certificate authorities

February 2015 scan results

This month the amount of HTTP servers with trusted certificate has grown again,
this time by just under 2%.

Cipher suites that use 3DES or AES have essentially retained their marketshare,
with slight increase in 3DES and AES-GCM use. Servers which support just RC4 or
prefer RC4 over other ciphers has also remained unchanged, as have the use of
completely insecure export grade and 54 bit ciphers.

Server side cipher ordering also didn’t change by much, though it has risen.

Support for ciphersuites that provides forward secrecy has also seen only
insignificant changes. Preference for DHE has remained the same, for ECDHE
has risen only very slightly. Though it is a bit surprising, as support for both
ECDHE and DHE has risen by more than a percent. Nearly all of this change is
attributed to support for P-256 curve and 2048 bit finite-field DHE.

Similarly, support for server side curve ordering or chosen signature algorithms
essentially remained the same.

The only measurement that has noted change above 1% are the signature algorithms
on server certificates, with SHA-1 loosing another 3.8% and SHA-256 gaining same
amount. Used key sizes haven’t changed though.

SSLv3 support still remains high, with 33% of surveyed servers still supporting
this insecure protocol. The good news is that only 0.33% of all servers scanned
support just SSLv3 or SSLv2, so browsers and users are safe to disable this
protocol without fear of interoperability issues.

SSL/TLS survey of 478847 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      389395    81.3193
3DES Only                 446       0.0931
AES                       452703    94.5402
AES Only                  7959      1.6621
AES-CBC Only              4111      0.8585
AES-GCM                   275395    57.5121
AES-GCM Only              21        0.0044
CAMELLIA                  201517    42.0838
CAMELLIA Only             1         0.0002
CHACHA20                  27231     5.6868
Insecure                  88014     18.3804
RC4                       362499    75.7025
RC4 Only                  3578      0.7472
RC4 Preferred             63514     13.2639
RC4 forced in TLS1.1+     40750     8.51
x:FF 29 RC4 Only          545       0.1138
x:FF 29 RC4 Preferred     68531     14.3117
x:FF 29 incompatible      135       0.0282
y:DHE-RSA-SEED-SHA        106333    22.206
y:IDEA-CBC-MD5            2911      0.6079
y:IDEA-CBC-SHA            85651     17.8869
y:SEED-SHA                103273    21.567
z:ADH-AES128-GCM-SHA256   352       0.0735
z:ADH-AES128-SHA          983       0.2053
z:ADH-AES128-SHA256       278       0.0581
z:ADH-AES256-GCM-SHA384   367       0.0766
z:ADH-AES256-SHA          995       0.2078
z:ADH-AES256-SHA256       282       0.0589
z:ADH-CAMELLIA128-SHA     440       0.0919
z:ADH-CAMELLIA256-SHA     449       0.0938
z:ADH-DES-CBC-SHA         378       0.0789
z:ADH-DES-CBC3-SHA        1011      0.2111
z:ADH-RC4-MD5             787       0.1644
z:ADH-SEED-SHA            293       0.0612
z:AECDH-AES128-SHA        14530     3.0344
z:AECDH-AES256-SHA        14530     3.0344
z:AECDH-DES-CBC3-SHA      14487     3.0254
z:AECDH-NULL-SHA          38        0.0079
z:AECDH-RC4-SHA           13507     2.8207
z:DES-CBC-MD5             18469     3.857
z:DES-CBC-SHA             49506     10.3386
z:DES-CBC3-MD5            33718     7.0415
z:ECDHE-RSA-NULL-SHA      43        0.009
z:EDH-RSA-DES-CBC-SHA     42281     8.8298
z:EXP-ADH-DES-CBC-SHA     302       0.0631
z:EXP-ADH-RC4-MD5         306       0.0639
z:EXP-DES-CBC-SHA         35244     7.3602
z:EXP-EDH-RSA-DES-CBC-SHA 24614     5.1403
z:EXP-RC2-CBC-MD5         40047     8.3632
z:EXP-RC4-MD5             42873     8.9534
z:EXP1024-DES-CBC-SHA     9396      1.9622
z:EXP1024-RC4-SHA         9557      1.9958
z:NULL-MD5                292       0.061
z:NULL-SHA                292       0.061
z:NULL-SHA256             12        0.0025
z:RC2-CBC-MD5             18829     3.9322
z:RC4-64-MD5              1529      0.3193

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               141265    29.5011
Server side               337582    70.4989

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1120      0.2339
AECDH                     14557     3.04
DHE                       256190    53.5014
ECDHE                     305994    63.9022
ECDHE and DHE             154553    32.2761
RSA                       446580    93.2615

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               214103    44.7122  83.572
DH,1536bits               1         0.0002   0.0004
DH,2048bits               39131     8.1719   15.2742
DH,2226bits               1         0.0002   0.0004
DH,2236bits               1         0.0002   0.0004
DH,3072bits               19        0.004    0.0074
DH,3248bits               2         0.0004   0.0008
DH,4094bits               1         0.0002   0.0004
DH,4096bits               2115      0.4417   0.8256
DH,512bits                87        0.0182   0.034
DH,768bits                759       0.1585   0.2963
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        7         0.0015   0.0023
ECDH,B-571,570bits        707       0.1476   0.2311
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,P-224,224bits        51        0.0107   0.0167
ECDH,P-256,256bits        299807    62.6102  97.9781
ECDH,P-384,384bits        3156      0.6591   1.0314
ECDH,P-521,521bits        4454      0.9302   1.4556
Prefer DH,1024bits        99375     20.753   38.7896
Prefer DH,2048bits        2882      0.6019   1.1249
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,4096bits        90        0.0188   0.0351
Prefer DH,512bits         3         0.0006   0.0012
Prefer DH,768bits         420       0.0877   0.1639
Prefer ECDH,B-163,163bits 7         0.0015   0.0023
Prefer ECDH,B-571,570bits 521       0.1088   0.1703
Prefer ECDH,K-163,163bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 18        0.0038   0.0059
Prefer ECDH,P-256,256bits 243201    50.7889  79.479
Prefer ECDH,P-384,384bits 3079      0.643    1.0062
Prefer ECDH,P-521,521bits 4146      0.8658   1.3549
Prefer PFS                353744    73.8741  0
Support PFS               407631    85.1276  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           77        0.0161   
brainpoolP384r1           77        0.0161   
brainpoolP512r1           77        0.0161   
prime192v1                721       0.1506   
prime256v1                305466    63.792   
prime256v1 Only           265378    55.4202  
secp160k1                 689       0.1439   
secp160r1                 688       0.1437   
secp160r2                 688       0.1437   
secp192k1                 716       0.1495   
secp224k1                 747       0.156    
secp224r1                 1221      0.255    
secp224r1 Only            1         0.0002   
secp256k1                 766       0.16     
secp384r1                 40252     8.406    
secp384r1 Only            166       0.0347   
secp521r1                 9985      2.0852   
secp521r1 Only            86        0.018    
sect163k1                 688       0.1437   
sect163r1                 688       0.1437   
sect163r2                 695       0.1451   
sect163r2 Only            7         0.0015   
sect193r1                 688       0.1437   
sect193r2                 688       0.1437   
sect233k1                 738       0.1541   
sect233r1                 738       0.1541   
sect239k1                 737       0.1539   
sect283k1                 737       0.1539   
sect283r1                 737       0.1539   
sect409k1                 737       0.1539   
sect409r1                 737       0.1539   
sect571k1                 756       0.1579   
sect571r1                 756       0.1579   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          75947     15.8604  
True                           188432    39.3512  
order-specific                 12        0.0025   
unknown                        214456    44.7859  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1661      0.3469   
inconclusive-noecc        4         0.0008   
server                    304074    63.5013  
unknown                   173108    36.151   

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     27872     5.8206   
ECDSA-SHA224                   27873     5.8209   
ECDSA-SHA256                   27873     5.8209   
ECDSA-SHA384                   27874     5.8211   
ECDSA-SHA512                   27874     5.8211   
RSA-MD5                        132832    27.74    
RSA-MD5 Only                   1         0.0002   
RSA-SHA1                       275469    57.5276  
RSA-SHA1 Only                  42560     8.888    
RSA-SHA224                     224806    46.9474  
RSA-SHA256                     235988    49.2825  
RSA-SHA256 Only                2701      0.5641   
RSA-SHA384                     225210    47.0317  
RSA-SHA512                     225254    47.0409  
RSA-SHA512 Only                39        0.0081   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         206251    43.0724  
indeterminate                  7         0.0015   
intolerant                     1409      0.2942   
order-fallback                 2         0.0004   
server                         98943     20.6628  
unsupported                    37273     7.7839   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     27871     5.8204   
ECDSA intolerant               4         0.0008   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      131264    27.4125  
RSA SHA1                       125024    26.1094  
RSA intolerant                 20874     4.3592   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 1609      0.336    

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     9764      2.0391   
insecure                  25819     5.3919   
secure                    443264    92.569   

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      15459     3.2284   
False                     9764      2.0391   
NONE                      453624    94.7326  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        4         0.0008   
10 only                   4         0.0008   
15                        8         0.0017   
15 only                   8         0.0017   
30                        10        0.0021   
30 only                   10        0.0021   
60                        71        0.0148   
60 only                   64        0.0134   
65                        1         0.0002   
65 only                   1         0.0002   
70                        4         0.0008   
75                        1         0.0002   
75 only                   1         0.0002   
100                       11        0.0023   
100 only                  11        0.0023   
120                       24        0.005    
120 only                  23        0.0048   
128                       3         0.0006   
128 only                  3         0.0006   
180                       47        0.0098   
180 only                  45        0.0094   
240                       11        0.0023   
240 only                  11        0.0023   
300                       201017    41.9794  
300 only                  192323    40.1638  
360                       2         0.0004   
360 only                  1         0.0002   
400                       4         0.0008   
400 only                  4         0.0008   
420                       37        0.0077   
420 only                  26        0.0054   
480                       16        0.0033   
480 only                  14        0.0029   
500                       4         0.0008   
500 only                  4         0.0008   
600                       14965     3.1252   
600 only                  14676     3.0649   
720                       1         0.0002   
720 only                  1         0.0002   
840                       1         0.0002   
840 only                  1         0.0002   
900                       520       0.1086   
900 only                  500       0.1044   
960                       2         0.0004   
960 only                  2         0.0004   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      286       0.0597   
1200 only                 283       0.0591   
1500                      9         0.0019   
1500 only                 8         0.0017   
1800                      343       0.0716   
1800 only                 334       0.0698   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      2         0.0004   
2400 only                 2         0.0004   
2700                      5         0.001    
2700 only                 5         0.001    
3000                      11        0.0023   
3000 only                 11        0.0023   
3600                      329       0.0687   
3600 only                 312       0.0652   
5400                      10        0.0021   
6000                      3         0.0006   
6000 only                 3         0.0006   
7200                      14085     2.9414   
7200 only                 11423     2.3855   
10800                     1006      0.2101   
10800 only                1001      0.209    
14400                     1416      0.2957   
14400 only                1415      0.2955   
18000                     1         0.0002   
18000 only                1         0.0002   
21600                     4976      1.0392   
21600 only                4973      1.0385   
28800                     12        0.0025   
28800 only                11        0.0023   
36000                     980       0.2047   
36000 only                975       0.2036   
43200                     101       0.0211   
43200 only                101       0.0211   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     45713     9.5465   
64800 only                45710     9.5458   
72000                     8         0.0017   
72000 only                8         0.0017   
86000                     28        0.0058   
86000 only                28        0.0058   
86400                     225       0.047    
86400 only                224       0.0468   
93600                     1         0.0002   
93600 only                1         0.0002   
100800                    12805     2.6741   
100800 only               12805     2.6741   
129600                    8         0.0017   
129600 only               8         0.0017   
172800                    1         0.0002   
172800 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      191458    39.9831  
None only                 179709    37.5295  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15481     3.233    
ecdsa-with-SHA256         27852     5.8165   
sha1WithRSAEncryption     247414    51.6687  
sha256WithRSAEncryption   203665    42.5324  
sha512WithRSAEncryption   10        0.0021   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 27873     5.8209   
ECDSA 384                 4         0.0008   
RSA 1024                  586       0.1224   
RSA 10240                 4         0.0008   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  434653    90.7707  
RSA 2049                  2         0.0004   
RSA 2056                  3         0.0006   
RSA 2058                  4         0.0008   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  14        0.0029   
RSA 2096                  1         0.0002   
RSA 2408                  3         0.0006   
RSA 2432                  5         0.001    
RSA 2612                  1         0.0002   
RSA 3072                  81        0.0169   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  32        0.0067   
RSA 4069                  1         0.0002   
RSA 4086                  2         0.0004   
RSA 4092                  2         0.0004   
RSA 4096                  15597     3.2572   
RSA 4098                  2         0.0004   
RSA 8192                  4         0.0008   
RSA/ECDSA Dual Stack      30        0.0063

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 79626     16.6287  
Unsupported               399221    83.3713  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      34004     7.1012
SSL2 Only                 83        0.0173
SSL3                      160049    33.4238
SSL3 Only                 1554      0.3245
SSL3 or TLS1 Only         99562     20.792
SSL3 or lower Only        1597      0.3335
TLS1                      476217    99.4508
TLS1 Only                 53875     11.251
TLS1 or lower Only        130773    27.31
TLS1.1                    333272    69.5988
TLS1.1 Only               6         0.0013
TLS1.1 or up Only         690       0.1441
TLS1.2                    343871    71.8123
TLS1.2 Only               495       0.1034
TLS1.2, 1.0 but not 1.1   12594     2.6301

Statistics from 506677 chains provided by 663743 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  445855    67.1728
incomplete                28915     4.3564
untrusted                 188973    28.4708


Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1250      0.2467
3                         435699    85.9915
4                         69697     13.7557
5                         31        0.0061

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 27724     
ECDSA 384                 27724     
RSA 1024                  1237      
RSA 2045                  1         
RSA 2048                  945864    
RSA 4096                  79313     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 27724     5.4717
ECDSA 384                 27724     5.4717
RSA 1024                  1233      0.2434
RSA 2045                  1         0.0002
RSA 2048                  477582    94.2577
RSA 4096                  78697     15.532

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              27724     
sha1WithRSAEncryption          272982    
sha256WithRSAEncryption        141436    
sha384WithRSAEncryption        133014    
sha512WithRSAEncryption        30        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        273108    53.9018
112                       205843    40.6261
128                       27726     5.4721

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 112003    22.1054
(157753a5) AddTrust External CA Root          103054    20.3392
(5ad8a5d6) GlobalSign Root CA                 51402     10.1449
(cbf06781) Go Daddy Root Certificate Authorit 42982     8.4831
(b204d74a) VeriSign Class 3 Public Primary Ce 29072     5.7378
(eed8c118) COMODO ECC Certification Authority 27720     5.4709
(2e4eed3c) thawte Primary Root CA             26917     5.3125
(244b5494) DigiCert High Assurance EV Root CA 23747     4.6868
(653b494a) Baltimore CyberTrust Root          11804     2.3297
(f081611a) The Go Daddy Group, Inc.           11749     2.3188
(b13cc6df) UTN-USERFirst-Hardware             9836      1.9413
(ae8153b9) StartCom Certification Authority   9546      1.884
(f387163d) Starfield Technologies, Inc.       8019      1.5827
(40547a79) COMODO Certification Authority     6997      1.381
(3513523f) DigiCert Global Root CA            5757      1.1362


Scan performed between 19th and 27th of February 2015.
Advertisements

October 2014 results – big changes

While last month’s results were not very interesting, this month is anything but.

But before we go into results, there were few small changes to how the statistics are reported. First difference is that the “x:FF 29 RC4 Preferred” now includes sites that prefer RC4 ciphers independent of other ciphers. Second is the addition of new item “Insecure”, which is the sum total of sites that use any cipher with a “z:” state, it does not include sites that also include IDEA or SEED ciphers. Ciphersuites that use those two ciphers are now prefixed with “y:”, as they are iffy in the sense that they haven’t been widely analysed, but otherwise don’t have known weaknesses.

Since the last scan two big things happened. POODLE attack that has shown SSLv3 to be completely insecure in CBC mode and Cloudflare deploying their Universal SSL.The former should cause far less sites to have SSLv3 enabled while the former should show more sites using ECDSA certificates and more TLS enabled sites in general.

Cipher suite results

This time ’round, the number of TLS enabled servers has increased by over 33 thousand (7.6%) a much bigger amount than previous months.

Usage of AES-GCM has increased by 5.5% to 48.3%. Surprisingly the percentage of CAMELLIA enabled servers has fallen, but it’s caused by the overall increase of number of TLS enabled servers, not by fewer servers supporting this cipher.

As far as bad choices go, sites that use completely broken ciphers (AECDH, single DES, export grade, etc.) has fallen by 2.6% to 20.3%.

RC4 is still a problem, percent of servers that support it has fallen by just 2%. Percentage of servers that don’t support anything else has decreased by just 0.13% to 0.82%. It’s a biggest drop in months, but it still makes it impossible for browser vendors to drop it completely.  Similar fate share servers that prefer RC4 where their numbers fallen by just 2.28% to 15.5% of total. The good news is that it’s a reversal of a few months negative trend.

Misconfiguration that causes AECDH ciphers to be enabled is still common, just 0.6% fewer servers support it compared to last month, bringing their numbers to around 3.2%.

Cipher ordering has shown a big shift this time, just over 60% server now use their order instead of client side order, a change of over 5%!

There is also a rather big up-tick in fraction of servers that don’t enable the RSA key exchange, from less than a 1% to nearly 4% now.

More servers also started preferring Forward Secrecy: an increase of 3.8% to 68.6%. Also more servers support PFS now: 2.2% more for a total of 82%.

Server certificates

Another significant change are the certificates used by servers, while previously just 4 servers did use certificates signed by a ECDSA CA, now there are nearly 21 thousands of them, giving a total of 4.8% of servers using them. The servers that use RSA CAs have also seen a big change, nearly 4% more servers now have their certificates signed with SHA256, to a total of 20.5%.

The vast majority of those new ECDSA certificates use P-256 curve, a total of 6.6%, creating an increase of 4.5%.

Protocols

Obviously SSLv3 support has taken a blow, its use has fallen by over 26%, bringing its support to 69.5% (far too small change given the severity of POODLE). It looks like many administrators also have taken the time to actually update the cryptographic libraries they use, as TLS1.2 support has increased by 4.5% to a total of 64%.

Trust chains

With the introduction of ECDSA CAs, we can finally see a significant percentage of servers reach 128 bit level of security. We can also see that all of intermediate ECDSA CAs have been signed with SHA384. No big changes besides that.

Detailed cipher suite statistics

SSL/TLS survey of 435987 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      377229    86.523
3DES Only                 168       0.0385
AES                       409388    93.8991
AES Only                  2002      0.4592
AES-CBC Only              877       0.2012
AES-GCM                   210554    48.2936
AES-GCM Only              17        0.0039
CAMELLIA                  171200    39.2672
CHACHA20                  14611     3.3512
Insecure                  88343     20.2628
RC4                       375776    86.1897
RC4 Only                  3595      0.8246
RC4 Preferred             67695     15.5268
RC4 forced in TLS1.1+     47943     10.9964
x:FF 29 RC4 Only          5814      1.3335
x:FF 29 RC4 Preferred     79458     18.2249
x:FF 29 incompatible      164       0.0376
y:DHE-RSA-SEED-SHA        80620     18.4914
y:IDEA-CBC-MD5            3756      0.8615
y:IDEA-CBC-SHA            67532     15.4895
y:SEED-SHA                86784     19.9052
z:ADH-AES128-GCM-SHA256   338       0.0775
z:ADH-AES128-SHA          1197      0.2745
z:ADH-AES128-SHA256       317       0.0727
z:ADH-AES256-GCM-SHA384   338       0.0775
z:ADH-AES256-SHA          1202      0.2757
z:ADH-AES256-SHA256       317       0.0727
z:ADH-CAMELLIA128-SHA     559       0.1282
z:ADH-CAMELLIA256-SHA     567       0.13
z:ADH-DES-CBC-SHA         530       0.1216
z:ADH-DES-CBC3-SHA        1250      0.2867
z:ADH-RC4-MD5             1059      0.2429
z:ADH-SEED-SHA            393       0.0901
z:AECDH-AES128-SHA        14245     3.2673
z:AECDH-AES256-SHA        14255     3.2696
z:AECDH-DES-CBC3-SHA      14216     3.2606
z:AECDH-NULL-SHA          30        0.0069
z:AECDH-RC4-SHA           13277     3.0453
z:DES-CBC-MD5             24072     5.5213
z:DES-CBC-SHA             66848     15.3326
z:ECDHE-RSA-NULL-SHA      36        0.0083
z:EDH-RSA-DES-CBC-SHA     58599     13.4405
z:EXP-ADH-DES-CBC-SHA     435       0.0998
z:EXP-ADH-RC4-MD5         438       0.1005
z:EXP-DES-CBC-SHA         52036     11.9352
z:EXP-EDH-RSA-DES-CBC-SHA 40390     9.264
z:EXP-RC2-CBC-MD5         56308     12.9151
z:NULL-MD5                359       0.0823
z:NULL-SHA                361       0.0828
z:NULL-SHA256             19        0.0044
z:RC2-CBC-MD5             28014     6.4254

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               170342    39.0704
Server side               265645    60.9296

FF 29 selected ciphers        Count    Percent
-----------------------------+---------+------
AES128-SHA                     41722     9.5696
AES256-SHA                     25362     5.8171
CAMELLIA128-SHA                132       0.0303
CAMELLIA256-SHA                45        0.0103
DES-CBC3-SHA                   1046      0.2399
DHE-RSA-AES128-SHA             98725     22.644
DHE-RSA-AES256-SHA             14490     3.3235
DHE-RSA-CAMELLIA128-SHA        34        0.0078
DHE-RSA-CAMELLIA256-SHA        540       0.1239
ECDHE-ECDSA-AES128-GCM-SHA256  28993     6.65
ECDHE-ECDSA-AES128-SHA         33        0.0076
ECDHE-ECDSA-AES256-SHA         1         0.0002
ECDHE-RSA-AES128-GCM-SHA256    115469    26.4845
ECDHE-RSA-AES128-SHA           3024      0.6936
ECDHE-RSA-AES256-SHA           26483     6.0743
ECDHE-RSA-DES-CBC3-SHA         41        0.0094
ECDHE-RSA-RC4-SHA              22083     5.0651
EDH-RSA-DES-CBC3-SHA           234       0.0537
RC4-MD5                        14117     3.2379
RC4-SHA                        43249     9.9198
x:DHE                          114023    26.1528
x:ECDHE                        196127    44.9846
x:kRSA                         125673    28.8249

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1316      0.3018
AECDH                     14284     3.2762
DHE                       211473    48.5044
ECDHE                     234954    53.8901
ECDHE and DHE             88609     20.3238
RSA                       418706    96.0363

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               191816    43.9958  90.7047
DH,1536bits               1         0.0002   0.0005
DH,2048bits               17701     4.06     8.3703
DH,2226bits               1         0.0002   0.0005
DH,2236bits               2         0.0005   0.0009
DH,2430bits               1         0.0002   0.0005
DH,3072bits               9         0.0021   0.0043
DH,3247bits               1         0.0002   0.0005
DH,3248bits               2         0.0005   0.0009
DH,4096bits               1006      0.2307   0.4757
DH,512bits                40546     9.2998   19.1731
DH,768bits                779       0.1787   0.3684
DH,8192bits               1         0.0002   0.0005
ECDH,B-163,163bits        15        0.0034   0.0064
ECDH,B-571,570bits        456       0.1046   0.1941
ECDH,P-224,224bits        6         0.0014   0.0026
ECDH,P-256,256bits        233089    53.4624  99.2062
ECDH,P-384,384bits        675       0.1548   0.2873
ECDH,P-521,521bits        1259      0.2888   0.5358
Prefer DH,1024bits        111225    25.5111  52.5954
Prefer DH,1536bits        1         0.0002   0.0005
Prefer DH,2048bits        1875      0.4301   0.8866
Prefer DH,2236bits        1         0.0002   0.0005
Prefer DH,3072bits        1         0.0002   0.0005
Prefer DH,4096bits        61        0.014    0.0288
Prefer DH,512bits         6         0.0014   0.0028
Prefer DH,768bits         443       0.1016   0.2095
Prefer ECDH,B-163,163bits 15        0.0034   0.0064
Prefer ECDH,B-571,570bits 357       0.0819   0.1519
Prefer ECDH,P-224,224bits 4         0.0009   0.0017
Prefer ECDH,P-256,256bits 183233    42.0272  77.9868
Prefer ECDH,P-384,384bits 616       0.1413   0.2622
Prefer ECDH,P-521,521bits 1191      0.2732   0.5069
Prefer PFS                299029    68.5867  0
Support PFS               357818    82.0708  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
3                         2         0.0005   
3 only                    2         0.0005   
5                         1         0.0002   
5 only                    1         0.0002   
10                        1         0.0002   
10 only                   1         0.0002   
30                        10        0.0023   
30 only                   3         0.0007   
60                        57        0.0131   
60 only                   50        0.0115   
64                        1         0.0002   
100                       17        0.0039   
100 only                  17        0.0039   
120                       14        0.0032   
120 only                  14        0.0032   
128                       2         0.0005   
128 only                  2         0.0005   
180                       27        0.0062   
180 only                  27        0.0062   
240                       3         0.0007   
240 only                  3         0.0007   
300                       168875    38.734   
300 only                  151039    34.643   
360                       1         0.0002   
360 only                  1         0.0002   
400                       1         0.0002   
400 only                  1         0.0002   
420                       22        0.005    
420 only                  13        0.003    
480                       10        0.0023   
480 only                  10        0.0023   
600                       9358      2.1464   
600 only                  9103      2.0879   
900                       289       0.0663   
900 only                  266       0.061    
960                       2         0.0005   
960 only                  2         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      64        0.0147   
1200 only                 61        0.014    
1500                      9         0.0021   
1500 only                 8         0.0018   
1800                      211       0.0484   
1800 only                 204       0.0468   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      1         0.0002   
2400 only                 1         0.0002   
2700                      5         0.0011   
2700 only                 5         0.0011   
3000                      11        0.0025   
3000 only                 11        0.0025   
3600                      296       0.0679   
3600 only                 281       0.0645   
5400                      2         0.0005   
7200                      11402     2.6152   
7200 only                 8697      1.9948   
10800                     15        0.0034   
10800 only                8         0.0018   
14400                     929       0.2131   
14400 only                927       0.2126   
21600                     723       0.1658   
21600 only                722       0.1656   
28800                     8         0.0018   
28800 only                8         0.0018   
36000                     409       0.0938   
36000 only                408       0.0936   
43200                     5170      1.1858   
43200 only                5170      1.1858   
64800                     37708     8.6489   
64800 only                33313     7.6408   
72000                     8         0.0018   
72000 only                8         0.0018   
86000                     27        0.0062   
86000 only                23        0.0053   
86400                     168       0.0385   
86400 only                167       0.0383   
100800                    14357     3.293    
100800 only               17        0.0039   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    11        0.0025   
129600 only               11        0.0025   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    4         0.0009   
864000 only               4         0.0009   
None                      225373    51.6926  
None only                 185753    42.6052  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15401     3.5324   
ecdsa-with-SHA256         20950     4.8052   
sha1WithRSAEncryption     330148    75.7243  
sha256WithRSAEncryption   89341     20.4917  
sha512WithRSAEncryption   1         0.0002   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 29029     6.6582   
ECDSA 384                 2         0.0005   
ECDSA 521                 1         0.0002   
RSA 1024                  1672      0.3835   
RSA 2028                  1         0.0002   
RSA 2047                  2         0.0005   
RSA 2048                  403610    92.5739  
RSA 2049                  1         0.0002   
RSA 2056                  5         0.0011   
RSA 2058                  2         0.0005   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0005
RSA 2084                  8         0.0018
RSA 2345                  1         0.0002
RSA 2408                  2         0.0005
RSA 2432                  11        0.0025
RSA 2536                  1         0.0002
RSA 3050                  1         0.0002
RSA 3072                  61        0.014
RSA 3096                  1         0.0002
RSA 3248                  3         0.0007
RSA 3600                  1         0.0002
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4056                  4         0.0009
RSA 4069                  1         0.0002
RSA 4086                  2         0.0005
RSA 4092                  4         0.0009
RSA 4096                  14038     3.2198
RSA 4098                  2         0.0005
RSA 4192                  1         0.0002
RSA 8192                  5         0.0011
RSA/ECDSA Dual Stack      12472     2.8606

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 60520     13.8811
Unsupported               375467    86.1189

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      44800     10.2755
SSL2 Only                 5536      1.2698
SSL3                      302890    69.4723
SSL3 Only                 2971      0.6814
SSL3 or TLS1 Only         109447    25.1033
TLS1                      426128    97.7387
TLS1 Only                 22838     5.2382
TLS1.1                    270662    62.0803
TLS1.1 Only               25        0.0057
TLS1.1 or up Only         610       0.1399
TLS1.2                    279090    64.0134
TLS1.2 Only               441       0.1011
TLS1.2, 1.0 but not 1.1   12266     2.8134

Detailed trust chain statistics

Statistics from 484280 chains provided by 627529 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  403421    64.2872
incomplete                30809     4.9096
untrusted                 193299    30.8032

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2084      0.4303
3                         460867    95.1654
4                         21301     4.3985
5                         28        0.0058

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 20950     
ECDSA 384                 20950     
RSA 1024                  1362      
RSA 2045                  1         
RSA 2048                  915053    
RSA 4096                  29517     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 20950     4.326
ECDSA 384                 20950     4.326
RSA 1024                  1357      0.2802
RSA 2045                  1         0.0002
RSA 2048                  461970    95.3932
RSA 4096                  29113     6.0116

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              20950     
sha1WithRSAEncryption          377133    
sha256WithRSAEncryption        68752     
sha384WithRSAEncryption        36708     
sha512WithRSAEncryption        10        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        377698    77.9917
112                       85631     17.6821
128                       20951     4.3262

Common Root CAs                               Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 118634    24.497
(157753a5) AddTrust External CA Root          75645     15.6201
(5ad8a5d6) GlobalSign Root CA                 56056     11.5751
(cbf06781) Go Daddy Root Certificate Authorit 34301     7.0829
(2e4eed3c) thawte Primary Root CA             27922     5.7657
(b204d74a) VeriSign Class 3 Public Primary Ce 27262     5.6294
(244b5494) DigiCert High Assurance EV Root CA 23640     4.8815
(eed8c118) COMODO ECC Certification Authority 20947     4.3254
(f081611a) The Go Daddy Group, Inc.           21077     4.3522
(b13cc6df) UTN-USERFirst-Hardware             13019     2.6883
(653b494a) Baltimore CyberTrust Root          11115     2.2952
(40547a79) COMODO Certification Authority     10071     2.0796
(ae8153b9) StartCom Certification Authority   8762      1.8093
(f387163d) Starfield Technologies, Inc.       8273      1.7083

The scan was performed between 13th and 24th of October 2014.

Scan results for September 2014

Ciphers

This time the results are not really different from past month’s ones. About two percent of servers more use SHA-256 signed certificates and 1% more has configuration that allows negotiation of PFS suites.

Small change to reported results: I’ve added “Insecure” entry which counts the number of servers that will use completely insecure cipher suite like single DES, RC2 or export grade ciphers. It doesn’t include the “controversial but not broken” IDEA and SEED ciphers.

SSL/TLS survey of 402742 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      349454    86.7687
3DES Only                 164       0.0407
AES                       374868    93.0789
AES Only                  1017      0.2525
AES-CBC Only              553       0.1373
AES-GCM                   172322    42.7872
AES-GCM Only              7         0.0017
CAMELLIA                  170577    42.3539
CHACHA20                  15137     3.7585
Insecure                  79666     22.9405
RC4                       355750    88.332
RC4 Only                  3845      0.9547
RC4 Preferred             71713     17.8062
RC4 forced in TLS1.1+     50461     12.5294
x:FF 29 RC4 Only          5961      1.4801
x:FF 29 RC4 Preferred     15338     3.8084
x:FF 29 incompatible      165       0.041
y:DHE-RSA-SEED-SHA        75372     18.7147
y:IDEA-CBC-MD5            4020      0.9982
y:IDEA-CBC-SHA            67863     16.8502
y:SEED-SHA                87504     21.7271
z:ADH-AES128-GCM-SHA256   358       0.0889
z:ADH-AES128-SHA          1346      0.3342
z:ADH-AES128-SHA256       333       0.0827
z:ADH-AES256-GCM-SHA384   344       0.0854
z:ADH-AES256-SHA          1349      0.335
z:ADH-AES256-SHA256       336       0.0834
z:ADH-CAMELLIA128-SHA     697       0.1731
z:ADH-CAMELLIA256-SHA     705       0.1751
z:ADH-DES-CBC-SHA         666       0.1654
z:ADH-DES-CBC3-SHA        1395      0.3464
z:ADH-RC4-MD5             1196      0.297
z:ADH-SEED-SHA            433       0.1075
z:AECDH-AES128-SHA        15360     3.8139
z:AECDH-AES256-SHA        15366     3.8153
z:AECDH-DES-CBC3-SHA      15329     3.8062
z:AECDH-NULL-SHA          20        0.005
z:AECDH-RC4-SHA           14410     3.578
z:DES-CBC-MD5             26107     6.4823
z:DES-CBC-SHA             69455     17.2455
z:ECDHE-RSA-NULL-SHA      25        0.0062
z:EDH-RSA-DES-CBC-SHA     61413     15.2487
z:EXP-ADH-DES-CBC-SHA     474       0.1177
z:EXP-ADH-RC4-MD5         476       0.1182
z:EXP-DES-CBC-SHA         54674     13.5754
z:EXP-EDH-RSA-DES-CBC-SHA 42941     10.6622
z:EXP-RC2-CBC-MD5         59213     14.7025
z:NULL-MD5                331       0.0822
z:NULL-SHA                334       0.0829
z:NULL-SHA256             10        0.0025
z:RC2-CBC-MD5             30259     7.5132

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               178562    44.3366
Server side               224180    55.6634

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1459      0.3623
AECDH                     15393     3.822
DHE                       206612    51.3013
ECDHE                     196029    48.6736
ECDHE and DHE             80995     20.1109
RSA                       402219    99.8701

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               189005    46.9295  91.4782
DH,2048bits               15870     3.9405   7.6811
DH,2226bits               2         0.0005   0.001
DH,2430bits               1         0.0002   0.0005
DH,3072bits               5         0.0012   0.0024
DH,3246bits               2         0.0005   0.001
DH,3248bits               1         0.0002   0.0005
DH,4096bits               803       0.1994   0.3887
DH,512bits                43127     10.7083  20.8734
DH,768bits                731       0.1815   0.3538
DH,8192bits               1         0.0002   0.0005
ECDH,B-163,163bits        13        0.0032   0.0066
ECDH,B-571,570bits        405       0.1006   0.2066
ECDH,P-224,224bits        6         0.0015   0.0031
ECDH,P-256,256bits        194476    48.288   99.2078
ECDH,P-384,384bits        453       0.1125   0.2311
ECDH,P-521,521bits        988       0.2453   0.504
Prefer DH,1024bits        113032    28.0656  54.7074
Prefer DH,2048bits        1222      0.3034   0.5914
Prefer DH,3072bits        1         0.0002   0.0005
Prefer DH,4096bits        53        0.0132   0.0257
Prefer DH,512bits         1         0.0002   0.0005
Prefer DH,768bits         92        0.0228   0.0445
Prefer ECDH,B-163,163bits 13        0.0032   0.0066
Prefer ECDH,B-571,570bits 332       0.0824   0.1694
Prefer ECDH,P-224,224bits 4         0.001    0.002
Prefer ECDH,P-256,256bits 144871    35.9712  73.9028
Prefer ECDH,P-384,384bits 379       0.0941   0.1933
Prefer ECDH,P-521,521bits 933       0.2317   0.4759
Prefer PFS                260933    64.7891  0
Support PFS               321646    79.864   0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         2         0.0005   
5 only                    2         0.0005   
30                        8         0.002    
30 only                   2         0.0005   
60                        44        0.0109   
60 only                   38        0.0094   
100                       6         0.0015   
100 only                  6         0.0015   
120                       12        0.003    
120 only                  12        0.003    
128                       3         0.0007   
128 only                  2         0.0005   
180                       26        0.0065   
180 only                  26        0.0065   
240                       1         0.0002   
240 only                  1         0.0002   
300                       162695    40.3968  
300 only                  143072    35.5245  
420                       20        0.005    
420 only                  11        0.0027   
480                       8         0.002    
480 only                  8         0.002    
600                       7769      1.929    
600 only                  7515      1.866    
900                       243       0.0603   
900 only                  223       0.0554   
960                       3         0.0007   
960 only                  3         0.0007   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      57        0.0142   
1200 only                 55        0.0137   
1500                      8         0.002    
1500 only                 7         0.0017   
1800                      171       0.0425   
1800 only                 158       0.0392   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      1         0.0002   
2400 only                 1         0.0002   
2700                      5         0.0012   
2700 only                 5         0.0012   
3000                      4         0.001    
3000 only                 3         0.0007   
3600                      234       0.0581   
3600 only                 221       0.0549   
4500                      1         0.0002   
4500 only                 1         0.0002   
5400                      1         0.0002   
6000                      2         0.0005   
6000 only                 2         0.0005   
7200                      10762     2.6722   
7200 only                 8269      2.0532   
10800                     11        0.0027   
10800 only                6         0.0015   
14400                     813       0.2019   
14400 only                809       0.2009   
21600                     580       0.144    
21600 only                580       0.144    
28800                     14        0.0035   
28800 only                14        0.0035   
36000                     399       0.0991   
36000 only                397       0.0986   
43200                     5617      1.3947   
43200 only                5615      1.3942   
64800                     10296     2.5565   
64800 only                10285     2.5537   
72000                     7         0.0017   
72000 only                7         0.0017   
86000                     29        0.0072   
86000 only                27        0.0067   
86400                     105       0.0261   
86400 only                104       0.0258   
100800                    14914     3.7031   
100800 only               16        0.004    
129600                    5         0.0012   
129600 only               5         0.0012   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      225221    55.9219  
None only                 187861    46.6455  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      16643     4.1324   
ecdsa-with-SHA256         4         0.001    
sha1WithRSAEncryption     335932    83.4112  
sha256WithRSAEncryption   66851     16.599   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8237      2.0452   
ECDSA 384                 1         0.0002   
RSA 1024                  1763      0.4377   
RSA 2028                  1         0.0002   
RSA 2047                  2         0.0005   
RSA 2048                  386945    96.0776  
RSA 2049                  1         0.0002   
RSA 2056                  6         0.0015   
RSA 2058                  2         0.0005   
RSA 2060                  1         0.0002   
RSA 2064                  2         0.0005   
RSA 2080                  2         0.0005   
RSA 2084                  7         0.0017
RSA 2345                  1         0.0002
RSA 2408                  3         0.0007
RSA 2432                  12        0.003
RSA 2536                  1         0.0002
RSA 2612                  1         0.0002
RSA 3072                  38        0.0094
RSA 3096                  1         0.0002
RSA 3248                  2         0.0005
RSA 3600                  1         0.0002
RSA 4042                  1         0.0002
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0002
RSA 4092                  2         0.0005
RSA 4096                  13950     3.4638
RSA 4098                  3         0.0007
RSA 4192                  1         0.0002
RSA 8192                  3         0.0007
RSA/ECDSA Dual Stack      8234      2.0445

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 44490     11.0468
Unsupported               358252    88.9532

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      47267     11.7363
SSL2 Only                 5715      1.419
SSL3                      385853    95.8065
SSL3 Only                 3108      0.7717
SSL3 or TLS1 Only         113041    28.0678
TLS1                      393018    97.5856
TLS1 Only                 2663      0.6612
TLS1.1                    229677    57.0283
TLS1.1 Only               4         0.001
TLS1.1 or up Only         101       0.0251
TLS1.2                    239781    59.5371
TLS1.2 Only               46        0.0114
TLS1.2, 1.0 but not 1.1   14607     3.6269

Scan performed between 10th and 18th of September 2014.

Certificates

Number of servers that use 1024 bit RSA have fallen by 200. At the same time about 2% servers more have 112 bit security level of their certificate chain.

Statistics from 447622 chains provided by 593860 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  369705    62.2546
incomplete                29348     4.9419
untrusted                 194807    32.8035

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2255      0.5038
3                         433123    96.7609
4                         12223     2.7307
5                         21        0.0047

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 4         
ECDSA 384                 4         
RSA 1024                  1516      
RSA 2045                  1         
RSA 2048                  883076    
RSA 4096                  20653     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 4         0.0009
ECDSA 384                 4         0.0009
RSA 1024                  1506      0.3364
RSA 2045                  1         0.0002
RSA 2048                  446153    99.6718
RSA 4096                  20317     4.5389

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              4         
sha1WithRSAEncryption          383519    
sha256WithRSAEncryption        55325     
sha384WithRSAEncryption        18784     

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        384294    85.8523
112                       63324     14.1468
128.0                     4         0.0009

Most common root CAs                          Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 118018    26.3655
(157753a5) AddTrust External CA Root          71841     16.0495
(5ad8a5d6) GlobalSign Root CA                 45383     10.1387
(cbf06781) Go Daddy Root Certificate Authorit 31016     6.9291
(2e4eed3c) thawte Primary Root CA             27902     6.2334
(b204d74a) VeriSign Class 3 Public Primary Ce 26452     5.9095
(f081611a) The Go Daddy Group, Inc.           24930     5.5694
(244b5494) DigiCert High Assurance EV Root CA 22937     5.1242
(b13cc6df) UTN-USERFirst-Hardware             12647     2.8254
(40547a79) COMODO Certification Authority     11095     2.4787
(653b494a) Baltimore CyberTrust Root          10622     2.373
(ae8153b9) StartCom Certification Authority   9143      2.0426
(f387163d) Starfield Technologies, Inc.       8283      1.8504
(480720ec) GeoTrust Primary Certification Aut 4545      1.0154

August 2014 scan results

This month the changes are not significant.

The most important change is related to signatures in certificates, 2% more servers use SHA-256.

The amount of servers that require RC4 haven’t dropped as significantly as in previous months, it’s still just below 1% in general and effectively at above 1.5% for Firefox.

About 2% more servers use server side cipher ordering. Unfortunately, amount of servers that use anonymous ECDH key exchange is still growing, this month by 0.3%. Significant amount of servers still use the less than optimal 1024 bit DH – now at 29%.

While used hash algorithms for certificates have changed, the key sizes did not, the most popular key size, at 96% is 2048 bit RSA.

Supported protocol versions have seen small changes – SSLv2 support has fallen by around 2%, SSLv3 and TLSv1 haven’t changed by much, but started to drop, TLSv1.2 has grown by 1%.

SSL/TLS survey of 397695 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      345059    86.7647
3DES Only                 209       0.0526
AES                       369030    92.7922
AES Only                  1951      0.4906
AES-CBC Only              1030      0.259
AES-GCM                   162425    40.8416
AES-GCM Only              41        0.0103
CAMELLIA                  164197    41.2872
CAMELLIA Only             4         0.001
CHACHA20                  14719     3.7011
CHACHA20 Only             6         0.0015
RC4                       350479    88.1276
RC4 Only                  3807      0.9573
RC4 Preferred             74692     18.7812
RC4 forced in TLS1.1+     51533     12.9579
x:FF 29 RC4 Only          6327      1.5909
x:FF 29 RC4 Preferred     16784     4.2203
x:FF 29 incompatible      301       0.0757
z:ADH-AES128-GCM-SHA256   348       0.0875
z:ADH-AES128-SHA          1444      0.3631
z:ADH-AES128-SHA256       324       0.0815
z:ADH-AES256-GCM-SHA384   335       0.0842
z:ADH-AES256-SHA          1447      0.3638
z:ADH-AES256-SHA256       328       0.0825
z:ADH-CAMELLIA128-SHA     692       0.174
z:ADH-CAMELLIA256-SHA     699       0.1758
z:ADH-DES-CBC-SHA         699       0.1758
z:ADH-DES-CBC3-SHA        1490      0.3747
z:ADH-RC4-MD5             1297      0.3261
z:ADH-SEED-SHA            514       0.1292
z:AECDH-AES128-SHA        14496     3.645
z:AECDH-AES256-SHA        14533     3.6543
z:AECDH-DES-CBC3-SHA      14471     3.6387
z:AECDH-NULL-SHA          22        0.0055
z:AECDH-RC4-SHA           13603     3.4205
z:DES-CBC-MD5             26778     6.7333
z:DES-CBC-SHA             69202     17.4008
z:DHE-RSA-SEED-SHA        70054     17.615
z:ECDHE-RSA-NULL-SHA      25        0.0063
z:EDH-RSA-DES-CBC-SHA     60963     15.3291
z:EXP-ADH-DES-CBC-SHA     489       0.123
z:EXP-ADH-RC4-MD5         493       0.124
z:EXP-DES-CBC-SHA         54942     13.8151
z:EXP-EDH-RSA-DES-CBC-SHA 43030     10.8198
z:EXP-RC2-CBC-MD5         59737     15.0208
z:IDEA-CBC-MD5            4021      1.0111
z:IDEA-CBC-SHA            64231     16.1508
z:NULL-MD5                353       0.0888
z:NULL-SHA                351       0.0883
z:NULL-SHA256             7         0.0018
z:RC2-CBC-MD5             30955     7.7836
z:SEED-SHA                83118     20.8999

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               177721    44.6878
Server side               219974    55.3122

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1555      0.391
AECDH                     14564     3.6621
DHE                       202555    50.9322
ECDHE                     184261    46.3322
ECDHE and DHE             73679     18.5265
RSA                       396177    99.6183

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               186744    46.9566  92.1942
DH,2048bits               14169     3.5628   6.9951
DH,2226bits               2         0.0005   0.001
DH,3072bits               4         0.001    0.002
DH,3242bits               1         0.0003   0.0005
DH,3248bits               2         0.0005   0.001
DH,4096bits               703       0.1768   0.3471
DH,512bits                43198     10.8621  21.3266
DH,768bits                759       0.1908   0.3747
DH,8192bits               2         0.0005   0.001
ECDH,B-163,163bits        13        0.0033   0.0071
ECDH,B-571,570bits        398       0.1001   0.216
ECDH,P-224,224bits        4         0.001    0.0022
ECDH,P-256,256bits        182896    45.989   99.2592
ECDH,P-384,384bits        232       0.0583   0.1259
ECDH,P-521,521bits        821       0.2064   0.4456
Prefer DH,1024bits        115759    29.1075  57.1494
Prefer DH,2048bits        1154      0.2902   0.5697
Prefer DH,4096bits        50        0.0126   0.0247
Prefer DH,512bits         2         0.0005   0.001
Prefer DH,768bits         87        0.0219   0.043
Prefer ECDH,B-163,163bits 13        0.0033   0.0071
Prefer ECDH,B-571,570bits 318       0.08     0.1726
Prefer ECDH,P-224,224bits 1         0.0003   0.0005
Prefer ECDH,P-256,256bits 134334    33.7781  72.9042
Prefer ECDH,P-384,384bits 157       0.0395   0.0852
Prefer ECDH,P-521,521bits 749       0.1883   0.4065
Prefer PFS                252624    63.522   0
Support PFS               313137    78.738   0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         1         0.0003   
5 only                    1         0.0003   
10                        3         0.0008   
10 only                   1         0.0003   
30                        2         0.0005   
30 only                   2         0.0005   
42                        1         0.0003   
60                        46        0.0116   
60 only                   41        0.0103   
100                       4         0.001    
100 only                  4         0.001    
120                       10        0.0025   
120 only                  10        0.0025   
128                       4         0.001    
128 only                  4         0.001    
180                       29        0.0073   
180 only                  29        0.0073   
240                       4         0.001    
240 only                  4         0.001    
300                       155200    39.0249  
300 only                  135627    34.1033  
420                       19        0.0048   
420 only                  10        0.0025   
480                       6         0.0015   
480 only                  6         0.0015   
600                       6888      1.732    
600 only                  6597      1.6588   
900                       216       0.0543   
900 only                  190       0.0478   
960                       2         0.0005   
960 only                  2         0.0005   
1200                      60        0.0151   
1200 only                 57        0.0143   
1500                      9         0.0023   
1500 only                 8         0.002    
1800                      123       0.0309   
1800 only                 120       0.0302   
2100                      1         0.0003   
2100 only                 1         0.0003   
2400                      1         0.0003   
2400 only                 1         0.0003   
2700                      2         0.0005   
2700 only                 2         0.0005   
3000                      5         0.0013   
3000 only                 4         0.001    
3600                      234       0.0588   
3600 only                 227       0.0571   
5400                      2         0.0005   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10748     2.7026   
7200 only                 8222      2.0674   
10800                     11        0.0028   
10800 only                6         0.0015   
14400                     722       0.1815   
14400 only                716       0.18     
18000                     1         0.0003   
21600                     26        0.0065   
21600 only                26        0.0065   
28800                     3         0.0008   
28800 only                3         0.0008   
30720                     1         0.0003   
30720 only                1         0.0003   
36000                     402       0.1011   
36000 only                399       0.1003   
43200                     6311      1.5869   
43200 only                6224      1.565    
64800                     9640      2.424    
64800 only                9602      2.4144   
86000                     32        0.008    
86000 only                29        0.0073   
86400                     92        0.0231   
86400 only                85        0.0214   
100800                    14758     3.7109   
100800 only               57        0.0143   
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    7         0.0018   
129600 only               6         0.0015   
604800                    1         0.0003   
604800 only               1         0.0003   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      229357    57.6716  
None only                 192066    48.2948  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15912     4.0011   
ecdsa-with-SHA256         3         0.0008   
sha1WithRSAEncryption     338957    85.2304  
sha256WithRSAEncryption   58772     14.7782  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8235      2.0707   
ECDSA 384                 1         0.0003   
RSA 1024                  1880      0.4727   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0005   
RSA 2048                  381923    96.0341  
RSA 2056                  5         0.0013   
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003
RSA 2080                  2         0.0005
RSA 2084                  5         0.0013
RSA 2408                  3         0.0008
RSA 2432                  28        0.007
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  37        0.0093
RSA 3096                  1         0.0003
RSA 3248                  4         0.001
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0003
RSA 4092                  2         0.0005
RSA 4096                  13721     3.4501
RSA 4098                  3         0.0008
RSA 4192                  1         0.0003
RSA 8192                  6         0.0015
RSA 16384                 1         0.0003   
RSA/ECDSA Dual Stack      8153      2.0501

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 41610     10.4628
Unsupported               356085    89.5372

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      48288     12.142
SSL2 Only                 6029      1.516
SSL3                      379667    95.4669
SSL3 Only                 4125      1.0372
SSL3 or TLS1 Only         117512    29.5483
TLS1                      385363    96.8991
TLS1 Only                 3015      0.7581
TLS1.1                    218025    54.8222
TLS1.1 Only               37        0.0093
TLS1.1 or up Only         709       0.1783
TLS1.2                    229097    57.6062
TLS1.2 Only               374       0.094
TLS1.2, 1.0 but not 1.1   15264     3.8381

Scan performed between 8th and 19th of August 2014.

CA certificates

No big changes here either, about 2% of servers more now have effective security level of 112 bit.
We’ve yet to see the effects of the recent changes in Mozilla trust store.

Statistics from 443385 chains provided by 585568 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  365544    62.4255
incomplete                29700     5.072
untrusted                 190324    32.5025

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2394      0.5399
3                         431592    97.3402
4                         9378      2.1151
5                         21        0.0047

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 3         
ECDSA 384                 3         
RSA 1024                  1733      
RSA 2045                  1         
RSA 2048                  874329    
RSA 4096                  17727     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 3         0.0007
ECDSA 384                 3         0.0007
RSA 1024                  1723      0.3886
RSA 2045                  1         0.0002
RSA 2048                  441708    99.6218
RSA 4096                  17345     3.912

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              3         
sha1WithRSAEncryption          387560    
sha256WithRSAEncryption        50026     
sha384WithRSAEncryption        12822     

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        388390    87.5966
112                       54992     12.4028
128                       3         0.0007

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 115908    26.1416
(157753a5) AddTrust External CA Root          69723     15.7252
(5ad8a5d6) GlobalSign Root CA                 44630     10.0657
(2e4eed3c) thawte Primary Root CA             29574     6.67
(cbf06781) Go Daddy Root Certificate Authorit 28151     6.3491
(f081611a) The Go Daddy Group, Inc.           26956     6.0796
(b204d74a) VeriSign Class 3 Public Primary Ce 26596     5.9984
(244b5494) DigiCert High Assurance EV Root CA 22613     5.1001
(b13cc6df) UTN-USERFirst-Hardware             12983     2.9282
(40547a79) COMODO Certification Authority     11362     2.5626
(653b494a) Baltimore CyberTrust Root          10593     2.3891
(ae8153b9) StartCom Certification Authority   9134      2.0601
(f387163d) Starfield Technologies, Inc.       7934      1.7894

Cleanup of 1024-bit CA certificates

Mozilla is working towards removal of all 1024 bit CA certificates in their trust store. That means that if you depend on root CA or intermediate CA that has those weak RSA keys, your website or server may stop working in near future.

The first batch of changes will affect Firefox 32 users and Fedora 20 (after updating to ca-certificates-2014.2.1-1.0.fc20).

Go to kuix.de for more information, how to tell if you’ll be affected (without using Qualys SSL Labs scanner) and what to do if you are.

July 2014 scan results

This month’s scan results are a bit later than previous ones, this was caused by me working on code to compile statistics of the certificates used by Certificate Authorities (see further below for results of this part of the scan). The state of TLS and crypto in general in python didn’t help much, but that’s a topic for another post, for now I can direct you to the very good presentation by Hynek Schlawack: The Sorry State Of SSL (the python specific part is towards the end).

Ciphersuites

All in all, the results haven’t changed much. We can see the continuation of the downward trend for RC4 Only servers, the unfortunate upwards trend of servers that prefer RC4 but support other ciphers and the very good trend of SHA256 certificate signatures.

The new addition are the “x:FF 29” lines that account for situations for which Firefox cipher selection (advertised support) causes it to negotiate different cipher suites than OpenSSL would negotiate. In other words, for Firefox, the percent of servers that are RC4 only is around 2.6% and servers which prefer RC4 but support other ciphers is at around 21.8%.

It also looks like many people that update their servers/OpenSSL, don’t update their cipher strings, which makes servers that used “!ADH” in cipher string negotiate AECDH cipher suites (to prevent it from them doing that, you should use “!aNULL” which will disable all anonymous cipher suites, present and future, head over to Mozilla guide for more details). The amount of them has grown from 2.9% to 3.3%.

Amount of servers that support PFS haven’t changed, as well as the PFS mechanisms they support.

We also see continuation of the trend of SHA256 signatures in certificates, it has grown from 11.9% to 12.7%.

Used key sizes haven’t changed much.

Surprisingly the amount of servers that support OCSP stapling has dramatically decreased, from 14.9% to 10.1%. I have no explanation for that.

The percentage of servers that support only SSL3 or TLS1 has dropped from 41.5% to 30%, but this is likely caused by the reintroduction of proper SSLv2 fingerprinting rather than changed configurations as the amount of servers that support TLS1.1 or TLS1.2 haven’t changed to match. Previous months’ low percentage of SSLv2 servers was caused by a bug in scanning script that made it impossible to correctly detect most SSLv2 sites.

SSL/TLS survey of 393337 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      344071    87.4749
3DES Only                 152       0.0386
AES                       364726    92.7261
AES Only                  879       0.2235
AES-CBC Only              510       0.1297
AES-GCM                   156262    39.7273
AES-GCM Only              6         0.0015
CAMELLIA                  161308    41.0101
CHACHA20                  15543     3.9516
RC4                       350784    89.1815
RC4 Only                  3734      0.9493
RC4 Preferred             69540     17.6795
RC4 forced in TLS1.1+     45989     11.692
x:FF 29 RC4 Only          6429      1.6345
x:FF 29 RC4 Preferred     16265     4.1351
x:FF 29 incompatible      103       0.0262
z:ADH-AES128-GCM-SHA256   351       0.0892
z:ADH-AES128-SHA          1439      0.3658
z:ADH-AES128-SHA256       325       0.0826
z:ADH-AES256-GCM-SHA384   337       0.0857
z:ADH-AES256-SHA          1445      0.3674
z:ADH-AES256-SHA256       330       0.0839
z:ADH-CAMELLIA128-SHA     722       0.1836
z:ADH-CAMELLIA256-SHA     733       0.1864
z:ADH-DES-CBC-SHA         723       0.1838
z:ADH-DES-CBC3-SHA        1496      0.3803
z:ADH-RC4-MD5             1326      0.3371
z:ADH-SEED-SHA            587       0.1492
z:AECDH-AES128-SHA        13159     3.3455
z:AECDH-AES256-SHA        13161     3.346
z:AECDH-DES-CBC3-SHA      13122     3.3361
z:AECDH-NULL-SHA          14        0.0036
z:AECDH-RC4-SHA           12264     3.1179
z:DES-CBC-MD5             27892     7.0911
z:DES-CBC-SHA             76809     19.5275
z:DHE-RSA-SEED-SHA        68828     17.4985
z:ECDHE-RSA-NULL-SHA      17        0.0043
z:EDH-RSA-DES-CBC-SHA     61870     15.7295
z:EXP-ADH-DES-CBC-SHA     469       0.1192
z:EXP-ADH-RC4-MD5         473       0.1203
z:EXP-DES-CBC-SHA         62566     15.9065
z:EXP-EDH-RSA-DES-CBC-SHA 44087     11.2085
z:EXP-RC2-CBC-MD5         67561     17.1764
z:IDEA-CBC-MD5            10575     2.6885
z:IDEA-CBC-SHA            70335     17.8816
z:NULL-MD5                339       0.0862
z:NULL-SHA                337       0.0857
z:NULL-SHA256             6         0.0015
z:RC2-CBC-MD5             38543     9.799
z:SEED-SHA                83026     21.1081

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               183896    46.7528
Server side               209441    53.2472

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1562      0.3971
AECDH                     13188     3.3529
DHE                       198612    50.4941
ECDH                      1         0.0003
ECDHE                     175607    44.6454
ECDHE and DHE             67049     17.0462
RSA                       393014    99.9179

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               183927    46.7607  92.6062
DH,2048bits               13134     3.3391   6.6129
DH,2226bits               2         0.0005   0.001
DH,3072bits               4         0.001    0.002
DH,3248bits               4         0.001    0.002
DH,4096bits               620       0.1576   0.3122
DH,512bits                44238     11.2468  22.2736
DH,768bits                771       0.196    0.3882
DH,8192bits               1         0.0003   0.0005
ECDH,B-163,163bits        16        0.0041   0.0091
ECDH,B-571,570bits        392       0.0997   0.2232
ECDH,P-224,224bits        4         0.001    0.0023
ECDH,P-256,256bits        174312    44.3162  99.2626
ECDH,P-384,384bits        207       0.0526   0.1179
ECDH,P-521,521bits        764       0.1942   0.4351
Prefer DH,1024bits        117558    29.8873  59.1898
Prefer DH,2048bits        1721      0.4375   0.8665
Prefer DH,4096bits        54        0.0137   0.0272
Prefer DH,512bits         2         0.0005   0.001
Prefer DH,768bits         87        0.0221   0.0438
Prefer ECDH,B-163,163bits 16        0.0041   0.0091
Prefer ECDH,B-571,570bits 304       0.0773   0.1731
Prefer ECDH,P-224,224bits 1         0.0003   0.0006
Prefer ECDH,P-256,256bits 126826    32.2436  72.2215
Prefer ECDH,P-384,384bits 135       0.0343   0.0769
Prefer ECDH,P-521,521bits 699       0.1777   0.398
Prefer PFS                247403    62.8985  0
Support PFS               307170    78.0933  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         2         0.0005   
5 only                    2         0.0005   
10                        2         0.0005   
30                        1         0.0003   
30 only                   1         0.0003   
60                        15        0.0038   
60 only                   10        0.0025   
120                       7         0.0018   
120 only                  6         0.0015   
128                       5         0.0013   
128 only                  5         0.0013   
180                       24        0.0061   
180 only                  24        0.0061   
240                       7         0.0018   
240 only                  7         0.0018   
300                       145958    37.1076  
300 only                  127245    32.3501  
420                       12        0.0031   
420 only                  10        0.0025   
480                       6         0.0015   
480 only                  6         0.0015   
600                       6491      1.6502   
600 only                  6280      1.5966   
900                       188       0.0478   
900 only                  158       0.0402   
960                       2         0.0005   
960 only                  2         0.0005   
1200                      54        0.0137   
1200 only                 52        0.0132   
1500                      12        0.0031   
1500 only                 11        0.0028   
1800                      121       0.0308   
1800 only                 116       0.0295   
2400                      1         0.0003   
2400 only                 1         0.0003   
2700                      1         0.0003   
2700 only                 1         0.0003   
3000                      5         0.0013   
3000 only                 4         0.001    
3600                      239       0.0608   
3600 only                 235       0.0597   
5400                      2         0.0005   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10678     2.7147   
7200 only                 1678      0.4266   
10800                     7         0.0018   
10800 only                3         0.0008   
14400                     650       0.1653   
14400 only                650       0.1653   
18000                     1         0.0003   
18000 only                1         0.0003   
21600                     27        0.0069   
21600 only                27        0.0069   
28800                     5         0.0013   
28800 only                5         0.0013   
30720                     1         0.0003   
30720 only                1         0.0003   
36000                     477       0.1213   
36000 only                477       0.1213   
43200                     6420      1.6322   
43200 only                6420      1.6322   
64800                     9211      2.3418   
64800 only                9208      2.341    
86000                     28        0.0071   
86000 only                26        0.0066   
86400                     4228      1.0749   
86400 only                4223      1.0736   
100800                    15552     3.9539   
100800 only               11        0.0028   
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    7         0.0018   
129600 only               7         0.0018   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      236414    60.1047  
None only                 192884    49.0378  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      14656     3.7261   
sha1WithRSAEncryption     343217    87.2577  
sha256WithRSAEncryption   50153     12.7506  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8717      2.2162   
RSA 1024                  1894      0.4815   
RSA 2028                  1         0.0003   
RSA 2047                  1         0.0003   
RSA 2048                  377818    96.0545  
RSA 2049                  1         0.0003   
RSA 2056                  5         0.0013   
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003
RSA 2080                  2         0.0005
RSA 2084                  5         0.0013
RSA 2408                  3         0.0008
RSA 2432                  48        0.0122
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  40        0.0102
RSA 3120                  1         0.0003
RSA 3248                  3         0.0008
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0003
RSA 4092                  2         0.0005
RSA 4096                  13502     3.4327
RSA 4098                  3         0.0008
RSA 4192                  1         0.0003
RSA 8192                  5         0.0013
RSA 16384                 1         0.0003   
RSA/ECDSA Dual Stack      8714      2.2154

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 39893     10.1422
Unsupported               353444    89.8578

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      56197     14.2872
SSL2 Only                 6140      1.561
SSL3                      377423    95.9541
SSL3 Only                 3710      0.9432
SSL3 or TLS1 Only         118014    30.0033
TLS1                      382682    97.2911
TLS1 Only                 2707      0.6882
TLS1.1                    212833    54.1096
TLS1.1 Only               7         0.0018
TLS1.1 or up Only         74        0.0188
TLS1.2                    223413    56.7994
TLS1.2 Only               34        0.0086
TLS1.2, 1.0 but not 1.1   14809     3.765

Survey was conducted between 11th and 19th of July 2014.

Certificate Authorities

The new addition to the data collected, were the certificates provided by the servers.

It looks like around 5% of Internet facing www servers have misconfigured certificate chains: they don’t provide the intermediate CA certificates that signed their certificate. Fortunately, because we now have collected them from other servers, we can try to validate them again using those additional certificates.

The bad news is that many CA certificates still use 1024 bit RSA keys (I’ve seen them in 1776 chains presented by servers, or 0.4% of all valid chains), including few root CAs in active use. The worse news is that the vast majority of chains still depend on SHA1 signatures, including the chains that use 4096 bit CA keys.

In effect, about 90% of trust chains still provide at most 80 bit level of security (SHA-1 or 1024 bit RSA key being the weakest link) and just 10% of servers present chains with 112 bit level of security (2048 bit RSA key being the weakest link). There were only 2 chains (out of 450 000) that reached the current best practice level of 128 bit level of security (SHA 256, ECDSA 256 bit or RSA 3072+ bits).

Also, the market share of CAs is quite diverse, the most dominant root CA was used in 26% of all chains collected.

Statistics from 445095 chains provided by 582719 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  359484    61.6908
incomplete                29543     5.0699
untrusted                 193692    33.2393

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2414      0.5423
3                         434366    97.5895
4                         8292      1.863
5                         23        0.0052

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 2
ECDSA 384                 2
RSA 1024                  1788
RSA 2045                  1
RSA 2048                  877819
RSA 4096                  16502

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 2         0.0004
ECDSA 384                 2         0.0004
RSA 1024                  1776      0.399
RSA 2045                  1         0.0002
RSA 2048                  443399    99.619
RSA 4096                  16134     3.6248

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              2
sha1WithRSAEncryption          397615
sha256WithRSAEncryption        42654
sha384WithRSAEncryption        10748

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        398413    89.5119
112                       46680     10.4876
128                       2         0.0004

Most common root CAs                          Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 119586    26.8675
(157753a5) AddTrust External CA Root          68556     15.4026
(5ad8a5d6) GlobalSign Root CA                 44275     9.9473
(2e4eed3c) thawte Primary Root CA             29162     6.5519
(f081611a) The Go Daddy Group, Inc.           28250     6.347
(cbf06781) Go Daddy Root Certificate Authorit 26503     5.9545
(b204d74a) VeriSign Class 3 Public Primary Ce 26474     5.9479
(244b5494) DigiCert High Assurance EV Root CA 18086     4.0634
(653b494a) Baltimore CyberTrust Root          16986     3.8163
(b13cc6df) UTN-USERFirst-Hardware             13183     2.9618
(40547a79) COMODO Certification Authority     10947     2.4595
(ae8153b9) StartCom Certification Authority   9048      2.0328
(f387163d) Starfield Technologies, Inc.       7516      1.6886