January 2016 scan results

Another month, no exciting changes.

SSL/TLS survey of 541489 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      477135    88.1154
3DES Only                 523       0.0966
3DES Preferred            1744      0.3221
3DES forced in TLS1.1+    945       0.1745
AES                       535585    98.9097
AES Only                  34994     6.4626
AES-CBC                   534935    98.7896
AES-CBC Only              9110      1.6824
AES-GCM                   422759    78.0734
AES-GCM Only              589       0.1088
CAMELLIA                  228296    42.1608
CAMELLIA Only             2         0.0004
CHACHA20                  72561     13.4003
CHACHA20 Only             1         0.0002
Insecure                  56630     10.4582
RC4                       178913    33.0409
RC4 Only                  577       0.1066
RC4 Preferred             18219     3.3646
RC4 forced in TLS1.1+     9446      1.7444
x:FF 29 3DES Only         574       0.106
x:FF 29 3DES Preferred    2103      0.3884
x:FF 29 RC4 Only          771       0.1424
x:FF 29 RC4 Preferred     20172     3.7253
x:FF 29 incompatible      395       0.0729
x:FF 35 3DES Only         582       0.1075
x:FF 35 3DES Preferred    2009      0.371
x:FF 35 RC4 Only          937       0.173
x:FF 35 RC4 Preferred     20230     3.736
x:FF 35 incompatible      398       0.0735
y:DHE-RSA-SEED-SHA        66504     12.2817
y:IDEA-CBC-SHA            63061     11.6459
y:SEED-SHA                78410     14.4804
z:ADH-AES128-GCM-SHA256   397       0.0733
z:ADH-AES128-SHA          714       0.1319
z:ADH-AES128-SHA256       269       0.0497
z:ADH-AES256-GCM-SHA384   413       0.0763
z:ADH-AES256-SHA          723       0.1335
z:ADH-AES256-SHA256       271       0.05
z:ADH-CAMELLIA128-SHA     358       0.0661
z:ADH-CAMELLIA256-SHA     366       0.0676
z:ADH-DES-CBC-SHA         298       0.055
z:ADH-DES-CBC3-SHA        722       0.1333
z:ADH-RC4-MD5             560       0.1034
z:ADH-SEED-SHA            286       0.0528
z:AECDH-AES128-SHA        9282      1.7142
z:AECDH-AES256-SHA        9332      1.7234
z:AECDH-DES-CBC3-SHA      9248      1.7079
z:AECDH-NULL-SHA          61        0.0113
z:AECDH-RC4-SHA           8710      1.6085
z:DES-CBC-MD5             10050     1.856
z:DES-CBC-SHA             35379     6.5337
z:DES-CBC3-MD5            21189     3.9131
z:ECDHE-RSA-NULL-SHA      67        0.0124
z:EDH-RSA-DES-CBC-SHA     30295     5.5948
z:EXP-ADH-DES-CBC-SHA     192       0.0355
z:EXP-ADH-RC4-MD5         189       0.0349
z:EXP-DES-CBC-SHA         13046     2.4093
z:EXP-EDH-RSA-DES-CBC-SHA 10364     1.914
z:EXP-RC2-CBC-MD5         15781     2.9144
z:EXP-RC4-MD5             16506     3.0483
z:EXP1024-DES-CBC-SHA     4104      0.7579
z:EXP1024-RC4-SHA         4194      0.7745
z:IDEA-CBC-MD5            2095      0.3869
z:NULL-MD5                211       0.039
z:NULL-SHA                210       0.0388
z:NULL-SHA256             30        0.0055
z:RC2-CBC-MD5             10224     1.8881
z:RC4-64-MD5              892       0.1647

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               133145    24.5887
Server side               408344    75.4113

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       874       0.1614
AECDH                     9353      1.7273
DHE                       292291    53.9791
ECDH                      2         0.0004
ECDHE                     448914    82.9036
ECDHE and DHE             235557    43.5017
RSA                       475602    87.8323

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               152465    28.1566  52.1621
DH,1338bits               1         0.0002   0.0003
DH,1536bits               1         0.0002   0.0003
DH,2048bits               131006    24.1937  44.8204
DH,2236bits               13        0.0024   0.0044
DH,2432bits               2         0.0004   0.0007
DH,2560bits               1         0.0002   0.0003
DH,3072bits               93        0.0172   0.0318
DH,3092bits               1         0.0002   0.0003
DH,4096bits               8605      1.5891   2.944
DH,4098bits               1         0.0002   0.0003
DH,512bits                50        0.0092   0.0171
DH,768bits                395       0.0729   0.1351
DH,8192bits               2         0.0004   0.0007
ECDH,B-571,570bits        1771      0.3271   0.3945
ECDH,K-163,163bits        1         0.0002   0.0002
ECDH,P-192,192bits        15        0.0028   0.0033
ECDH,P-224,224bits        84        0.0155   0.0187
ECDH,P-256,256bits        433613    80.0779  96.5916
ECDH,P-384,384bits        4499      0.8309   1.0022
ECDH,P-521,521bits        10705     1.977    2.3846
Prefer DH,1024bits        53883     9.9509   18.4347
Prefer DH,1536bits        1         0.0002   0.0003
Prefer DH,2048bits        6107      1.1278   2.0894
Prefer DH,3072bits        9         0.0017   0.0031
Prefer DH,4096bits        375       0.0693   0.1283
Prefer DH,768bits         52        0.0096   0.0178
Prefer ECDH,B-571,570bits 1556      0.2874   0.3466
Prefer ECDH,K-163,163bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 81        0.015    0.018
Prefer ECDH,P-256,256bits 396887    73.2955  88.4105
Prefer ECDH,P-384,384bits 3290      0.6076   0.7329
Prefer ECDH,P-521,521bits 9642      1.7806   2.1479
Prefer PFS                471884    87.1456  0
Support PFS               505648    93.381   0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           2578      0.4761   
brainpoolP384r1           2579      0.4763   
brainpoolP512r1           2580      0.4765   
prime192v1                1446      0.267    
prime256v1                445477    82.2689  
prime256v1 Only           388604    71.7658  
secp160k1                 1397      0.258    
secp160r1                 1402      0.2589   
secp160r2                 1396      0.2578   
secp192k1                 1410      0.2604   
secp224k1                 1487      0.2746   
secp224r1                 4270      0.7886   
secp224r1 Only            1         0.0002   
secp256k1                 4033      0.7448   
secp384r1                 57392     10.5989  
secp384r1 Only            554       0.1023   
secp521r1                 26343     4.8649   
secp521r1 Only            142       0.0262   
sect163k1                 1402      0.2589   
sect163k1 Only            2         0.0004   
sect163r1                 1400      0.2585   
sect163r2                 1400      0.2585   
sect193r1                 1399      0.2584   
sect193r2                 1399      0.2584   
sect233k1                 1480      0.2733   
sect233r1                 1480      0.2733   
sect239k1                 1480      0.2733   
sect283k1                 3926      0.725    
sect283k1 Only            1         0.0002   
sect283r1                 3925      0.7249   
sect409k1                 3924      0.7247   
sect409r1                 3923      0.7245   
sect571k1                 3928      0.7254   
sect571r1                 3929      0.7256   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          55946     10.3319  
True                           332237    61.3562  
order-specific                 60        0.0111   
unknown                        153246    28.3009  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    6546      1.2089   
inconclusive-noecc        10        0.0018   
server                    439646    81.192   
unknown                   95287     17.5972  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     43763     8.082    
ECDSA-SHA1 Only                3         0.0006   
ECDSA-SHA224                   43755     8.0805   
ECDSA-SHA256                   58463     10.7967  
ECDSA-SHA384                   58458     10.7958  
ECDSA-SHA512                   58458     10.7958  
RSA-MD5                        93307     17.2316  
RSA-SHA1                       386583    71.3926  
RSA-SHA1 Only                  41287     7.6247   
RSA-SHA224                     320766    59.2378  
RSA-SHA256                     353383    65.2613  
RSA-SHA256 Only                6919      1.2778   
RSA-SHA384                     322845    59.6217  
RSA-SHA384 Only                1         0.0002   
RSA-SHA512                     322938    59.6389  
RSA-SHA512 Only                199       0.0368   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         245811    45.3954  
indeterminate                  42        0.0078   
intolerant                     5114      0.9444   
order-fallback                 9         0.0017   
server                         187931    34.7063  
unsupported                    19787     3.6542   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     43750     8.0796   
ECDSA intolerant               30        0.0055   
ECDSA pfs-rsa-SHA512           14685     2.712    
ECDSA soft-nopfs               1         0.0002   
RSA False                      92525     17.0871  
RSA SHA1                       265644    49.0581  
RSA intolerant                 37307     6.8897   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 863       0.1594   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     6052      1.1177   
insecure                  17380     3.2097   
secure                    518057    95.6727  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      8694      1.6056   
False                     6052      1.1177   
NONE                      526743    97.2768  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         5         0.0009   
1 only                    5         0.0009   
2                         1         0.0002   
2 only                    1         0.0002   
5                         1         0.0002   
5 only                    1         0.0002   
10                        11        0.002    
10 only                   11        0.002    
15                        9         0.0017   
15 only                   9         0.0017   
30                        14        0.0026   
30 only                   12        0.0022   
60                        158       0.0292   
60 only                   152       0.0281   
65                        1         0.0002   
65 only                   1         0.0002   
70                        7         0.0013   
75                        1         0.0002   
75 only                   1         0.0002   
100                       13        0.0024   
100 only                  13        0.0024   
120                       25        0.0046   
120 only                  25        0.0046   
128                       3         0.0006   
128 only                  3         0.0006   
150                       2         0.0004   
180                       59        0.0109   
180 only                  56        0.0103   
240                       6         0.0011   
240 only                  6         0.0011   
244                       1         0.0002   
244 only                  1         0.0002   
300                       257671    47.5856  
300 only                  253451    46.8063  
302                       3         0.0006   
302 only                  3         0.0006   
360                       2         0.0004   
360 only                  1         0.0002   
400                       6         0.0011   
400 only                  6         0.0011   
420                       114       0.0211   
420 only                  91        0.0168   
450                       1         0.0002   
450 only                  1         0.0002   
480                       13        0.0024   
480 only                  13        0.0024   
500                       4         0.0007   
500 only                  4         0.0007   
540                       1         0.0002   
540 only                  1         0.0002   
600                       27406     5.0612   
600 only                  27252     5.0328   
720                       2         0.0004   
720 only                  2         0.0004   
840                       2         0.0004   
840 only                  2         0.0004   
900                       989       0.1826   
900 only                  972       0.1795   
960                       3         0.0006   
960 only                  3         0.0006   
1200                      2741      0.5062   
1200 only                 2735      0.5051   
1500                      6         0.0011   
1500 only                 5         0.0009   
1800                      555       0.1025   
1800 only                 545       0.1006   
1980                      2         0.0004   
1980 only                 2         0.0004   
2100                      2         0.0004   
2100 only                 1         0.0002   
2400                      9         0.0017   
2400 only                 9         0.0017   
2700                      11        0.002    
2700 only                 11        0.002    
3000                      29        0.0054   
3000 only                 29        0.0054   
3300                      1         0.0002   
3300 only                 1         0.0002   
3600                      688       0.1271   
3600 only                 679       0.1254   
3900                      1         0.0002   
3900 only                 1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      13        0.0024   
5400 only                 7         0.0013   
6000                      235       0.0434   
6000 only                 235       0.0434   
7200                      15880     2.9327   
7200 only                 15854     2.9279   
10800                     3309      0.6111   
10800 only                3300      0.6094   
14400                     100       0.0185   
14400 only                100       0.0185   
18000                     8         0.0015   
18000 only                8         0.0015   
21600                     4676      0.8635   
21600 only                4676      0.8635   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     2453      0.453    
28800 only                2450      0.4525   
36000                     1094      0.202    
36000 only                1083      0.2      
43200                     41        0.0076   
43200 only                41        0.0076   
60000                     2         0.0004   
60000 only                2         0.0004   
64800                     4295      0.7932   
64800 only                4295      0.7932   
72000                     28        0.0052   
72000 only                28        0.0052   
79200                     1         0.0002   
79200 only                1         0.0002   
86000                     48        0.0089   
86000 only                48        0.0089   
86400                     3671      0.6779   
86400 only                3666      0.677    
100800                    10910     2.0148   
100800 only               10897     2.0124   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    8         0.0015   
129600 only               8         0.0015   
172800                    10        0.0018   
172800 only               10        0.0018   
216000                    2         0.0004   
216000 only               2         0.0004   
259200                    2         0.0004   
259200 only               2         0.0004   
432000                    1         0.0002   
432000 only               1         0.0002   
604800                    1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      208648    38.5323  
None only                 204120    37.6961  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      9968      1.8408   
ecdsa-with-SHA256         58398     10.7847  
sha1WithRSAEncryption     51637     9.5361   
sha256WithRSAEncryption   446192    82.4009  
sha384WithRSAEncryption   5         0.0009   
sha512WithRSAEncryption   43        0.0079   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 58449     10.7941  
ECDSA 384                 17        0.0031   
ECDSA 521                 1         0.0002   
RSA 1024                  20        0.0037   
RSA 2047                  1         0.0002   
RSA 2048                  473537    87.4509  
RSA 2049                  2         0.0004   
RSA 2056                  1         0.0002   
RSA 2058                  2         0.0004   
RSA 2064                  2         0.0004   
RSA 2084                  5         0.0009   
RSA 2096                  2         0.0004   
RSA 2408                  1         0.0002   
RSA 2432                  1         0.0002   
RSA 2480                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  119       0.022    
RSA 3073                  1         0.0002   
RSA 3096                  2         0.0004   
RSA 3248                  2         0.0004   
RSA 4048                  1         0.0002   
RSA 4056                  18        0.0033   
RSA 4092                  6         0.0011   
RSA 4094                  1         0.0002   
RSA 4095                  1         0.0002   
RSA 4096                  24063     4.4439   
RSA 4098                  1         0.0002   
RSA 8192                  3         0.0006   
RSA/ECDSA Dual Stack      14756     2.7251

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 125414    23.161   
Unsupported               416075    76.839   

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      21373     3.9471
SSL2 Only                 15        0.0028
SSL3                      111129    20.5229
SSL3 Only                 1140      0.2105
SSL3 or TLS1 Only         59881     11.0586
SSL3 or lower Only        1155      0.2133
TLS1                      534137    98.6423
TLS1 Only                 37819     6.9843
TLS1 or lower Only        79028     14.5946
TLS1.1                    449426    82.9982
TLS1.1 Only               331       0.0611
TLS1.1 or up Only         5997      1.1075
TLS1.2                    458682    84.7075
TLS1.2 Only               2265      0.4183
TLS1.2, 1.0 but not 1.1   9518      1.7577

Statistics from 575515 chains provided by 712157 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  510961    71.7484
incomplete                28667     4.0254
untrusted                 172529    24.2263

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         26        0.0045
3                         573525    99.6542
4                         1952      0.3392
5                         12        0.0021

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 58397     
ECDSA 384                 58400     
RSA 1024                  25        
RSA 2045                  2         
RSA 2048                  878262    
RSA 4096                  157894    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 58397     10.1469
ECDSA 384                 58400     10.1474
RSA 1024                  23        0.004
RSA 2045                  2         0.0003
RSA 2048                  516745    89.7883
RSA 4096                  157333    27.3378

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              58394     
sha1WithRSAEncryption          58209     
sha256WithRSAEncryption        319412    
sha384WithRSAEncryption        141372    
sha512WithRSAEncryption        78        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        58271     10.125
112                       458828    79.7248
128.0                     58416     10.1502

Most Popular Root CAs                         Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 126106    21.9119
(2c543cd1) GeoTrust Global CA                 102943    17.8871
(eed8c118) COMODO ECC Certification Authority 58387     10.1452
(5ad8a5d6) GlobalSign Root CA                 50714     8.8119
(cbf06781) Go Daddy Root Certificate Authorit 50524     8.7789
(b204d74a) VeriSign Class 3 Public Primary Ce 32049     5.5688
(244b5494) DigiCert High Assurance EV Root CA 21377     3.7144
(2e4eed3c) thawte Primary Root CA             20668     3.5912
(fc5a8f99) USERTrust RSA Certification Author 15152     2.6328
(157753a5) AddTrust External CA Root          14593     2.5356
(653b494a) Baltimore CyberTrust Root          11373     1.9761
(ae8153b9) StartCom Certification Authority   9025      1.5682
(3513523f) DigiCert Global Root CA            8982      1.5607
(4bfab552) Starfield Root Certificate Authori 8553      1.4861


Scan performed between 18th of January and 3rd of February 2016

November 2015 scan results

Number of servers which support TLS has grown by 1.3% since last month.

Cipher suites

Surprisingly, 3.2% more servers support just AES cipher suites now. At the same time we lost 3.7% market share of Camellia.

The good news is that RC4 support has dropped by 4.7%. Unfortunately, the amount of servers which default to RC4 is still rather high, at a 4% mark level.

Ciphersuites which are completely insecure have lost just 0.5%.

Essentially no change in server side vs client side cipher ordering, with just a small increase in the former.

Key exchange

Ciphersuites which provide forward secrecy are still growing, with ECDHE gaining 0.7% and support for ECDHE and DHE at the same time gaining 0.3%.

As usual, most of the gains are caused by the P-256 curve, with it increasing by 0.65%.

We’re now at 85% mark for servers which prefer forward secure ciphersuites, an increase of 1.11% since last month.

Hash and signature algorithms

Support for the obsolete RSA-MD5 signature algorithm continues to drop, but rather slowly, loosing just 1.1% since previous survey.

Fortunately, servers which are limited to just RSA-SHA1 signatures are also dropping, showing 0.3% fewer servers which do force this mechanism on clients. Support for stronger algorithms like SHA256 is still rather slow on the up tick, gaining just 0.7%.

Vulnerabilities

Little changes here, still 3.5% of servers vulnerable to insecure renegotiation attacks and just under 2% vulnerable to CRIME attack.

Certificates

Use of SHA-256 signatures in certificates continues its rise as de facto the signature standard, gaining 1.5% since last month.

This is also the first time when signatures with ECDSA certificates broke double digits, through an increase of 0.6%. We are less than 5% away from two most popular signature methods both using SHA-256.

Only minimal changes in the key sizes department, just that the ECDSA 256 bit keys have also increased by 0.6%, gaining a double digit market share.

At the same time, 2.6% of servers use configuration in which they support both of those public key standards.

Protocols

Little to no changes here. SSLv2 and SSLv3 are loosing, TLSv1.0 more or less stable, TLSv1.1 and TLSv1.2 gaining. All changes below 0.5% mark.

Results

SSL/TLS survey of 530912 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      457179    86.112
3DES Only                 577       0.1087
AES                       523844    98.6687
AES Only                  40463     7.6214
AES-CBC                   523220    98.5512
AES-CBC Only              10280     1.9363
AES-GCM                   398334    75.0283
AES-GCM Only              481       0.0906
CAMELLIA                  217685    41.0021
CAMELLIA Only             1         0.0002
CHACHA20                  67665     12.7451
CHACHA20 Only             2         0.0004
Insecure                  60479     11.3915
RC4                       191727    36.1128
RC4 Only                  977       0.184
RC4 Preferred             21462     4.0425
RC4 forced in TLS1.1+     11194     2.1084
x:FF 29 RC4 Only          1213      0.2285
x:FF 29 RC4 Preferred     23754     4.4742
x:FF 29 incompatible      400       0.0753
x:FF 35 RC4 Only          1476      0.278
x:FF 35 RC4 Preferred     23839     4.4902
x:FF 35 incompatible      402       0.0757
y:DHE-RSA-SEED-SHA        65003     12.2436
y:IDEA-CBC-SHA            59414     11.1909
y:SEED-SHA                76068     14.3278
z:ADH-AES128-GCM-SHA256   396       0.0746
z:ADH-AES128-SHA          744       0.1401
z:ADH-AES128-SHA256       292       0.055
z:ADH-AES256-GCM-SHA384   408       0.0768
z:ADH-AES256-SHA          756       0.1424
z:ADH-AES256-SHA256       293       0.0552
z:ADH-CAMELLIA128-SHA     374       0.0704
z:ADH-CAMELLIA256-SHA     382       0.072
z:ADH-DES-CBC-SHA         303       0.0571
z:ADH-DES-CBC3-SHA        756       0.1424
z:ADH-RC4-MD5             616       0.116
z:ADH-SEED-SHA            305       0.0574
z:AECDH-AES128-SHA        10719     2.019
z:AECDH-AES256-SHA        10755     2.0258
z:AECDH-DES-CBC3-SHA      10685     2.0126
z:AECDH-NULL-SHA          63        0.0119
z:AECDH-RC4-SHA           10125     1.9071
z:DES-CBC-MD5             11270     2.1228
z:DES-CBC-SHA             36559     6.8861
z:DES-CBC3-MD5            23236     4.3766
z:ECDHE-RSA-NULL-SHA      68        0.0128
z:EDH-RSA-DES-CBC-SHA     31274     5.8906
z:EXP-ADH-DES-CBC-SHA     203       0.0382
z:EXP-ADH-RC4-MD5         199       0.0375
z:EXP-DES-CBC-SHA         14643     2.7581
z:EXP-EDH-RSA-DES-CBC-SHA 11812     2.2249
z:EXP-RC2-CBC-MD5         17779     3.3488
z:EXP-RC4-MD5             18577     3.4991
z:EXP1024-DES-CBC-SHA     4531      0.8534
z:EXP1024-RC4-SHA         4613      0.8689
z:IDEA-CBC-MD5            2255      0.4247
z:NULL-MD5                237       0.0446
z:NULL-SHA                236       0.0445
z:NULL-SHA256             32        0.006
z:RC2-CBC-MD5             11512     2.1683
z:RC4-64-MD5              922       0.1737

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               134022    25.2437
Server side               396890    74.7563

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       896       0.1688
AECDH                     10782     2.0308
DHE                       289298    54.4908
ECDH                      3         0.0006
ECDHE                     425231    80.0944
ECDHE and DHE             223210    42.0427
RSA                       458647    86.3885

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               159457    30.0345  55.1186
DH,1536bits               1         0.0002   0.0003
DH,2048bits               121879    22.9565  42.1292
DH,2236bits               14        0.0026   0.0048
DH,3072bits               108       0.0203   0.0373
DH,3092bits               1         0.0002   0.0003
DH,4096bits               7458      1.4048   2.578
DH,512bits                40        0.0075   0.0138
DH,6144bits               1         0.0002   0.0003
DH,768bits                439       0.0827   0.1517
DH,8192bits               2         0.0004   0.0007
ECDH,B-571,570bits        1680      0.3164   0.3951
ECDH,K-571,570bits        1         0.0002   0.0002
ECDH,P-192,192bits        11        0.0021   0.0026
ECDH,P-224,224bits        81        0.0153   0.019
ECDH,P-256,256bits        411892    77.582   96.8631
ECDH,P-384,384bits        3589      0.676    0.844
ECDH,P-521,521bits        9333      1.7579   2.1948
Prefer DH,1024bits        58262     10.9739  20.1391
Prefer DH,1536bits        1         0.0002   0.0003
Prefer DH,2048bits        10378     1.9547   3.5873
Prefer DH,2236bits        1         0.0002   0.0003
Prefer DH,3072bits        13        0.0024   0.0045
Prefer DH,4096bits        392       0.0738   0.1355
Prefer DH,768bits         66        0.0124   0.0228
Prefer ECDH,B-571,570bits 1478      0.2784   0.3476
Prefer ECDH,K-571,570bits 1         0.0002   0.0002
Prefer ECDH,P-224,224bits 78        0.0147   0.0183
Prefer ECDH,P-256,256bits 370937    69.8679  87.2319
Prefer ECDH,P-384,384bits 3291      0.6199   0.7739
Prefer ECDH,P-521,521bits 8426      1.5871   1.9815
Prefer PFS                453324    85.3859  0
Support PFS               491319    92.5425  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           2073      0.3905   
brainpoolP384r1           2074      0.3906   
brainpoolP512r1           2074      0.3906   
prime192v1                1449      0.2729   
prime256v1                422425    79.5659  
prime256v1 Only           368568    69.4217  
secp160k1                 1406      0.2648   
secp160r1                 1411      0.2658   
secp160r2                 1406      0.2648   
secp192k1                 1423      0.268    
secp224k1                 1491      0.2808   
secp224r1                 4011      0.7555   
secp256k1                 3482      0.6559   
secp384r1                 54256     10.2194  
secp384r1 Only            444       0.0836   
secp521r1                 23612     4.4474   
secp521r1 Only            128       0.0241   
sect163k1                 1415      0.2665   
sect163k1 Only            2         0.0004   
sect163r1                 1413      0.2661   
sect163r2                 1409      0.2654   
sect193r1                 1409      0.2654   
sect193r2                 1407      0.265    
sect233k1                 1486      0.2799   
sect233r1                 1486      0.2799   
sect239k1                 1486      0.2799   
sect283k1                 3447      0.6493   
sect283k1 Only            2         0.0004   
sect283r1                 3442      0.6483   
sect409k1                 3444      0.6487   
sect409r1                 3443      0.6485   
sect571k1                 3454      0.6506   
sect571r1                 3454      0.6506   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          69315     13.0558  
True                           299493    56.411   
order-specific                 82        0.0154   
unknown                        162022    30.5177  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    5116      0.9636   
inconclusive-noecc        8         0.0015   
server                    417915    78.7164  
unknown                   107873    20.3184  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     39752     7.4875   
ECDSA-SHA1 Only                2         0.0004   
ECDSA-SHA224                   39755     7.4881   
ECDSA-SHA256                   53701     10.1149  
ECDSA-SHA384                   53712     10.1169  
ECDSA-SHA512                   53734     10.1211  
ECDSA-SHA512 Only              22        0.0041   
RSA-MD5                        164964    31.0718  
RSA-SHA1                       368019    69.3183  
RSA-SHA1 Only                  42674     8.0379   
RSA-SHA224                     303273    57.123   
RSA-SHA256                     332849    62.6938  
RSA-SHA256 Only                6204      1.1686   
RSA-SHA384                     304966    57.4419  
RSA-SHA384 Only                1         0.0002   
RSA-SHA512                     305210    57.4879  
RSA-SHA512 Only                277       0.0522   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         233407    43.9634  
indeterminate                  45        0.0085   
intolerant                     4576      0.8619   
order-fallback                 8         0.0015   
server                         177923    33.5127  
unsupported                    21601     4.0687   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     39724     7.4822   
ECDSA intolerant               116       0.0218   
ECDSA pfs-rsa-SHA512           13917     2.6213   
ECDSA soft-nopfs               3         0.0006   
RSA False                      163706    30.8349  
RSA SHA1                       176523    33.249   
RSA intolerant                 35829     6.7486   
RSA pfs-ecdsa-SHA512           27        0.0051   
RSA soft-nopfs                 1308      0.2464   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     6621      1.2471   
insecure                  18673     3.5172   
secure                    505618    95.2357  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      9772      1.8406   
False                     6621      1.2471   
NONE                      514519    96.9123  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         4         0.0008   
1 only                    4         0.0008   
2                         2         0.0004   
2 only                    2         0.0004   
10                        11        0.0021   
10 only                   11        0.0021   
15                        10        0.0019   
15 only                   10        0.0019   
30                        10        0.0019   
30 only                   9         0.0017   
60                        97        0.0183   
60 only                   90        0.017    
65                        2         0.0004   
65 only                   2         0.0004   
70                        6         0.0011   
100                       15        0.0028   
100 only                  15        0.0028   
120                       27        0.0051   
120 only                  27        0.0051   
128                       2         0.0004   
128 only                  2         0.0004   
150                       2         0.0004   
180                       41        0.0077   
180 only                  38        0.0072   
240                       5         0.0009   
240 only                  5         0.0009   
300                       244735    46.0971  
300 only                  240267    45.2555  
302                       3         0.0006   
302 only                  3         0.0006   
360                       2         0.0004   
360 only                  1         0.0002   
400                       8         0.0015   
400 only                  8         0.0015   
420                       124       0.0234   
420 only                  97        0.0183   
450                       1         0.0002   
450 only                  1         0.0002   
480                       13        0.0024   
480 only                  13        0.0024   
500                       3         0.0006   
500 only                  3         0.0006   
540                       1         0.0002   
540 only                  1         0.0002   
600                       26475     4.9867   
600 only                  26305     4.9547   
700                       1         0.0002   
700 only                  1         0.0002   
720                       1         0.0002   
720 only                  1         0.0002   
840                       1         0.0002   
840 only                  1         0.0002   
900                       878       0.1654   
900 only                  861       0.1622   
960                       2         0.0004   
960 only                  2         0.0004   
1200                      2334      0.4396   
1200 only                 2330      0.4389   
1320                      1         0.0002   
1320 only                 1         0.0002   
1500                      9         0.0017   
1500 only                 8         0.0015   
1800                      499       0.094    
1800 only                 490       0.0923   
1980                      1         0.0002   
1980 only                 1         0.0002   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      8         0.0015   
2400 only                 8         0.0015   
2700                      10        0.0019   
2700 only                 10        0.0019   
3000                      26        0.0049   
3000 only                 26        0.0049   
3600                      573       0.1079   
3600 only                 560       0.1055   
3900                      3         0.0006   
3900 only                 3         0.0006   
4200                      1         0.0002   
5160                      1         0.0002   
5160 only                 1         0.0002   
5400                      13        0.0024   
5400 only                 6         0.0011   
6000                      179       0.0337   
6000 only                 179       0.0337   
7200                      15645     2.9468   
7200 only                 15623     2.9427   
10800                     3114      0.5865   
10800 only                3110      0.5858   
14400                     99        0.0186   
14400 only                99        0.0186   
18000                     8         0.0015   
18000 only                8         0.0015   
21600                     4849      0.9133   
21600 only                4637      0.8734   
25200                     1         0.0002   
25200 only                1         0.0002   
28800                     3555      0.6696   
28800 only                3543      0.6673   
36000                     1157      0.2179   
36000 only                1150      0.2166   
43200                     40        0.0075   
43200 only                40        0.0075   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     51789     9.7547   
64800 only                51762     9.7496   
72000                     29        0.0055   
72000 only                29        0.0055   
84600                     1         0.0002   
84600 only                1         0.0002   
86000                     39        0.0073   
86000 only                39        0.0073   
86400                     3482      0.6559   
86400 only                3471      0.6538   
100800                    10699     2.0152   
100800 only               10688     2.0131   
129600                    10        0.0019   
129600 only               10        0.0019   
172800                    9         0.0017   
172800 only               9         0.0017   
216000                    2         0.0004   
216000 only               2         0.0004   
432000                    2         0.0004   
432000 only               2         0.0004   
604800                    5         0.0009   
604800 only               3         0.0006   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      165273    31.13    
None only                 160236    30.1813  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      11419     2.1508   
ecdsa-with-SHA256         53709     10.1164  
sha1WithRSAEncryption     79229     14.9232  
sha256WithRSAEncryption   413158    77.8204  
sha384WithRSAEncryption   6         0.0011   
sha512WithRSAEncryption   33        0.0062   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 53748     10.1237  
ECDSA 384                 12        0.0023   
ECDSA 521                 1         0.0002   
RSA 1024                  38        0.0072   
RSA 10240                 8         0.0015   
RSA 2048                  470388    88.6     
RSA 2049                  4         0.0008   
RSA 2056                  1         0.0002   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2084                  3         0.0006   
RSA 2096                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  2         0.0004   
RSA 2480                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  144       0.0271   
RSA 3096                  2         0.0004   
RSA 3120                  2         0.0004   
RSA 3248                  2         0.0004   
RSA 4042                  1         0.0002   
RSA 4048                  1         0.0002   
RSA 4056                  22        0.0041   
RSA 4069                  1         0.0002   
RSA 4086                  1         0.0002   
RSA 4092                  6         0.0011   
RSA 4094                  1         0.0002   
RSA 4096                  20509     3.863    
RSA 4098                  1         0.0002   
RSA 4196                  1         0.0002   
RSA 8192                  3         0.0006   
RSA/ECDSA Dual Stack      13986     2.6343

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 115313    21.7198  
Unsupported               415599    78.2802  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      23492     4.4248
SSL2 Only                 19        0.0036
SSL3                      121502    22.8855
SSL3 Only                 470       0.0885
SSL3 or TLS1 Only         68017     12.8114
SSL3 or lower Only        487       0.0917
TLS1                      525297    98.9424
TLS1 Only                 40462     7.6212
TLS1 or lower Only        89960     16.9444
TLS1.1                    427273    80.4791
TLS1.1 Only               312       0.0588
TLS1.1 or up Only         4757      0.896
TLS1.2                    437543    82.4135
TLS1.2 Only               2067      0.3893
TLS1.2, 1.0 but not 1.1   11005     2.0728



Statistics from 566530 chains provided by 702674 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  500948    71.2917
incomplete                27324     3.8886
untrusted                 174402    24.8198

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         40        0.0071
3                         564250    99.5975
4                         2220      0.3919
5                         20        0.0035

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 53700     
ECDSA 384                 53703     
RSA 1024                  38        
RSA 2045                  3         
RSA 2048                  886848    
RSA 4096                  140988    

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 53700     9.4788
ECDSA 384                 53703     9.4793
RSA 1024                  36        0.0064
RSA 2045                  3         0.0005
RSA 2048                  512489    90.4611
RSA 4096                  140488    24.798

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              53695     
sha1WithRSAEncryption          87476     
sha256WithRSAEncryption        301918    
sha384WithRSAEncryption        125587    
sha512WithRSAEncryption        74        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        87515     15.4475
112                       425304    75.0718
128                       53711     9.4807

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 116038    20.4822
(2c543cd1) GeoTrust Global CA                 109648    19.3543
(eed8c118) COMODO ECC Certification Authority 53687     9.4765
(cbf06781) Go Daddy Root Certificate Authorit 48182     8.5048
(5ad8a5d6) GlobalSign Root CA                 44132     7.7899
(b204d74a) VeriSign Class 3 Public Primary Ce 32386     5.7166
(244b5494) DigiCert High Assurance EV Root CA 26649     4.7039
(2e4eed3c) thawte Primary Root CA             22839     4.0314
(157753a5) AddTrust External CA Root          21671     3.8252
(653b494a) Baltimore CyberTrust Root          12055     2.1279
(fc5a8f99) USERTrust RSA Certification Author 9450      1.668
(ae8153b9) StartCom Certification Authority   9327      1.6463
(4bfab552) Starfield Root Certificate Authori 9162      1.6172
(3513523f) DigiCert Global Root CA            8636      1.5244

Scan performed between 22nd November and 3rd of December 2015

More nails to RC4 coffin

Last week Christina Garman, Kenneth G. Paterson and Thyla van der Merwe have published a new attacks on RC4 in a paper titled Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS. In it they outline an attack which recovers user passwords in IMAP and HTTP Basic authentication using 2²⁶ ciphertexts. Previous attacks required about 2³⁴ ciphertexts.

The other attack, published yesterday at the BlackHat conference, is the Bar-mitzvah attack which requires about 2²⁹ ciphertexts.

While connections to relatively few servers (~6% of Alexa top 1 million TLS enabled sites) will end up with RC4 cipher, the 75% market share of RC4 in general is not reassuring.

February 2015 scan results

This month the amount of HTTP servers with trusted certificate has grown again,
this time by just under 2%.

Cipher suites that use 3DES or AES have essentially retained their marketshare,
with slight increase in 3DES and AES-GCM use. Servers which support just RC4 or
prefer RC4 over other ciphers has also remained unchanged, as have the use of
completely insecure export grade and 54 bit ciphers.

Server side cipher ordering also didn’t change by much, though it has risen.

Support for ciphersuites that provides forward secrecy has also seen only
insignificant changes. Preference for DHE has remained the same, for ECDHE
has risen only very slightly. Though it is a bit surprising, as support for both
ECDHE and DHE has risen by more than a percent. Nearly all of this change is
attributed to support for P-256 curve and 2048 bit finite-field DHE.

Similarly, support for server side curve ordering or chosen signature algorithms
essentially remained the same.

The only measurement that has noted change above 1% are the signature algorithms
on server certificates, with SHA-1 loosing another 3.8% and SHA-256 gaining same
amount. Used key sizes haven’t changed though.

SSLv3 support still remains high, with 33% of surveyed servers still supporting
this insecure protocol. The good news is that only 0.33% of all servers scanned
support just SSLv3 or SSLv2, so browsers and users are safe to disable this
protocol without fear of interoperability issues.

SSL/TLS survey of 478847 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      389395    81.3193
3DES Only                 446       0.0931
AES                       452703    94.5402
AES Only                  7959      1.6621
AES-CBC Only              4111      0.8585
AES-GCM                   275395    57.5121
AES-GCM Only              21        0.0044
CAMELLIA                  201517    42.0838
CAMELLIA Only             1         0.0002
CHACHA20                  27231     5.6868
Insecure                  88014     18.3804
RC4                       362499    75.7025
RC4 Only                  3578      0.7472
RC4 Preferred             63514     13.2639
RC4 forced in TLS1.1+     40750     8.51
x:FF 29 RC4 Only          545       0.1138
x:FF 29 RC4 Preferred     68531     14.3117
x:FF 29 incompatible      135       0.0282
y:DHE-RSA-SEED-SHA        106333    22.206
y:IDEA-CBC-MD5            2911      0.6079
y:IDEA-CBC-SHA            85651     17.8869
y:SEED-SHA                103273    21.567
z:ADH-AES128-GCM-SHA256   352       0.0735
z:ADH-AES128-SHA          983       0.2053
z:ADH-AES128-SHA256       278       0.0581
z:ADH-AES256-GCM-SHA384   367       0.0766
z:ADH-AES256-SHA          995       0.2078
z:ADH-AES256-SHA256       282       0.0589
z:ADH-CAMELLIA128-SHA     440       0.0919
z:ADH-CAMELLIA256-SHA     449       0.0938
z:ADH-DES-CBC-SHA         378       0.0789
z:ADH-DES-CBC3-SHA        1011      0.2111
z:ADH-RC4-MD5             787       0.1644
z:ADH-SEED-SHA            293       0.0612
z:AECDH-AES128-SHA        14530     3.0344
z:AECDH-AES256-SHA        14530     3.0344
z:AECDH-DES-CBC3-SHA      14487     3.0254
z:AECDH-NULL-SHA          38        0.0079
z:AECDH-RC4-SHA           13507     2.8207
z:DES-CBC-MD5             18469     3.857
z:DES-CBC-SHA             49506     10.3386
z:DES-CBC3-MD5            33718     7.0415
z:ECDHE-RSA-NULL-SHA      43        0.009
z:EDH-RSA-DES-CBC-SHA     42281     8.8298
z:EXP-ADH-DES-CBC-SHA     302       0.0631
z:EXP-ADH-RC4-MD5         306       0.0639
z:EXP-DES-CBC-SHA         35244     7.3602
z:EXP-EDH-RSA-DES-CBC-SHA 24614     5.1403
z:EXP-RC2-CBC-MD5         40047     8.3632
z:EXP-RC4-MD5             42873     8.9534
z:EXP1024-DES-CBC-SHA     9396      1.9622
z:EXP1024-RC4-SHA         9557      1.9958
z:NULL-MD5                292       0.061
z:NULL-SHA                292       0.061
z:NULL-SHA256             12        0.0025
z:RC2-CBC-MD5             18829     3.9322
z:RC4-64-MD5              1529      0.3193

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               141265    29.5011
Server side               337582    70.4989

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1120      0.2339
AECDH                     14557     3.04
DHE                       256190    53.5014
ECDHE                     305994    63.9022
ECDHE and DHE             154553    32.2761
RSA                       446580    93.2615

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               214103    44.7122  83.572
DH,1536bits               1         0.0002   0.0004
DH,2048bits               39131     8.1719   15.2742
DH,2226bits               1         0.0002   0.0004
DH,2236bits               1         0.0002   0.0004
DH,3072bits               19        0.004    0.0074
DH,3248bits               2         0.0004   0.0008
DH,4094bits               1         0.0002   0.0004
DH,4096bits               2115      0.4417   0.8256
DH,512bits                87        0.0182   0.034
DH,768bits                759       0.1585   0.2963
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        7         0.0015   0.0023
ECDH,B-571,570bits        707       0.1476   0.2311
ECDH,K-163,163bits        1         0.0002   0.0003
ECDH,P-224,224bits        51        0.0107   0.0167
ECDH,P-256,256bits        299807    62.6102  97.9781
ECDH,P-384,384bits        3156      0.6591   1.0314
ECDH,P-521,521bits        4454      0.9302   1.4556
Prefer DH,1024bits        99375     20.753   38.7896
Prefer DH,2048bits        2882      0.6019   1.1249
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,4096bits        90        0.0188   0.0351
Prefer DH,512bits         3         0.0006   0.0012
Prefer DH,768bits         420       0.0877   0.1639
Prefer ECDH,B-163,163bits 7         0.0015   0.0023
Prefer ECDH,B-571,570bits 521       0.1088   0.1703
Prefer ECDH,K-163,163bits 1         0.0002   0.0003
Prefer ECDH,P-224,224bits 18        0.0038   0.0059
Prefer ECDH,P-256,256bits 243201    50.7889  79.479
Prefer ECDH,P-384,384bits 3079      0.643    1.0062
Prefer ECDH,P-521,521bits 4146      0.8658   1.3549
Prefer PFS                353744    73.8741  0
Support PFS               407631    85.1276  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           77        0.0161   
brainpoolP384r1           77        0.0161   
brainpoolP512r1           77        0.0161   
prime192v1                721       0.1506   
prime256v1                305466    63.792   
prime256v1 Only           265378    55.4202  
secp160k1                 689       0.1439   
secp160r1                 688       0.1437   
secp160r2                 688       0.1437   
secp192k1                 716       0.1495   
secp224k1                 747       0.156    
secp224r1                 1221      0.255    
secp224r1 Only            1         0.0002   
secp256k1                 766       0.16     
secp384r1                 40252     8.406    
secp384r1 Only            166       0.0347   
secp521r1                 9985      2.0852   
secp521r1 Only            86        0.018    
sect163k1                 688       0.1437   
sect163r1                 688       0.1437   
sect163r2                 695       0.1451   
sect163r2 Only            7         0.0015   
sect193r1                 688       0.1437   
sect193r2                 688       0.1437   
sect233k1                 738       0.1541   
sect233r1                 738       0.1541   
sect239k1                 737       0.1539   
sect283k1                 737       0.1539   
sect283r1                 737       0.1539   
sect409k1                 737       0.1539   
sect409r1                 737       0.1539   
sect571k1                 756       0.1579   
sect571r1                 756       0.1579   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          75947     15.8604  
True                           188432    39.3512  
order-specific                 12        0.0025   
unknown                        214456    44.7859  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    1661      0.3469   
inconclusive-noecc        4         0.0008   
server                    304074    63.5013  
unknown                   173108    36.151   

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     27872     5.8206   
ECDSA-SHA224                   27873     5.8209   
ECDSA-SHA256                   27873     5.8209   
ECDSA-SHA384                   27874     5.8211   
ECDSA-SHA512                   27874     5.8211   
RSA-MD5                        132832    27.74    
RSA-MD5 Only                   1         0.0002   
RSA-SHA1                       275469    57.5276  
RSA-SHA1 Only                  42560     8.888    
RSA-SHA224                     224806    46.9474  
RSA-SHA256                     235988    49.2825  
RSA-SHA256 Only                2701      0.5641   
RSA-SHA384                     225210    47.0317  
RSA-SHA512                     225254    47.0409  
RSA-SHA512 Only                39        0.0081   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         206251    43.0724  
indeterminate                  7         0.0015   
intolerant                     1409      0.2942   
order-fallback                 2         0.0004   
server                         98943     20.6628  
unsupported                    37273     7.7839   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     27871     5.8204   
ECDSA intolerant               4         0.0008   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      131264    27.4125  
RSA SHA1                       125024    26.1094  
RSA intolerant                 20874     4.3592   
RSA pfs-ecdsa-SHA512           1         0.0002   
RSA soft-nopfs                 1609      0.336    

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     9764      2.0391   
insecure                  25819     5.3919   
secure                    443264    92.569   

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      15459     3.2284   
False                     9764      2.0391   
NONE                      453624    94.7326  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
2                         2         0.0004   
2 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        4         0.0008   
10 only                   4         0.0008   
15                        8         0.0017   
15 only                   8         0.0017   
30                        10        0.0021   
30 only                   10        0.0021   
60                        71        0.0148   
60 only                   64        0.0134   
65                        1         0.0002   
65 only                   1         0.0002   
70                        4         0.0008   
75                        1         0.0002   
75 only                   1         0.0002   
100                       11        0.0023   
100 only                  11        0.0023   
120                       24        0.005    
120 only                  23        0.0048   
128                       3         0.0006   
128 only                  3         0.0006   
180                       47        0.0098   
180 only                  45        0.0094   
240                       11        0.0023   
240 only                  11        0.0023   
300                       201017    41.9794  
300 only                  192323    40.1638  
360                       2         0.0004   
360 only                  1         0.0002   
400                       4         0.0008   
400 only                  4         0.0008   
420                       37        0.0077   
420 only                  26        0.0054   
480                       16        0.0033   
480 only                  14        0.0029   
500                       4         0.0008   
500 only                  4         0.0008   
600                       14965     3.1252   
600 only                  14676     3.0649   
720                       1         0.0002   
720 only                  1         0.0002   
840                       1         0.0002   
840 only                  1         0.0002   
900                       520       0.1086   
900 only                  500       0.1044   
960                       2         0.0004   
960 only                  2         0.0004   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      286       0.0597   
1200 only                 283       0.0591   
1500                      9         0.0019   
1500 only                 8         0.0017   
1800                      343       0.0716   
1800 only                 334       0.0698   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      2         0.0004   
2400 only                 2         0.0004   
2700                      5         0.001    
2700 only                 5         0.001    
3000                      11        0.0023   
3000 only                 11        0.0023   
3600                      329       0.0687   
3600 only                 312       0.0652   
5400                      10        0.0021   
6000                      3         0.0006   
6000 only                 3         0.0006   
7200                      14085     2.9414   
7200 only                 11423     2.3855   
10800                     1006      0.2101   
10800 only                1001      0.209    
14400                     1416      0.2957   
14400 only                1415      0.2955   
18000                     1         0.0002   
18000 only                1         0.0002   
21600                     4976      1.0392   
21600 only                4973      1.0385   
28800                     12        0.0025   
28800 only                11        0.0023   
36000                     980       0.2047   
36000 only                975       0.2036   
43200                     101       0.0211   
43200 only                101       0.0211   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     45713     9.5465   
64800 only                45710     9.5458   
72000                     8         0.0017   
72000 only                8         0.0017   
86000                     28        0.0058   
86000 only                28        0.0058   
86400                     225       0.047    
86400 only                224       0.0468   
93600                     1         0.0002   
93600 only                1         0.0002   
100800                    12805     2.6741   
100800 only               12805     2.6741   
129600                    8         0.0017   
129600 only               8         0.0017   
172800                    1         0.0002   
172800 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    3         0.0006   
864000 only               3         0.0006   
None                      191458    39.9831  
None only                 179709    37.5295  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15481     3.233    
ecdsa-with-SHA256         27852     5.8165   
sha1WithRSAEncryption     247414    51.6687  
sha256WithRSAEncryption   203665    42.5324  
sha512WithRSAEncryption   10        0.0021   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 27873     5.8209   
ECDSA 384                 4         0.0008   
RSA 1024                  586       0.1224   
RSA 10240                 4         0.0008   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  434653    90.7707  
RSA 2049                  2         0.0004   
RSA 2056                  3         0.0006   
RSA 2058                  4         0.0008   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  14        0.0029   
RSA 2096                  1         0.0002   
RSA 2408                  3         0.0006   
RSA 2432                  5         0.001    
RSA 2612                  1         0.0002   
RSA 3072                  81        0.0169   
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0006   
RSA 3600                  1         0.0002   
RSA 4042                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  32        0.0067   
RSA 4069                  1         0.0002   
RSA 4086                  2         0.0004   
RSA 4092                  2         0.0004   
RSA 4096                  15597     3.2572   
RSA 4098                  2         0.0004   
RSA 8192                  4         0.0008   
RSA/ECDSA Dual Stack      30        0.0063

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 79626     16.6287  
Unsupported               399221    83.3713  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      34004     7.1012
SSL2 Only                 83        0.0173
SSL3                      160049    33.4238
SSL3 Only                 1554      0.3245
SSL3 or TLS1 Only         99562     20.792
SSL3 or lower Only        1597      0.3335
TLS1                      476217    99.4508
TLS1 Only                 53875     11.251
TLS1 or lower Only        130773    27.31
TLS1.1                    333272    69.5988
TLS1.1 Only               6         0.0013
TLS1.1 or up Only         690       0.1441
TLS1.2                    343871    71.8123
TLS1.2 Only               495       0.1034
TLS1.2, 1.0 but not 1.1   12594     2.6301

Statistics from 506677 chains provided by 663743 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  445855    67.1728
incomplete                28915     4.3564
untrusted                 188973    28.4708


Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1250      0.2467
3                         435699    85.9915
4                         69697     13.7557
5                         31        0.0061

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 27724     
ECDSA 384                 27724     
RSA 1024                  1237      
RSA 2045                  1         
RSA 2048                  945864    
RSA 4096                  79313     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 27724     5.4717
ECDSA 384                 27724     5.4717
RSA 1024                  1233      0.2434
RSA 2045                  1         0.0002
RSA 2048                  477582    94.2577
RSA 4096                  78697     15.532

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              27724     
sha1WithRSAEncryption          272982    
sha256WithRSAEncryption        141436    
sha384WithRSAEncryption        133014    
sha512WithRSAEncryption        30        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        273108    53.9018
112                       205843    40.6261
128                       27726     5.4721

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 112003    22.1054
(157753a5) AddTrust External CA Root          103054    20.3392
(5ad8a5d6) GlobalSign Root CA                 51402     10.1449
(cbf06781) Go Daddy Root Certificate Authorit 42982     8.4831
(b204d74a) VeriSign Class 3 Public Primary Ce 29072     5.7378
(eed8c118) COMODO ECC Certification Authority 27720     5.4709
(2e4eed3c) thawte Primary Root CA             26917     5.3125
(244b5494) DigiCert High Assurance EV Root CA 23747     4.6868
(653b494a) Baltimore CyberTrust Root          11804     2.3297
(f081611a) The Go Daddy Group, Inc.           11749     2.3188
(b13cc6df) UTN-USERFirst-Hardware             9836      1.9413
(ae8153b9) StartCom Certification Authority   9546      1.884
(f387163d) Starfield Technologies, Inc.       8019      1.5827
(40547a79) COMODO Certification Authority     6997      1.381
(3513523f) DigiCert Global Root CA            5757      1.1362


Scan performed between 19th and 27th of February 2015.

RC4 prohibited

After nearly half a year of work, the Internet Engineering Task Force (IETF) Request for Comments (RFC) 7465 is published.

What it does in a nutshell is disallows use of any kind of RC4 ciphersuites. In effect making all servers or clients that use it non standard compliant.

November 2014 results – intolerancies

This time around, I have extended the scanning script to also include tests checking whatever servers are tolerant to specific settings inside client hello messages. The scan itself also gained a fallback mode in case the regular scan (used up until now for all data collection) haven’t detected any ciphers to be supported by server or server appearing to support just SSLv2. Another additions include scan for supported curves for ECDHE key exchange, key signature algorithm for TLSv1.2 ECDHE and DHE key exchange, secure renegotiation support and compression.

Protocol versions

While I have provided some results for intolerance of specific settings in the Halloween special, scan of the full Alexa top 1 million proved to be much more complex and harder to pin down in just few lines. I’m afraid I won’t be able to tell much about the bugs the servers seem to be showing until I develop tests for specific bugs rather than current probing with very generic (and rather standard) client hello messages.

That being said, general statistics look like this: about 4.8% of servers refused connection that started with a big full featured TLSv1.2 client hello, that includes about 0.1% of servers that are strictly TLSv1.2 ClientHello intolerant (even when inside V2 Client Hello) and 0.18% that are intolerant to regular TLSv1.2 client hello, rest seem to be intolerant to just big client hello or placement of RC4-SHA and RC4-MD5 ciphers after 64th position (Windows 2003 bug).

Supported curves

Around 56.7% of servers will negotiate ECDHE cipher suites. The vast majority of servers support the NIST prime256v1 curve (55.6% of all TLS-enabled) and high part of them support only this one curve (48.2%). Second most supported curve is secp384r1, where 7.3% of servers support it (0.02% support only this one). Third most supported curve is secp521r1, at 1.77%. Other curves hover around 0.13% mark, with the exception of brainpool curves (all 3 of them), which are supported by only 19 servers.

At the same time, there are servers which support only secp521r1, sect163k1 or sect163r2 curves – those servers won’t be able to negotiate ECDHE ciphers with common web browsers. This is because secp521r1 curve is supported only by some browsers (list that doesn’t include Firefox and Internet Explorer) while the other two are unsupported by all major browsers.

Interestingly, nearly all servers dictate the selected curve (use server side ordering for curves) – only 0.13% of servers let the client select the most preferred curve.

Many servers (11.8% of total) will abort connection completely in case the client does not support the curve preferred by server.

Signature algorithms in PFS TLSv1.2 key exchange

As more eagle-eyed readers of the RFC 5246 (TLSv1.2 definition) may have noticed, the standard also allows the peers to negotiate the signature algorithm used for signing the DHE and ECDHE key exchange. In detail it allows the server to sign the key exchange with MD5, SHA1 and SHA-2 family functions.

As we all know, MD5 is far from secure when used for digital signatures.

Unfortunately, many servers (24% of TLS-enabled) will sign the message with MD5 if the client “doesn’t leave them any choice”. Few (3 in total) will sign the key exchange only using MD5! The situation with the weak-but-no-broken-yet SHA1 is not much better as 8% of servers will use only it for signing.

On many servers support for SHA2 family of functions is still lagging a bit behind after SHA1 (respectively at around 42% and 51% of all).

Majority of servers will honour the client preferred signature mechanism (38% of TLS-enabled) while minority will take only its preference of it (18%).

In case the client doesn’t advertise any signature algorithm supported by server the behaviour is rather diverse. Most common is just forcing the client to accept SHA-1 signatures (at 23.9%), close second (at 23.7%) is aborting the connection if the client doesn’t advertise any RSA based signature algorithms. Less common still is aborting as soon as the client advertises only the unsupported signature algorithms (at 3.47%). Very few servers opt out to select ciphers that don’t require negotiation of signature algorithms (at 0.3%).

For servers with ECDSA keys, the situation is more uniform, where 5.5% of all TLS enabled servers will just force the SHA-1 signature algorithm, 20 servers will abort the connection while just one will drop down to RSA based, but still PFS-enabled cipher suite.

Cipher suites

Going back to our usual programming, use of cipher suites didn’t see much changes.

3DES ciphers have decreased a bit (2%) while AES-GCM have increased by a bit (also ~2%). While servers that support RC4 have decreased slightly (~1.5%) the amount of servers that force the use of RC4 remained essentially the same.

Amount of servers that will negotiate insecure cipher suites has grown by just under 2%, but this may be caused by addition of DES-CBC3-MD5 (at 8.7%), EXP-RC4-MD5 (at 11.7%), EXP1024-DES-CBC-SHA (at 2.3%), EXP1024-RC4-SHA (at 2.3%) and RC4-64-MD5 (at 0.39%) ciphers to the list of insecure ciphers which previously either were counted towards the RC4 and 3DES numbers or not tested at all (the EXP1024 ciphers).

It’s nice to see that more servers still use server side cipher ordering, this month at 66.7% (up by just under 6%).

We’ve also seen a 1.5% growth in servers that prefer PFS capable cipher suites, caused nearly entirely by servers that prefer the P-256 NIST curve for ECDHE key exchange.

Server certificates

A slight increase in the number of servers that have certificates signed by ECDSA keys, by 0.7%.

The other good news is that SHA-1 keeps on loosing, this month by 7.6% to a level of 68%.

The key sizes haven’t seen much changes, 2048bit is still dominant at 90.7% for RSA while 256 bit is dominant at 5.5% for ECDSA.

Looks like google have once again modified their Apple clients detection, as the number of servers that report support for both RSA and ECDSA ciphersuites have gone back to nearly 0 (and the scanning script once again doesn’t report support of ECDHE-ECDSA ciphers for sites like youtube.com).

Protocols

Administrators keep on updating their configurations, SSLv2 support has gone down by 1.5% to 8.8% while SSLv3 support has gone down by 23% to a level of 46% making it the first month when SSLv3 is supported by less than half the web servers.

A bit surprisingly, TLSv1.0 has gained a bit of market, from the previous 97.7% to current 99.2% making it virtually ubiquitous.

TLSv1.1 and TLSv1.2 have gained a bit less, at around 1.5% and 2% respectively.

Vulnerabilities

Some of the servers are still vulnerable to long known attacks requiring support for compression (at 4.3%) and lack of implementation of RFC 5746 (secure renegotiation) which is missing on nearly 6.5% of servers. This facilitates the CRIME and renegotiation attacks respectively.

Trust chains

The changes for individual certificates or trust chains in general are not significant, all are below the 1% mark, but they all go in the right direction – for higher security.

Detailed cipher scan results

SSL/TLS survey of 441636 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      374355    84.7655
3DES Only                 402       0.091
AES                       413509    93.6312
AES Only                  3628      0.8215
AES-CBC Only              2370      0.5366
AES-GCM                   226553    51.2986
AES-GCM Only              11        0.0025
CAMELLIA                  169951    38.4821
CAMELLIA Only             1         0.0002
CHACHA20                  14060     3.1836
Insecure                  97652     22.1114
RC4                       370269    83.8403
RC4 Only                  3694      0.8364
RC4 Preferred             72316     16.3746
RC4 forced in TLS1.1+     44600     10.0988
x:FF 29 RC4 Only          521       0.118
x:FF 29 RC4 Preferred     77977     17.6564
x:FF 29 incompatible      152       0.0344
y:DHE-RSA-SEED-SHA        81413     18.4344
y:IDEA-CBC-MD5            3271      0.7407
y:IDEA-CBC-SHA            66611     15.0828
y:SEED-SHA                83866     18.9898
z:ADH-AES128-GCM-SHA256   297       0.0672
z:ADH-AES128-SHA          1093      0.2475
z:ADH-AES128-SHA256       258       0.0584
z:ADH-AES256-GCM-SHA384   298       0.0675
z:ADH-AES256-SHA          1105      0.2502
z:ADH-AES256-SHA256       258       0.0584
z:ADH-CAMELLIA128-SHA     461       0.1044
z:ADH-CAMELLIA256-SHA     471       0.1066
z:ADH-DES-CBC-SHA         457       0.1035
z:ADH-DES-CBC3-SHA        1145      0.2593
z:ADH-RC4-MD5             929       0.2104
z:ADH-SEED-SHA            327       0.074
z:AECDH-AES128-SHA        13449     3.0453
z:AECDH-AES256-SHA        13444     3.0441
z:AECDH-DES-CBC3-SHA      13404     3.0351
z:AECDH-NULL-SHA          32        0.0072
z:AECDH-RC4-SHA           12431     2.8148
z:DES-CBC-MD5             21586     4.8877
z:DES-CBC-SHA             57810     13.09
z:DES-CBC3-MD5            38510     8.7199
z:ECDHE-RSA-NULL-SHA      40        0.0091
z:EDH-RSA-DES-CBC-SHA     50046     11.332
z:EXP-ADH-DES-CBC-SHA     370       0.0838
z:EXP-ADH-RC4-MD5         375       0.0849
z:EXP-DES-CBC-SHA         43742     9.9045
z:EXP-EDH-RSA-DES-CBC-SHA 32332     7.321
z:EXP-RC2-CBC-MD5         48992     11.0933
z:EXP-RC4-MD5             51816     11.7327
z:EXP1024-DES-CBC-SHA     10301     2.3325
z:EXP1024-RC4-SHA         10439     2.3637
z:NULL-MD5                308       0.0697
z:NULL-SHA                310       0.0702
z:NULL-SHA256             21        0.0048
z:RC2-CBC-MD5             21992     4.9797
z:RC4-64-MD5              1761      0.3987

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               146876    33.2573
Server side               294760    66.7427

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1219      0.276
AECDH                     13477     3.0516
DHE                       218697    49.5197
ECDHE                     250523    56.7261
ECDHE and DHE             107307    24.2976
RSA                       416216    94.2441

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               194241    43.9821  88.8174
DH,1536bits               1         0.0002   0.0005
DH,2047bits               1         0.0002   0.0005
DH,2048bits               22093     5.0025   10.1021
DH,2226bits               1         0.0002   0.0005
DH,2236bits               2         0.0005   0.0009
DH,3072bits               11        0.0025   0.005
DH,3248bits               2         0.0005   0.0009
DH,4096bits               1313      0.2973   0.6004
DH,512bits                32507     7.3606   14.8639
DH,768bits                866       0.1961   0.396
DH,8192bits               1         0.0002   0.0005
ECDH,B-163,163bits        12        0.0027   0.0048
ECDH,B-571,570bits        565       0.1279   0.2255
ECDH,P-224,224bits        15        0.0034   0.006
ECDH,P-256,256bits        244052    55.2609  97.417
ECDH,P-384,384bits        717       0.1624   0.2862
ECDH,P-521,521bits        6141      1.3905   2.4513
Prefer DH,1024bits        102473    23.203   46.8562
Prefer DH,2048bits        2729      0.6179   1.2478
Prefer DH,2236bits        1         0.0002   0.0005
Prefer DH,3072bits        1         0.0002   0.0005
Prefer DH,4096bits        87        0.0197   0.0398
Prefer DH,512bits         23        0.0052   0.0105
Prefer DH,768bits         459       0.1039   0.2099
Prefer ECDH,B-163,163bits 12        0.0027   0.0048
Prefer ECDH,B-571,570bits 394       0.0892   0.1573
Prefer ECDH,P-224,224bits 14        0.0032   0.0056
Prefer ECDH,P-256,256bits 196706    44.5403  78.5181
Prefer ECDH,P-384,384bits 660       0.1494   0.2634
Prefer ECDH,P-521,521bits 5660      1.2816   2.2593
Prefer PFS                309219    70.0167  0
Support PFS               361913    81.9483  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           19        0.0043   
brainpoolP384r1           19        0.0043   
brainpoolP512r1           19        0.0043   
prime192v1                573       0.1297   
prime256v1                245656    55.6241  
prime256v1 Only           213263    48.2893  
secp160k1                 554       0.1254   
secp160r1                 554       0.1254   
secp160r2                 554       0.1254   
secp192k1                 565       0.1279   
secp224k1                 576       0.1304   
secp224r1                 714       0.1617   
secp256k1                 579       0.1311   
secp384r1                 32501     7.3592   
secp384r1 Only            109       0.0247   
secp521r1                 7817      1.77     
secp521r1 Only            69        0.0156   
sect163k1                 559       0.1266   
sect163k1 Only            1         0.0002   
sect163r1                 557       0.1261   
sect163r2                 570       0.1291   
sect163r2 Only            12        0.0027   
sect193r1                 557       0.1261   
sect193r2                 557       0.1261   
sect233k1                 573       0.1297   
sect233r1                 573       0.1297   
sect239k1                 572       0.1295   
sect283k1                 573       0.1297   
sect283r1                 572       0.1295   
sect409k1                 570       0.1291   
sect409r1                 570       0.1291   
sect571k1                 574       0.13     
sect571r1                 574       0.13     

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          52248     11.8306  
True                           161110    36.4803  
order-specific                 10        0.0023   
unknown                        228268    51.6869  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    577       0.1307   
inconclusive-noecc        2         0.0005   
server                    245280    55.539   
unknown                   195777    44.3299  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     24443     5.5346   
ECDSA-SHA224                   24448     5.5358   
ECDSA-SHA256                   24449     5.536    
ECDSA-SHA384                   24451     5.5365   
ECDSA-SHA512                   24454     5.5371   
ECDSA-SHA512 Only              3         0.0007   
RSA-MD5                        106330    24.0764  
RSA-MD5 Only                   3         0.0007   
RSA-SHA1                       225736    51.1136  
RSA-SHA1 Only                  35561     8.0521   
RSA-SHA224                     186614    42.2552  
RSA-SHA256                     191459    43.3522  
RSA-SHA256 Only                926       0.2097   
RSA-SHA384                     186997    42.3419  
RSA-SHA512                     187037    42.3509  
RSA-SHA512 Only                37        0.0084   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         170553    38.6185  
indeterminate                  8         0.0018   
intolerant                     661       0.1497   
order-fallback                 5         0.0011   
server                         80372     18.1987  
unsupported                    40930     9.2678   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     24438     5.5335   
ECDSA intolerant               20        0.0045   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      104894    23.7512  
RSA SHA1                       105580    23.9066  
RSA intolerant                 15354     3.4766   
RSA pfs-ecdsa-SHA512           2         0.0005   
RSA soft-nopfs                 1464      0.3315   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     11218     2.5401   
insecure                  28271     6.4014   
secure                    402147    91.0585  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      19036     4.3103   
False                     11218     2.5401   
NONE                      411382    93.1496  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         1         0.0002   
1 only                    1         0.0002   
3                         2         0.0005   
3 only                    2         0.0005   
5                         1         0.0002   
5 only                    1         0.0002   
10                        3         0.0007   
10 only                   3         0.0007   
15                        7         0.0016   
15 only                   7         0.0016   
30                        9         0.002    
30 only                   9         0.002    
45                        1         0.0002   
45 only                   1         0.0002   
60                        71        0.0161   
60 only                   67        0.0152   
65                        1         0.0002   
65 only                   1         0.0002   
70                        1         0.0002   
75                        1         0.0002   
75 only                   1         0.0002   
100                       16        0.0036   
100 only                  16        0.0036   
120                       15        0.0034   
120 only                  15        0.0034   
128                       1         0.0002   
128 only                  1         0.0002   
180                       35        0.0079   
180 only                  35        0.0079   
240                       2         0.0005   
240 only                  2         0.0005   
300                       169526    38.3859  
300 only                  156066    35.3382  
360                       1         0.0002   
360 only                  1         0.0002   
400                       2         0.0005   
400 only                  2         0.0005   
420                       25        0.0057   
420 only                  17        0.0038   
480                       11        0.0025   
480 only                  10        0.0023   
600                       12859     2.9117   
600 only                  12605     2.8542   
660                       1         0.0002   
660 only                  1         0.0002   
900                       355       0.0804   
900 only                  337       0.0763   
960                       2         0.0005   
960 only                  2         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      253       0.0573   
1200 only                 249       0.0564   
1500                      11        0.0025   
1500 only                 10        0.0023   
1800                      258       0.0584   
1800 only                 254       0.0575   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      1         0.0002   
2400 only                 1         0.0002   
2700                      5         0.0011   
2700 only                 5         0.0011   
3000                      8         0.0018   
3000 only                 8         0.0018   
3600                      336       0.0761   
3600 only                 309       0.07     
5400                      2         0.0005   
6000                      4         0.0009   
6000 only                 4         0.0009   
7200                      11602     2.6271   
7200 only                 8915      2.0186   
10800                     16        0.0036   
10800 only                8         0.0018   
14400                     1087      0.2461   
14400 only                1086      0.2459   
18000                     1         0.0002   
18000 only                1         0.0002   
21600                     3246      0.735    
21600 only                3244      0.7345   
28800                     13        0.0029   
28800 only                12        0.0027   
36000                     420       0.0951   
36000 only                412       0.0933   
43200                     2089      0.473    
43200 only                2089      0.473    
64800                     40233     9.11     
64800 only                40222     9.1075   
72000                     5         0.0011   
72000 only                5         0.0011   
86000                     37        0.0084   
86000 only                37        0.0084   
86400                     176       0.0399   
86400 only                174       0.0394   
100800                    13809     3.1268   
100800 only               13809     3.1268   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    13        0.0029   
129600 only               13        0.0029   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    6         0.0014   
864000 only               6         0.0014   
None                      201554    45.638   
None only                 185054    41.9019  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      14532     3.2905   
ecdsa-with-SHA256         24424     5.5303   
sha1WithRSAEncryption     300669    68.0807  
sha256WithRSAEncryption   116628    26.4082  
sha512WithRSAEncryption   1         0.0002   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 24452     5.5367   
ECDSA 384                 5         0.0011   
ECDSA 521                 1         0.0002   
RSA 1024                  1689      0.3824   
RSA 2028                  1         0.0002   
RSA 2047                  2         0.0005   
RSA 2048                  400697    90.7301  
RSA 2049                  1         0.0002   
RSA 2056                  6         0.0014   
RSA 2058                  2         0.0005   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0005   
RSA 2084                  10        0.0023   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  3         0.0007   
RSA 2432                  8         0.0018   
RSA 2536                  1         0.0002   
RSA 2612                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  54        0.0122   
RSA 3248                  3         0.0007   
RSA 3600                  1         0.0002   
RSA 4046                  1         0.0002   
RSA 4048                  2         0.0005   
RSA 4056                  33        0.0075   
RSA 4086                  3         0.0007   
RSA 4092                  2         0.0005   
RSA 4096                  14699     3.3283   
RSA 4098                  2         0.0005   
RSA 8192                  4         0.0009   
RSA/ECDSA Dual Stack      40        0.0091

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 73634     16.673   
Unsupported               368002    83.327   

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      38835     8.7934
SSL2 Only                 100       0.0226
SSL3                      204062    46.2059
SSL3 Only                 2195      0.497
SSL3 or TLS1 Only         108575    24.5847
TLS1                      438481    99.2856
TLS1 Only                 46428     10.5127
TLS1.1                    281522    63.7453
TLS1.1 Only               25        0.0057
TLS1.1 or up Only         443       0.1003
TLS1.2                    292517    66.2349
TLS1.2 Only               337       0.0763
TLS1.2, 1.0 but not 1.1   13585     3.0761

Scan performed between 11th and 19th of November 2014.

Detail trust chain results

Statistics from 477473 chains provided by 632817 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  413143    65.2863
incomplete                27529     4.3502
untrusted                 192145    30.3634

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2158      0.452
3                         444774    93.1517
4                         30513     6.3905
5                         28        0.0059

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 24427     
ECDSA 384                 24427     
RSA 1024                  1337      
RSA 2045                  1         
RSA 2048                  893943    
RSA 4096                  39222     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 24427     5.1159
ECDSA 384                 24427     5.1159
RSA 1024                  1333      0.2792
RSA 2045                  1         0.0002
RSA 2048                  451667    94.5953
RSA 4096                  38725     8.1104

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              24427     
sha1WithRSAEncryption          336966    
sha256WithRSAEncryption        90026     
sha384WithRSAEncryption        54445     
sha512WithRSAEncryption        20        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        337471    70.6786
112                       115573    24.2051
128                       24429     5.1163

Most popular root CAs                         Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 112050    23.4673
(157753a5) AddTrust External CA Root          76553     16.0329
(5ad8a5d6) GlobalSign Root CA                 48090     10.0718
(cbf06781) Go Daddy Root Certificate Authorit 37124     7.7751
(b204d74a) VeriSign Class 3 Public Primary Ce 30047     6.2929
(2e4eed3c) thawte Primary Root CA             28036     5.8717
(eed8c118) COMODO ECC Certification Authority 24425     5.1155
(244b5494) DigiCert High Assurance EV Root CA 23682     4.9599
(f081611a) The Go Daddy Group, Inc.           17028     3.5663
(b13cc6df) UTN-USERFirst-Hardware             12816     2.6841
(653b494a) Baltimore CyberTrust Root          11357     2.3786
(40547a79) COMODO Certification Authority     9670      2.0252
(ae8153b9) StartCom Certification Authority   9305      1.9488
(f387163d) Starfield Technologies, Inc.       7652      1.6026

October 2014 results – big changes

While last month’s results were not very interesting, this month is anything but.

But before we go into results, there were few small changes to how the statistics are reported. First difference is that the “x:FF 29 RC4 Preferred” now includes sites that prefer RC4 ciphers independent of other ciphers. Second is the addition of new item “Insecure”, which is the sum total of sites that use any cipher with a “z:” state, it does not include sites that also include IDEA or SEED ciphers. Ciphersuites that use those two ciphers are now prefixed with “y:”, as they are iffy in the sense that they haven’t been widely analysed, but otherwise don’t have known weaknesses.

Since the last scan two big things happened. POODLE attack that has shown SSLv3 to be completely insecure in CBC mode and Cloudflare deploying their Universal SSL.The former should cause far less sites to have SSLv3 enabled while the former should show more sites using ECDSA certificates and more TLS enabled sites in general.

Cipher suite results

This time ’round, the number of TLS enabled servers has increased by over 33 thousand (7.6%) a much bigger amount than previous months.

Usage of AES-GCM has increased by 5.5% to 48.3%. Surprisingly the percentage of CAMELLIA enabled servers has fallen, but it’s caused by the overall increase of number of TLS enabled servers, not by fewer servers supporting this cipher.

As far as bad choices go, sites that use completely broken ciphers (AECDH, single DES, export grade, etc.) has fallen by 2.6% to 20.3%.

RC4 is still a problem, percent of servers that support it has fallen by just 2%. Percentage of servers that don’t support anything else has decreased by just 0.13% to 0.82%. It’s a biggest drop in months, but it still makes it impossible for browser vendors to drop it completely.  Similar fate share servers that prefer RC4 where their numbers fallen by just 2.28% to 15.5% of total. The good news is that it’s a reversal of a few months negative trend.

Misconfiguration that causes AECDH ciphers to be enabled is still common, just 0.6% fewer servers support it compared to last month, bringing their numbers to around 3.2%.

Cipher ordering has shown a big shift this time, just over 60% server now use their order instead of client side order, a change of over 5%!

There is also a rather big up-tick in fraction of servers that don’t enable the RSA key exchange, from less than a 1% to nearly 4% now.

More servers also started preferring Forward Secrecy: an increase of 3.8% to 68.6%. Also more servers support PFS now: 2.2% more for a total of 82%.

Server certificates

Another significant change are the certificates used by servers, while previously just 4 servers did use certificates signed by a ECDSA CA, now there are nearly 21 thousands of them, giving a total of 4.8% of servers using them. The servers that use RSA CAs have also seen a big change, nearly 4% more servers now have their certificates signed with SHA256, to a total of 20.5%.

The vast majority of those new ECDSA certificates use P-256 curve, a total of 6.6%, creating an increase of 4.5%.

Protocols

Obviously SSLv3 support has taken a blow, its use has fallen by over 26%, bringing its support to 69.5% (far too small change given the severity of POODLE). It looks like many administrators also have taken the time to actually update the cryptographic libraries they use, as TLS1.2 support has increased by 4.5% to a total of 64%.

Trust chains

With the introduction of ECDSA CAs, we can finally see a significant percentage of servers reach 128 bit level of security. We can also see that all of intermediate ECDSA CAs have been signed with SHA384. No big changes besides that.

Detailed cipher suite statistics

SSL/TLS survey of 435987 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      377229    86.523
3DES Only                 168       0.0385
AES                       409388    93.8991
AES Only                  2002      0.4592
AES-CBC Only              877       0.2012
AES-GCM                   210554    48.2936
AES-GCM Only              17        0.0039
CAMELLIA                  171200    39.2672
CHACHA20                  14611     3.3512
Insecure                  88343     20.2628
RC4                       375776    86.1897
RC4 Only                  3595      0.8246
RC4 Preferred             67695     15.5268
RC4 forced in TLS1.1+     47943     10.9964
x:FF 29 RC4 Only          5814      1.3335
x:FF 29 RC4 Preferred     79458     18.2249
x:FF 29 incompatible      164       0.0376
y:DHE-RSA-SEED-SHA        80620     18.4914
y:IDEA-CBC-MD5            3756      0.8615
y:IDEA-CBC-SHA            67532     15.4895
y:SEED-SHA                86784     19.9052
z:ADH-AES128-GCM-SHA256   338       0.0775
z:ADH-AES128-SHA          1197      0.2745
z:ADH-AES128-SHA256       317       0.0727
z:ADH-AES256-GCM-SHA384   338       0.0775
z:ADH-AES256-SHA          1202      0.2757
z:ADH-AES256-SHA256       317       0.0727
z:ADH-CAMELLIA128-SHA     559       0.1282
z:ADH-CAMELLIA256-SHA     567       0.13
z:ADH-DES-CBC-SHA         530       0.1216
z:ADH-DES-CBC3-SHA        1250      0.2867
z:ADH-RC4-MD5             1059      0.2429
z:ADH-SEED-SHA            393       0.0901
z:AECDH-AES128-SHA        14245     3.2673
z:AECDH-AES256-SHA        14255     3.2696
z:AECDH-DES-CBC3-SHA      14216     3.2606
z:AECDH-NULL-SHA          30        0.0069
z:AECDH-RC4-SHA           13277     3.0453
z:DES-CBC-MD5             24072     5.5213
z:DES-CBC-SHA             66848     15.3326
z:ECDHE-RSA-NULL-SHA      36        0.0083
z:EDH-RSA-DES-CBC-SHA     58599     13.4405
z:EXP-ADH-DES-CBC-SHA     435       0.0998
z:EXP-ADH-RC4-MD5         438       0.1005
z:EXP-DES-CBC-SHA         52036     11.9352
z:EXP-EDH-RSA-DES-CBC-SHA 40390     9.264
z:EXP-RC2-CBC-MD5         56308     12.9151
z:NULL-MD5                359       0.0823
z:NULL-SHA                361       0.0828
z:NULL-SHA256             19        0.0044
z:RC2-CBC-MD5             28014     6.4254

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               170342    39.0704
Server side               265645    60.9296

FF 29 selected ciphers        Count    Percent
-----------------------------+---------+------
AES128-SHA                     41722     9.5696
AES256-SHA                     25362     5.8171
CAMELLIA128-SHA                132       0.0303
CAMELLIA256-SHA                45        0.0103
DES-CBC3-SHA                   1046      0.2399
DHE-RSA-AES128-SHA             98725     22.644
DHE-RSA-AES256-SHA             14490     3.3235
DHE-RSA-CAMELLIA128-SHA        34        0.0078
DHE-RSA-CAMELLIA256-SHA        540       0.1239
ECDHE-ECDSA-AES128-GCM-SHA256  28993     6.65
ECDHE-ECDSA-AES128-SHA         33        0.0076
ECDHE-ECDSA-AES256-SHA         1         0.0002
ECDHE-RSA-AES128-GCM-SHA256    115469    26.4845
ECDHE-RSA-AES128-SHA           3024      0.6936
ECDHE-RSA-AES256-SHA           26483     6.0743
ECDHE-RSA-DES-CBC3-SHA         41        0.0094
ECDHE-RSA-RC4-SHA              22083     5.0651
EDH-RSA-DES-CBC3-SHA           234       0.0537
RC4-MD5                        14117     3.2379
RC4-SHA                        43249     9.9198
x:DHE                          114023    26.1528
x:ECDHE                        196127    44.9846
x:kRSA                         125673    28.8249

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1316      0.3018
AECDH                     14284     3.2762
DHE                       211473    48.5044
ECDHE                     234954    53.8901
ECDHE and DHE             88609     20.3238
RSA                       418706    96.0363

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               191816    43.9958  90.7047
DH,1536bits               1         0.0002   0.0005
DH,2048bits               17701     4.06     8.3703
DH,2226bits               1         0.0002   0.0005
DH,2236bits               2         0.0005   0.0009
DH,2430bits               1         0.0002   0.0005
DH,3072bits               9         0.0021   0.0043
DH,3247bits               1         0.0002   0.0005
DH,3248bits               2         0.0005   0.0009
DH,4096bits               1006      0.2307   0.4757
DH,512bits                40546     9.2998   19.1731
DH,768bits                779       0.1787   0.3684
DH,8192bits               1         0.0002   0.0005
ECDH,B-163,163bits        15        0.0034   0.0064
ECDH,B-571,570bits        456       0.1046   0.1941
ECDH,P-224,224bits        6         0.0014   0.0026
ECDH,P-256,256bits        233089    53.4624  99.2062
ECDH,P-384,384bits        675       0.1548   0.2873
ECDH,P-521,521bits        1259      0.2888   0.5358
Prefer DH,1024bits        111225    25.5111  52.5954
Prefer DH,1536bits        1         0.0002   0.0005
Prefer DH,2048bits        1875      0.4301   0.8866
Prefer DH,2236bits        1         0.0002   0.0005
Prefer DH,3072bits        1         0.0002   0.0005
Prefer DH,4096bits        61        0.014    0.0288
Prefer DH,512bits         6         0.0014   0.0028
Prefer DH,768bits         443       0.1016   0.2095
Prefer ECDH,B-163,163bits 15        0.0034   0.0064
Prefer ECDH,B-571,570bits 357       0.0819   0.1519
Prefer ECDH,P-224,224bits 4         0.0009   0.0017
Prefer ECDH,P-256,256bits 183233    42.0272  77.9868
Prefer ECDH,P-384,384bits 616       0.1413   0.2622
Prefer ECDH,P-521,521bits 1191      0.2732   0.5069
Prefer PFS                299029    68.5867  0
Support PFS               357818    82.0708  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
3                         2         0.0005   
3 only                    2         0.0005   
5                         1         0.0002   
5 only                    1         0.0002   
10                        1         0.0002   
10 only                   1         0.0002   
30                        10        0.0023   
30 only                   3         0.0007   
60                        57        0.0131   
60 only                   50        0.0115   
64                        1         0.0002   
100                       17        0.0039   
100 only                  17        0.0039   
120                       14        0.0032   
120 only                  14        0.0032   
128                       2         0.0005   
128 only                  2         0.0005   
180                       27        0.0062   
180 only                  27        0.0062   
240                       3         0.0007   
240 only                  3         0.0007   
300                       168875    38.734   
300 only                  151039    34.643   
360                       1         0.0002   
360 only                  1         0.0002   
400                       1         0.0002   
400 only                  1         0.0002   
420                       22        0.005    
420 only                  13        0.003    
480                       10        0.0023   
480 only                  10        0.0023   
600                       9358      2.1464   
600 only                  9103      2.0879   
900                       289       0.0663   
900 only                  266       0.061    
960                       2         0.0005   
960 only                  2         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      64        0.0147   
1200 only                 61        0.014    
1500                      9         0.0021   
1500 only                 8         0.0018   
1800                      211       0.0484   
1800 only                 204       0.0468   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      1         0.0002   
2400 only                 1         0.0002   
2700                      5         0.0011   
2700 only                 5         0.0011   
3000                      11        0.0025   
3000 only                 11        0.0025   
3600                      296       0.0679   
3600 only                 281       0.0645   
5400                      2         0.0005   
7200                      11402     2.6152   
7200 only                 8697      1.9948   
10800                     15        0.0034   
10800 only                8         0.0018   
14400                     929       0.2131   
14400 only                927       0.2126   
21600                     723       0.1658   
21600 only                722       0.1656   
28800                     8         0.0018   
28800 only                8         0.0018   
36000                     409       0.0938   
36000 only                408       0.0936   
43200                     5170      1.1858   
43200 only                5170      1.1858   
64800                     37708     8.6489   
64800 only                33313     7.6408   
72000                     8         0.0018   
72000 only                8         0.0018   
86000                     27        0.0062   
86000 only                23        0.0053   
86400                     168       0.0385   
86400 only                167       0.0383   
100800                    14357     3.293    
100800 only               17        0.0039   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    11        0.0025   
129600 only               11        0.0025   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    4         0.0009   
864000 only               4         0.0009   
None                      225373    51.6926  
None only                 185753    42.6052  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15401     3.5324   
ecdsa-with-SHA256         20950     4.8052   
sha1WithRSAEncryption     330148    75.7243  
sha256WithRSAEncryption   89341     20.4917  
sha512WithRSAEncryption   1         0.0002   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 29029     6.6582   
ECDSA 384                 2         0.0005   
ECDSA 521                 1         0.0002   
RSA 1024                  1672      0.3835   
RSA 2028                  1         0.0002   
RSA 2047                  2         0.0005   
RSA 2048                  403610    92.5739  
RSA 2049                  1         0.0002   
RSA 2056                  5         0.0011   
RSA 2058                  2         0.0005   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0005
RSA 2084                  8         0.0018
RSA 2345                  1         0.0002
RSA 2408                  2         0.0005
RSA 2432                  11        0.0025
RSA 2536                  1         0.0002
RSA 3050                  1         0.0002
RSA 3072                  61        0.014
RSA 3096                  1         0.0002
RSA 3248                  3         0.0007
RSA 3600                  1         0.0002
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4056                  4         0.0009
RSA 4069                  1         0.0002
RSA 4086                  2         0.0005
RSA 4092                  4         0.0009
RSA 4096                  14038     3.2198
RSA 4098                  2         0.0005
RSA 4192                  1         0.0002
RSA 8192                  5         0.0011
RSA/ECDSA Dual Stack      12472     2.8606

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 60520     13.8811
Unsupported               375467    86.1189

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      44800     10.2755
SSL2 Only                 5536      1.2698
SSL3                      302890    69.4723
SSL3 Only                 2971      0.6814
SSL3 or TLS1 Only         109447    25.1033
TLS1                      426128    97.7387
TLS1 Only                 22838     5.2382
TLS1.1                    270662    62.0803
TLS1.1 Only               25        0.0057
TLS1.1 or up Only         610       0.1399
TLS1.2                    279090    64.0134
TLS1.2 Only               441       0.1011
TLS1.2, 1.0 but not 1.1   12266     2.8134

Detailed trust chain statistics

Statistics from 484280 chains provided by 627529 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  403421    64.2872
incomplete                30809     4.9096
untrusted                 193299    30.8032

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2084      0.4303
3                         460867    95.1654
4                         21301     4.3985
5                         28        0.0058

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 20950     
ECDSA 384                 20950     
RSA 1024                  1362      
RSA 2045                  1         
RSA 2048                  915053    
RSA 4096                  29517     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 20950     4.326
ECDSA 384                 20950     4.326
RSA 1024                  1357      0.2802
RSA 2045                  1         0.0002
RSA 2048                  461970    95.3932
RSA 4096                  29113     6.0116

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              20950     
sha1WithRSAEncryption          377133    
sha256WithRSAEncryption        68752     
sha384WithRSAEncryption        36708     
sha512WithRSAEncryption        10        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        377698    77.9917
112                       85631     17.6821
128                       20951     4.3262

Common Root CAs                               Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 118634    24.497
(157753a5) AddTrust External CA Root          75645     15.6201
(5ad8a5d6) GlobalSign Root CA                 56056     11.5751
(cbf06781) Go Daddy Root Certificate Authorit 34301     7.0829
(2e4eed3c) thawte Primary Root CA             27922     5.7657
(b204d74a) VeriSign Class 3 Public Primary Ce 27262     5.6294
(244b5494) DigiCert High Assurance EV Root CA 23640     4.8815
(eed8c118) COMODO ECC Certification Authority 20947     4.3254
(f081611a) The Go Daddy Group, Inc.           21077     4.3522
(b13cc6df) UTN-USERFirst-Hardware             13019     2.6883
(653b494a) Baltimore CyberTrust Root          11115     2.2952
(40547a79) COMODO Certification Authority     10071     2.0796
(ae8153b9) StartCom Certification Authority   8762      1.8093
(f387163d) Starfield Technologies, Inc.       8273      1.7083

The scan was performed between 13th and 24th of October 2014.

August 2014 scan results

This month the changes are not significant.

The most important change is related to signatures in certificates, 2% more servers use SHA-256.

The amount of servers that require RC4 haven’t dropped as significantly as in previous months, it’s still just below 1% in general and effectively at above 1.5% for Firefox.

About 2% more servers use server side cipher ordering. Unfortunately, amount of servers that use anonymous ECDH key exchange is still growing, this month by 0.3%. Significant amount of servers still use the less than optimal 1024 bit DH – now at 29%.

While used hash algorithms for certificates have changed, the key sizes did not, the most popular key size, at 96% is 2048 bit RSA.

Supported protocol versions have seen small changes – SSLv2 support has fallen by around 2%, SSLv3 and TLSv1 haven’t changed by much, but started to drop, TLSv1.2 has grown by 1%.

SSL/TLS survey of 397695 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      345059    86.7647
3DES Only                 209       0.0526
AES                       369030    92.7922
AES Only                  1951      0.4906
AES-CBC Only              1030      0.259
AES-GCM                   162425    40.8416
AES-GCM Only              41        0.0103
CAMELLIA                  164197    41.2872
CAMELLIA Only             4         0.001
CHACHA20                  14719     3.7011
CHACHA20 Only             6         0.0015
RC4                       350479    88.1276
RC4 Only                  3807      0.9573
RC4 Preferred             74692     18.7812
RC4 forced in TLS1.1+     51533     12.9579
x:FF 29 RC4 Only          6327      1.5909
x:FF 29 RC4 Preferred     16784     4.2203
x:FF 29 incompatible      301       0.0757
z:ADH-AES128-GCM-SHA256   348       0.0875
z:ADH-AES128-SHA          1444      0.3631
z:ADH-AES128-SHA256       324       0.0815
z:ADH-AES256-GCM-SHA384   335       0.0842
z:ADH-AES256-SHA          1447      0.3638
z:ADH-AES256-SHA256       328       0.0825
z:ADH-CAMELLIA128-SHA     692       0.174
z:ADH-CAMELLIA256-SHA     699       0.1758
z:ADH-DES-CBC-SHA         699       0.1758
z:ADH-DES-CBC3-SHA        1490      0.3747
z:ADH-RC4-MD5             1297      0.3261
z:ADH-SEED-SHA            514       0.1292
z:AECDH-AES128-SHA        14496     3.645
z:AECDH-AES256-SHA        14533     3.6543
z:AECDH-DES-CBC3-SHA      14471     3.6387
z:AECDH-NULL-SHA          22        0.0055
z:AECDH-RC4-SHA           13603     3.4205
z:DES-CBC-MD5             26778     6.7333
z:DES-CBC-SHA             69202     17.4008
z:DHE-RSA-SEED-SHA        70054     17.615
z:ECDHE-RSA-NULL-SHA      25        0.0063
z:EDH-RSA-DES-CBC-SHA     60963     15.3291
z:EXP-ADH-DES-CBC-SHA     489       0.123
z:EXP-ADH-RC4-MD5         493       0.124
z:EXP-DES-CBC-SHA         54942     13.8151
z:EXP-EDH-RSA-DES-CBC-SHA 43030     10.8198
z:EXP-RC2-CBC-MD5         59737     15.0208
z:IDEA-CBC-MD5            4021      1.0111
z:IDEA-CBC-SHA            64231     16.1508
z:NULL-MD5                353       0.0888
z:NULL-SHA                351       0.0883
z:NULL-SHA256             7         0.0018
z:RC2-CBC-MD5             30955     7.7836
z:SEED-SHA                83118     20.8999

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               177721    44.6878
Server side               219974    55.3122

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1555      0.391
AECDH                     14564     3.6621
DHE                       202555    50.9322
ECDHE                     184261    46.3322
ECDHE and DHE             73679     18.5265
RSA                       396177    99.6183

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               186744    46.9566  92.1942
DH,2048bits               14169     3.5628   6.9951
DH,2226bits               2         0.0005   0.001
DH,3072bits               4         0.001    0.002
DH,3242bits               1         0.0003   0.0005
DH,3248bits               2         0.0005   0.001
DH,4096bits               703       0.1768   0.3471
DH,512bits                43198     10.8621  21.3266
DH,768bits                759       0.1908   0.3747
DH,8192bits               2         0.0005   0.001
ECDH,B-163,163bits        13        0.0033   0.0071
ECDH,B-571,570bits        398       0.1001   0.216
ECDH,P-224,224bits        4         0.001    0.0022
ECDH,P-256,256bits        182896    45.989   99.2592
ECDH,P-384,384bits        232       0.0583   0.1259
ECDH,P-521,521bits        821       0.2064   0.4456
Prefer DH,1024bits        115759    29.1075  57.1494
Prefer DH,2048bits        1154      0.2902   0.5697
Prefer DH,4096bits        50        0.0126   0.0247
Prefer DH,512bits         2         0.0005   0.001
Prefer DH,768bits         87        0.0219   0.043
Prefer ECDH,B-163,163bits 13        0.0033   0.0071
Prefer ECDH,B-571,570bits 318       0.08     0.1726
Prefer ECDH,P-224,224bits 1         0.0003   0.0005
Prefer ECDH,P-256,256bits 134334    33.7781  72.9042
Prefer ECDH,P-384,384bits 157       0.0395   0.0852
Prefer ECDH,P-521,521bits 749       0.1883   0.4065
Prefer PFS                252624    63.522   0
Support PFS               313137    78.738   0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
5                         1         0.0003   
5 only                    1         0.0003   
10                        3         0.0008   
10 only                   1         0.0003   
30                        2         0.0005   
30 only                   2         0.0005   
42                        1         0.0003   
60                        46        0.0116   
60 only                   41        0.0103   
100                       4         0.001    
100 only                  4         0.001    
120                       10        0.0025   
120 only                  10        0.0025   
128                       4         0.001    
128 only                  4         0.001    
180                       29        0.0073   
180 only                  29        0.0073   
240                       4         0.001    
240 only                  4         0.001    
300                       155200    39.0249  
300 only                  135627    34.1033  
420                       19        0.0048   
420 only                  10        0.0025   
480                       6         0.0015   
480 only                  6         0.0015   
600                       6888      1.732    
600 only                  6597      1.6588   
900                       216       0.0543   
900 only                  190       0.0478   
960                       2         0.0005   
960 only                  2         0.0005   
1200                      60        0.0151   
1200 only                 57        0.0143   
1500                      9         0.0023   
1500 only                 8         0.002    
1800                      123       0.0309   
1800 only                 120       0.0302   
2100                      1         0.0003   
2100 only                 1         0.0003   
2400                      1         0.0003   
2400 only                 1         0.0003   
2700                      2         0.0005   
2700 only                 2         0.0005   
3000                      5         0.0013   
3000 only                 4         0.001    
3600                      234       0.0588   
3600 only                 227       0.0571   
5400                      2         0.0005   
6000                      1         0.0003   
6000 only                 1         0.0003   
7200                      10748     2.7026   
7200 only                 8222      2.0674   
10800                     11        0.0028   
10800 only                6         0.0015   
14400                     722       0.1815   
14400 only                716       0.18     
18000                     1         0.0003   
21600                     26        0.0065   
21600 only                26        0.0065   
28800                     3         0.0008   
28800 only                3         0.0008   
30720                     1         0.0003   
30720 only                1         0.0003   
36000                     402       0.1011   
36000 only                399       0.1003   
43200                     6311      1.5869   
43200 only                6224      1.565    
64800                     9640      2.424    
64800 only                9602      2.4144   
86000                     32        0.008    
86000 only                29        0.0073   
86400                     92        0.0231   
86400 only                85        0.0214   
100800                    14758     3.7109   
100800 only               57        0.0143   
115200                    1         0.0003   
115200 only               1         0.0003   
129600                    7         0.0018   
129600 only               6         0.0015   
604800                    1         0.0003   
604800 only               1         0.0003   
864000                    6         0.0015   
864000 only               6         0.0015   
None                      229357    57.6716  
None only                 192066    48.2948  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15912     4.0011   
ecdsa-with-SHA256         3         0.0008   
sha1WithRSAEncryption     338957    85.2304  
sha256WithRSAEncryption   58772     14.7782  

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 8235      2.0707   
ECDSA 384                 1         0.0003   
RSA 1024                  1880      0.4727   
RSA 2028                  1         0.0003   
RSA 2047                  2         0.0005   
RSA 2048                  381923    96.0341  
RSA 2056                  5         0.0013   
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003
RSA 2080                  2         0.0005
RSA 2084                  5         0.0013
RSA 2408                  3         0.0008
RSA 2432                  28        0.007
RSA 2536                  1         0.0003
RSA 2612                  1         0.0003
RSA 3050                  1         0.0003
RSA 3072                  37        0.0093
RSA 3096                  1         0.0003
RSA 3248                  4         0.001
RSA 3600                  1         0.0003
RSA 4042                  1         0.0003
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4086                  1         0.0003
RSA 4092                  2         0.0005
RSA 4096                  13721     3.4501
RSA 4098                  3         0.0008
RSA 4192                  1         0.0003
RSA 8192                  6         0.0015
RSA 16384                 1         0.0003   
RSA/ECDSA Dual Stack      8153      2.0501

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 41610     10.4628
Unsupported               356085    89.5372

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      48288     12.142
SSL2 Only                 6029      1.516
SSL3                      379667    95.4669
SSL3 Only                 4125      1.0372
SSL3 or TLS1 Only         117512    29.5483
TLS1                      385363    96.8991
TLS1 Only                 3015      0.7581
TLS1.1                    218025    54.8222
TLS1.1 Only               37        0.0093
TLS1.1 or up Only         709       0.1783
TLS1.2                    229097    57.6062
TLS1.2 Only               374       0.094
TLS1.2, 1.0 but not 1.1   15264     3.8381

Scan performed between 8th and 19th of August 2014.

CA certificates

No big changes here either, about 2% of servers more now have effective security level of 112 bit.
We’ve yet to see the effects of the recent changes in Mozilla trust store.

Statistics from 443385 chains provided by 585568 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  365544    62.4255
incomplete                29700     5.072
untrusted                 190324    32.5025

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2394      0.5399
3                         431592    97.3402
4                         9378      2.1151
5                         21        0.0047

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 3         
ECDSA 384                 3         
RSA 1024                  1733      
RSA 2045                  1         
RSA 2048                  874329    
RSA 4096                  17727     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 3         0.0007
ECDSA 384                 3         0.0007
RSA 1024                  1723      0.3886
RSA 2045                  1         0.0002
RSA 2048                  441708    99.6218
RSA 4096                  17345     3.912

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              3         
sha1WithRSAEncryption          387560    
sha256WithRSAEncryption        50026     
sha384WithRSAEncryption        12822     

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        388390    87.5966
112                       54992     12.4028
128                       3         0.0007

Root CAs                                      Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 115908    26.1416
(157753a5) AddTrust External CA Root          69723     15.7252
(5ad8a5d6) GlobalSign Root CA                 44630     10.0657
(2e4eed3c) thawte Primary Root CA             29574     6.67
(cbf06781) Go Daddy Root Certificate Authorit 28151     6.3491
(f081611a) The Go Daddy Group, Inc.           26956     6.0796
(b204d74a) VeriSign Class 3 Public Primary Ce 26596     5.9984
(244b5494) DigiCert High Assurance EV Root CA 22613     5.1001
(b13cc6df) UTN-USERFirst-Hardware             12983     2.9282
(40547a79) COMODO Certification Authority     11362     2.5626
(653b494a) Baltimore CyberTrust Root          10593     2.3891
(ae8153b9) StartCom Certification Authority   9134      2.0601
(f387163d) Starfield Technologies, Inc.       7934      1.7894

RC4 in clients

While I’m checking which and how many servers use RC4 cipher suites I haven’t said anything about clients in general. The reason is two fold, firstly because basically all current clients should be supporting at least 3DES and usually AES ciphers and secondly because I don’t have access to any meaningfully large data set (or a site popular enough to make the statistics meaningful) to say anything about clients in general.

Interestingly, people at CloudFlare not only have analyzed their data but also provided quite a few nice graphs to go along it.

The gist of the article is that about 0.000002% (1 in 50 million) of requests ends up using RC4 ciphers. Of that about 50% are MitM proxies used by schools or institutions and 30% are old candy bar phones (from 2006 and 2007).

Head over to The Web is World-Wide, or who still needs RC4? for more info.

Microsoft new encryption efforts

Matt Thomlinson has posted an article “Advancing our encryption and transparency efforts” where he basically says that now the mail going though Outlook.com will be encrypted. Additionally that security enhancements to many other services, like Azure, Office 365, etc. are already deployed

Let’s take a closer look at those claims.

Outlook.com web interface

Quick scan of outlook.com using ssllabs.com scanner quickly shows that the servers are actually badly configured and support insecure, client-initiated renegotiation. In effect, they are vulnerable to the MITM attacks (CVE-2009-3555). Grade F.

They also don’t support TLS1.2 or perfect forward secrecy suites.

At least RC4 is not negotiated by default…

Very bad configuration.

Outlook.com SMTP

According to google data, the mails in transit are indeed encrypted both inbound and outbound.

And indeed, the configuration for the SMTP servers supports PFS, has good ordering of cipher suites and the certificates are trusted and have correct Subject Alternative Names:

./cipherscan -starttls smtp -servername mx1.hotmail.com mx1.hotmail.com:25
............                                
prio  ciphersuite              protocols                    pfs_keysize
1     ECDHE-RSA-AES256-SHA384  TLSv1.2                      ECDH,P-384,384bits
2     ECDHE-RSA-AES128-SHA256  TLSv1.2                      ECDH,P-256,256bits
3     ECDHE-RSA-AES256-SHA     TLSv1,TLSv1.1,TLSv1.2        ECDH,P-384,384bits
4     ECDHE-RSA-AES128-SHA     TLSv1,TLSv1.1,TLSv1.2        ECDH,P-256,256bits
5     AES256-SHA256            TLSv1.2 
6     AES128-SHA256            TLSv1.2
7     AES256-SHA               TLSv1,TLSv1.1,TLSv1.2
8     AES128-SHA               TLSv1,TLSv1.1,TLSv1.2
9     DES-CBC3-SHA             SSLv3,TLSv1,TLSv1.1,TLSv1.2
10    RC4-SHA                  SSLv3,TLSv1,TLSv1.1,TLSv1.2
11    RC4-MD5                  SSLv3,TLSv1,TLSv1.1,TLSv1.2

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Server side cipher ordering

OK configuration.

OneDrive web interface

The onedrive.live.com has also a good configuration. Grade A+. The server uses HTTP Strict Transport Security, is not vulnerable to any known exploits, uses PFS with modern browsers (ECDHE only, sadly no DHE) and does not use RC4 unless its the only cipher supported by client (prioritised above 3DES and AES cipher suites).

The only two small faults are: no support for AES-GCM cipher suites and the certificates are signed with the weak SHA1. The latter being definitely the bigger issue.

All in all, an OK config.

Azure web interface

Let us take a look at Azure web site now. While the server does get grade A-, the problems it has are a bit more major.

Firstly, the server prioritises RC4 cipher above others. Secondly, while it is PFS capable, it doesn’t prioritise ECDHE cipher suites.

Again, the server doesn’t support AES-GCM and uses certificates signed with the weak SHA1.

Bad configuration if we apply the advice from Microsoft Security Advisory 2868725.

Bad configuration.

Summary

While some of their servers are indeed configured correctly, leaving servers wide open to known security exploits (CVE-2009-3555) doesn’t bode well for the general security practice inside the cloud computing division…