.0003   
60                        11        0.0031   
60 only                   6         0.0017   
120                       3         0.0009   
120 only                  3         0.0009   
128                       1         0.0003   
128 only                  1         0.0003   
180                       20        0.0057   
180 only                  20        0.0057   
300                       122495    35.0475  
300 only                  108193    30.9555  
420                       6         0.0017   
420 only                  6         0.0017   
480                       4         0.0011   
480 only                  4         0.0011   
600                       4448      1.2726   
600 only                  4329      1.2386   
900                       120       0.0343   
900 only                  106       0.0303   
960                       1         0.0003   
960 only                  1         0.0003   
1200                      49        0.014    
1200 only                 49        0.014    
1500                      6         0.0017   
1500 only                 6         0.0017   
1800                      82        0.0235   
1800 only                 78        0.0223   
3000                      3         0.0009   
3000 only                 2         0.0006   
3600                      157       0.0449   
3600 only                 154       0.0441   
5400                      1         0.0003   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10327     2.9547   
7200 only                 1603      0.4586   
10800                     5         0.0014   
10800 only                2         0.0006   
14400                     573       0.1639   
14400 only                573       0.1639   
18000                     2         0.0006   
21600                     22        0.0063   
21600 only                22        0.0063   
28800                     5         0.0014   
28800 only                5         0.0014   
36000                     545       0.1559   
36000 only                532       0.1522   
43200                     6516      1.8643   
43200 only                6511      1.8629   
64800                     8477      2.4254   
64800 only                8465      2.422    
86000                     30        0.0086   
86000 only                30        0.0086   
86400                     3573      1.0223   
86400 only                3541      1.0131   
100800                    16555     4.7366   
100800 only               7         0.002    
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    6         0.0017   
129600 only               6         0.0017   
864000                    6         0.0017   
864000 only               6         0.0017   
None                      215218    61.5769  
None only                 175481    50.2076  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      10888     3.1152   
ecdsa-with-SHA256         1         0.0003   
sha1WithRSAEncryption     310881    88.9474  
sha256WithRSAEncryption   38640     11.0554  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 9306      2.6626   
ECDSA 384                 1         0.0003   
RSA 1024                  1928      0.5516   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0006   
RSA 2048                  335355    95.9498  
RSA 2056                  3         0.0009   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003   
RSA 2080                  2         0.0006   
RSA 2084                  4         0.0011   
RSA 2408                  2         0.0006   
RSA 2432                  70        0.02     
RSA 2536                  1         0.0003   
RSA 2612                  1         0.0003   
RSA 3050                  1         0.0003   
RSA 3072                  29        0.0083   
RSA 3073                  1         0.0003   
RSA 3248                  4         0.0011   
RSA 3600                  1         0.0003   
RSA 4042                  1         0.0003   
RSA 4046                  2         0.0006   
RSA 4048                  2         0.0006   
RSA 4069                  1         0.0003   
RSA 4086                  1         0.0003   
RSA 4092                  1         0.0003   
RSA 4096                  12095     3.4605   
RSA 4098                  1         0.0003   
RSA 4192                  1         0.0003   
RSA 8192                  3         0.0009
RSA 16384                 1         0.0003
RSA/ECDSA Dual Stack      9305      2.6623

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 51404     14.7074
Unsupported               298107    85.2926

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      1         0.0003
SSL3                      345529    98.8607
SSL3 Only                 4396      1.2578
SSL3 or TLS1 Only         150360    43.0201
TLS1                      344639    98.6061
TLS1 Only                 1149      0.3287
TLS1.1                    185720    53.1371
TLS1.1 Only               4         0.0011
TLS1.1 or up Only         26        0.0074
TLS1.2                    194572    55.6698
TLS1.2 Only               17        0.0049
TLS1.2, 1.0 but not 1.1   13324     3.8122 

The scan was performed between 16th and 25th of May 2014.

Mozilla recommends disabling RC4

Mozilla currently recommends using 3DES ciphers instead of RC4 for backwards compatibility with very old systems like Android 2 or Internet Explorer on Windows XP.

The current recommendation comes after similar recommendations from researchers that discovered the most recent flaws in it, Cisco, Microsoft and their proposition to IETF as well as Qualys and Bruce Schneier.

The message is clear: don’t use RC4.

If you had for some reason follow the Mozilla guide, you don’t have to use this insecure, nearly 30 year old cipher any more. While you’re changing the cipher suite defaults, consider also updating to Perfect Forward Secrecy capable configuration.

TLS 1.2 adoption half way mark reached! May 2014 cipher scan results

Update: previous version of results counted “broken” cipher suites (export, ADH, AECDH) even if server didn’t have a trusted certificate.

I’ve scanned Alexa Top 1 million sites again and this month’s results results are both depressing and encouraging.

The bad

Number of sites that force RC4 in TLS 1.1 and TLS 1.2 connections has grown (by nearly 1.5%). The percent of sites that accept export grade cryptography or plain broken cryptography hasn’t changed significantly.

The good

Fraction of servers that support only RC4 ciphers has fallen by 0.4% to 1.38%. More and more certificates are using the SHA-256 based signatures (now over 10%, an increase by nearly 5%).

Interestingly, there are first sites that use only ECDSA certificates (at the moment 2).

Also, we’ve finally reached the half way mark for TLS 1.2 adoption on the servers. Over 54% of servers support TLS1.2 and over 51% support TLS1.1.

Results

SSL/TLS survey of 318366 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)

Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      276742    86.9257
3DES Only                 137       0.043
AES                       296225    93.0454
AES Only                  930       0.2921
AES-CBC Only              588       0.1847
AES-GCM                   121699    38.2261
AES-GCM Only              4         0.0013
CAMELLIA                  127345    39.9996
CAMELLIA Only             1         0.0003
CHACHA20                  19834     6.2299
RC4                       283641    89.0927
RC4 Only                  4388      1.3783
RC4 Preferred             59422     18.6647
RC4 forced in TLS1.1+     37507     11.7811
z:ADH-AES128-GCM-SHA256   290       0.0911
z:ADH-AES128-SHA          1431      0.4495
z:ADH-AES128-SHA256       279       0.0876
z:ADH-AES256-GCM-SHA384   285       0.0895
z:ADH-AES256-SHA          1430      0.4492
z:ADH-AES256-SHA256       283       0.0889
z:ADH-CAMELLIA128-SHA     794       0.2494
z:ADH-CAMELLIA256-SHA     799       0.251
z:ADH-DES-CBC-SHA         845       0.2654
z:ADH-DES-CBC3-SHA        1482      0.4655
z:ADH-RC4-MD5             1345      0.4225
z:ADH-SEED-SHA            689       0.2164
z:AECDH-AES128-SHA        8482      2.6642
z:AECDH-AES256-SHA        8485      2.6652
z:AECDH-DES-CBC3-SHA      8457      2.6564
z:AECDH-NULL-SHA          4         0.0013
z:AECDH-RC4-SHA           8091      2.5414
z:DES-CBC-MD5             254       0.0798
z:DES-CBC-SHA             60478     18.9964
z:DHE-RSA-SEED-SHA        51890     16.2989
z:ECDHE-RSA-NULL-SHA      7         0.0022
z:EDH-RSA-DES-CBC-SHA     49291     15.4825
z:EXP-ADH-DES-CBC-SHA     461       0.1448
z:EXP-ADH-RC4-MD5         467       0.1467
z:EXP-DES-CBC-SHA         49466     15.5375
z:EXP-EDH-RSA-DES-CBC-SHA 35342     11.1011
z:EXP-RC2-CBC-MD5         46932     14.7415
z:IDEA-CBC-MD5            27        0.0085
z:IDEA-CBC-SHA            51847     16.2853
z:NULL-MD5                319       0.1002
z:NULL-SHA                313       0.0983
z:NULL-SHA256             10        0.0031
z:RC2-CBC-MD5             281       0.0883
z:SEED-SHA                65444     20.5562

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1525      0.479
AECDH                     8502      2.6705
DHE                       154179    48.4282
ECDHE                     134412    42.2193
RSA                       318109    99.9193

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               145407    45.6729  94.3105
DH,2048bits               7568      2.3771   4.9086
DH,3072bits               2         0.0006   0.0013
DH,3248bits               2         0.0006   0.0013
DH,4096bits               428       0.1344   0.2776
DH,4097bits               2         0.0006   0.0013
DH,512bits                35433     11.1296  22.9817
DH,768bits                683       0.2145   0.443
ECDH,B-163,163bits        1         0.0003   0.0007
ECDH,B-571,570bits        294       0.0923   0.2187
ECDH,P-224,224bits        3         0.0009   0.0022
ECDH,P-256,256bits        133565    41.9533  99.3698
ECDH,P-384,384bits        165       0.0518   0.1228
ECDH,P-521,521bits        450       0.1413   0.3348
Prefer DH,1024bits        98865     31.0539  64.1235
Prefer DH,2048bits        2143      0.6731   1.3899
Prefer DH,4096bits        34        0.0107   0.0221
Prefer DH,512bits         1         0.0003   0.0006
Prefer DH,768bits         74        0.0232   0.048
Prefer ECDH,B-163,163bits 1         0.0003   0.0007
Prefer ECDH,B-571,570bits 236       0.0741   0.1756
Prefer ECDH,P-256,256bits 94747     29.7604  70.49
Prefer ECDH,P-384,384bits 115       0.0361   0.0856
Prefer ECDH,P-521,521bits 409       0.1285   0.3043
Prefer PFS                196625    61.7607  0
Support PFS               245584    77.1389  0

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      9994      3.1392   
ecdsa-with-SHA256         2         0.0006   
sha1WithRSAEncryption     286277    89.9207  
sha256WithRSAEncryption   32146     10.0972  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 384                 2         0.0006   
RSA 1024                  1935      0.6078   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0006   
RSA 2048                  304898    95.7696  
RSA 2049                  2         0.0006   
RSA 2056                  3         0.0009   
RSA 2058                  1         0.0003
RSA 2060                  1         0.0003
RSA 2064                  1         0.0003
RSA 2080                  3         0.0009
RSA 2084                  4         0.0013
RSA 2345                  1         0.0003
RSA 2408                  1         0.0003
RSA 2432                  60        0.0188
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3000                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  19        0.006
RSA 3248                  3         0.0009
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  1         0.0003
RSA 4048                  1         0.0003
RSA 4069                  1         0.0003
RSA 4086                  1         0.0003
RSA 4092                  2         0.0006
RSA 4096                  11427     3.5893
RSA 4098                  1         0.0003
RSA 4192                  2         0.0006
RSA 8192                  3         0.0009
RSA/ECDSA Dual Stack      0         0.0

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      621       0.1951
SSL2 Only                 73        0.0229
SSL3                      314763    98.8683
SSL3 Only                 3524      1.1069
SSL3 or TLS1 Only         140708    44.1969
TLS1                      314191    98.6886
TLS1 Only                 1117      0.3509
TLS1.1                    164225    51.5837
TLS1.1 Only               8         0.0025
TLS1.1 or up Only         68        0.0214
TLS1.2                    173049    54.3554
TLS1.2 Only               48        0.0151
TLS1.2, 1.0 but not 1.1   12720     3.9954

Scan performed between 7th and 15th of May 2014.