This month the scan has a bit more information.
I’ve added special probes to detect whether the server is intolerant to specific types of Client Hello messages.
While support for TLSv1.2 is still not universal (being just under 90%), tolerance to Client Hello messages advertising support for TLSv1.2 is essentially full, with just 67 servers being detected as intolerant to such messages.
Support for more uncommon messages is much worse though, clients sending their maximum supported version set to TLSv1.2 can expect 1.3% of servers rejecting their connections. Higher protocol versions like TLSv1.4 have a rate of rejection on around 2.45%, for very high protocol versions it rises to 3.295% for SSL 3.254 (that would be TLSv1.253).
Clients sending Client Hello with a lot of options or extensions can expect even more intolerance. Sending multiple key shares (from TLSv1.3 draft), most of defined extensions and couple hundred ciphersuites can expect their connections rejected by over 7% of servers. In general intolerance for very big Client Hello messages, like 16KiB and 24KiB large, is respectively at 23.7% and a whopping 89.5%!
If fixing this will follow similar deployment rates as TLSv1.2 or RC4 deprecation, it doesn’t look like we will be able to deploy most Post Quantum key exchanges any time soon…
Besides that, there were no major changes, just continuation of long established trends, so I won’t be doing full analysis for this month too.
SSL/TLS survey of 603391 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 532905 88.3184
3DES Only 550 0.0912
3DES Preferred 1719 0.2849
3DES forced in TLS1.1+ 992 0.1644
AES 599329 99.3268
AES Only 46610 7.7247
AES-CBC 598756 99.2318
AES-CBC Only 4850 0.8038
AES-GCM 509780 84.4858
AES-GCM Only 526 0.0872
CAMELLIA 267705 44.3668
CAMELLIA Only 1 0.0002
CHACHA20 83982 13.9183
CHACHA20 Only 3 0.0005
Insecure 53186 8.8145
RC4 153525 25.4437
RC4 Only 140 0.0232
RC4 Preferred 12783 2.1185
RC4 forced in TLS1.1+ 6911 1.1454
x:FF 29 3DES Only 597 0.0989
x:FF 29 3DES Preferred 2030 0.3364
x:FF 29 RC4 Only 193 0.032
x:FF 29 RC4 Preferred 14404 2.3872
x:FF 29 incompatible 530 0.0878
x:FF 35 3DES Only 605 0.1003
x:FF 35 3DES Preferred 1956 0.3242
x:FF 35 RC4 Only 218 0.0361
x:FF 35 RC4 Preferred 14418 2.3895
x:FF 35 incompatible 532 0.0882
x:FF 44 3DES Only 3874 0.642
x:FF 44 3DES Preferred 7464 1.237
x:FF 44 incompatible 750 0.1243
y:DHE-RSA-SEED-SHA 79084 13.1066
y:IDEA-CBC-SHA 75906 12.5799
y:SEED-SHA 90103 14.9328
z:ADH-AES128-GCM-SHA256 428 0.0709
z:ADH-AES128-SHA 715 0.1185
z:ADH-AES128-SHA256 281 0.0466
z:ADH-AES256-GCM-SHA384 442 0.0733
z:ADH-AES256-SHA 759 0.1258
z:ADH-AES256-SHA256 284 0.0471
z:ADH-CAMELLIA128-SHA 368 0.061
z:ADH-CAMELLIA128-SHA256 1 0.0002
z:ADH-CAMELLIA256-SHA 393 0.0651
z:ADH-CAMELLIA256-SHA256 1 0.0002
z:ADH-DES-CBC-SHA 279 0.0462
z:ADH-DES-CBC3-SHA 720 0.1193
z:ADH-RC4-MD5 517 0.0857
z:ADH-SEED-SHA 298 0.0494
z:AECDH-AES128-SHA 9498 1.5741
z:AECDH-AES256-SHA 9566 1.5854
z:AECDH-DES-CBC3-SHA 9463 1.5683
z:AECDH-NULL-SHA 60 0.0099
z:AECDH-RC4-SHA 8940 1.4816
z:DES-CBC-MD5 6015 0.9969
z:DES-CBC-SHA 33753 5.5939
z:DES-CBC3-MD5 15538 2.5751
z:ECDHE-RSA-NULL-SHA 67 0.0111
z:EDH-RSA-DES-CBC-SHA 28904 4.7903
z:EXP-ADH-DES-CBC-SHA 180 0.0298
z:EXP-ADH-RC4-MD5 178 0.0295
z:EXP-DES-CBC-SHA 9916 1.6434
z:EXP-EDH-RSA-DES-CBC-SHA 7950 1.3176
z:EXP-RC2-CBC-MD5 11811 1.9574
z:EXP-RC4-MD5 12355 2.0476
z:EXP1024-DES-CBC-SHA 3045 0.5046
z:EXP1024-RC4-SHA 3108 0.5151
z:IDEA-CBC-MD5 1225 0.203
z:NULL-MD5 196 0.0325
z:NULL-SHA 201 0.0333
z:NULL-SHA256 39 0.0065
z:RC2-CBC-MD5 6171 1.0227
z:RC4-64-MD5 692 0.1147
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 149228 24.7316
Server side 454163 75.2684
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 918 0.1521
AECDH 9574 1.5867
DHE 327644 54.3004
ECDH 2 0.0003
ECDHE 532966 88.3285
ECDHE and DHE 285103 47.2501
RSA 517470 85.7603
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 115821 19.195 35.3496
DH,2048bits 196265 32.527 59.9019
DH,2049bits 1 0.0002 0.0003
DH,2236bits 77 0.0128 0.0235
DH,2432bits 3 0.0005 0.0009
DH,3072bits 141 0.0234 0.043
DH,3092bits 2 0.0003 0.0006
DH,3196bits 1 0.0002 0.0003
DH,4096bits 14972 2.4813 4.5696
DH,512bits 122 0.0202 0.0372
DH,6144bits 1 0.0002 0.0003
DH,768bits 355 0.0588 0.1083
DH,8192bits 7 0.0012 0.0021
ECDH,B-571,570bits 4696 0.7783 0.8811
ECDH,K-163,163bits 1 0.0002 0.0002
ECDH,P-192,192bits 68 0.0113 0.0128
ECDH,P-224,224bits 91 0.0151 0.0171
ECDH,P-256,256bits 500295 82.9139 93.87
ECDH,P-384,384bits 12707 2.1059 2.3842
ECDH,P-521,521bits 17146 2.8416 3.2171
ECDH,brainpoolP512r1,512bits 3 0.0005 0.0006
ECDH,secp256k1,256bits 1 0.0002 0.0002
Prefer DH,1024bits 42440 7.0336 12.9531
Prefer DH,2048bits 4955 0.8212 1.5123
Prefer DH,3072bits 9 0.0015 0.0027
Prefer DH,3092bits 2 0.0003 0.0006
Prefer DH,4096bits 379 0.0628 0.1157
Prefer DH,768bits 33 0.0055 0.0101
Prefer ECDH,B-571,570bits 4438 0.7355 0.8327
Prefer ECDH,K-163,163bits 1 0.0002 0.0002
Prefer ECDH,P-192,192bits 1 0.0002 0.0002
Prefer ECDH,P-224,224bits 89 0.0147 0.0167
Prefer ECDH,P-256,256bits 465038 77.0708 87.2547
Prefer ECDH,P-384,384bits 10660 1.7667 2.0001
Prefer ECDH,P-521,521bits 15901 2.6353 2.9835
Prefer ECDH,brainpoolP512r1,512bits 3 0.0005 0.0006
Prefer ECDH,secp256k1,256bits 1 0.0002 0.0002
Prefer PFS 543950 90.1488 0
Support PFS 575507 95.3788 0
Supported ECC curves Count Percent
-------------------------+---------+--------
None 2 0.0003
None Only 2 0.0003
brainpoolP256r1 27492 4.5562
brainpoolP384r1 27491 4.5561
brainpoolP512r1 27484 4.5549
prime192v1 1647 0.273
prime256v1 510415 84.5911
prime256v1 Only 428464 71.0093
secp160k1 1528 0.2532
secp160r1 1536 0.2546
secp160r2 1528 0.2532
secp192k1 1543 0.2557
secp224k1 1625 0.2693
secp224r1 5406 0.8959
secp256k1 29683 4.9194
secp384r1 88419 14.6537
secp384r1 Only 5169 0.8567
secp521r1 58499 9.695
secp521r1 Only 153 0.0254
sect163k1 1531 0.2537
sect163k1 Only 3 0.0005
sect163r1 1529 0.2534
sect163r2 1529 0.2534
sect193r1 1529 0.2534
sect193r2 1529 0.2534
sect233k1 1614 0.2675
sect233r1 1614 0.2675
sect239k1 1614 0.2675
sect283k1 28930 4.7946
sect283k1 Only 2 0.0003
sect283r1 28927 4.7941
sect409k1 28927 4.7941
sect409r1 28927 4.7941
sect571k1 28927 4.7941
sect571r1 28930 4.7946
server 38445 6.3715
server Only 38445 6.3715
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 532806 88.3019
unknown 70585 11.6981
ECC curve ordering Count Percent
-------------------------+---------+--------
36744 6.0896
client 18027 2.9876
server 478197 79.2516
unknown 70423 11.6712
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 54563 9.0427
ECDSA-SHA1 Only 9 0.0015
ECDSA-SHA224 54587 9.0467
ECDSA-SHA256 72567 12.0265
ECDSA-SHA384 72639 12.0385
ECDSA-SHA512 72750 12.0569
ECDSA-SHA512 Only 118 0.0196
RSA-MD5 23842 3.9513
RSA-SHA1 462908 76.7178
RSA-SHA1 Only 30278 5.018
RSA-SHA224 387875 64.2825
RSA-SHA256 441866 73.2305
RSA-SHA256 Only 8016 1.3285
RSA-SHA384 403401 66.8557
RSA-SHA384 Only 4 0.0007
RSA-SHA512 403342 66.8459
RSA-SHA512 Only 131 0.0217
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 282677 46.8481
indeterminate 38 0.0063
intolerant 6561 1.0874
order-fallback 4 0.0007
server 236059 39.1221
unsupported 14339 2.3764
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 54456 9.025
ECDSA intolerant 652 0.1081
ECDSA pfs-rsa-SHA512 17783 2.9472
ECDSA soft-nopfs 15 0.0025
RSA False 23629 3.916
RSA SHA1 399316 66.1786
RSA intolerant 50007 8.2877
RSA pfs-ecdsa-SHA512 99 0.0164
RSA soft-nopfs 389 0.0645
Renegotiation Count Percent
-------------------------+---------+--------
False 4550 0.7541
insecure 15701 2.6021
secure 583140 96.6438
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 6683 1.1076
False 4550 0.7541
NONE 592158 98.1384
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 3 0.0005
1 only 3 0.0005
5 8 0.0013
5 only 8 0.0013
10 9 0.0015
10 only 9 0.0015
15 7 0.0012
15 only 7 0.0012
30 29 0.0048
30 only 29 0.0048
60 172 0.0285
60 only 166 0.0275
65 2 0.0003
65 only 2 0.0003
70 6 0.001
70 only 4 0.0007
75 1 0.0002
75 only 1 0.0002
90 1 0.0002
90 only 1 0.0002
100 15 0.0025
100 only 15 0.0025
120 28 0.0046
120 only 28 0.0046
128 3 0.0005
128 only 2 0.0003
150 2 0.0003
180 83 0.0138
180 only 80 0.0133
240 12 0.002
240 only 12 0.002
300 306995 50.8783
300 only 304055 50.391
302 2 0.0003
302 only 2 0.0003
360 3 0.0005
360 only 2 0.0003
400 8 0.0013
400 only 8 0.0013
420 120 0.0199
420 only 103 0.0171
480 11 0.0018
480 only 11 0.0018
500 4 0.0007
500 only 4 0.0007
540 4 0.0007
540 only 4 0.0007
600 29961 4.9654
600 only 29817 4.9416
630 1 0.0002
630 only 1 0.0002
700 1 0.0002
700 only 1 0.0002
720 6 0.001
720 only 6 0.001
840 2 0.0003
840 only 2 0.0003
900 1560 0.2585
900 only 1541 0.2554
960 3 0.0005
960 only 3 0.0005
1000 1 0.0002
1000 only 1 0.0002
1200 3528 0.5847
1200 only 3525 0.5842
1210 2 0.0003
1210 only 2 0.0003
1320 1 0.0002
1320 only 1 0.0002
1380 1 0.0002
1380 only 1 0.0002
1440 1 0.0002
1440 only 1 0.0002
1500 4 0.0007
1500 only 3 0.0005
1800 860 0.1425
1800 only 839 0.139
1980 2 0.0003
1980 only 2 0.0003
2100 1 0.0002
2400 8 0.0013
2400 only 8 0.0013
2700 12 0.002
2700 only 12 0.002
3000 41 0.0068
3000 only 41 0.0068
3600 1100 0.1823
3600 only 1090 0.1806
3900 2 0.0003
3900 only 2 0.0003
4200 2 0.0003
4200 only 1 0.0002
4500 1 0.0002
4500 only 1 0.0002
5160 1 0.0002
5160 only 1 0.0002
5400 15 0.0025
5400 only 9 0.0015
6000 341 0.0565
6000 only 340 0.0563
7200 15389 2.5504
7200 only 15355 2.5448
7500 2 0.0003
7500 only 2 0.0003
9000 2 0.0003
9000 only 2 0.0003
10800 5322 0.882
10800 only 5300 0.8784
14400 147 0.0244
14400 only 144 0.0239
18000 9 0.0015
18000 only 8 0.0013
21600 4353 0.7214
21600 only 4353 0.7214
25200 1 0.0002
25200 only 1 0.0002
28800 2164 0.3586
28800 only 2164 0.3586
30000 2 0.0003
30000 only 1 0.0002
36000 1239 0.2053
36000 only 1231 0.204
43200 67 0.0111
43200 only 67 0.0111
54000 2 0.0003
54000 only 2 0.0003
60000 3 0.0005
60000 only 3 0.0005
64800 73037 12.1044
64800 only 73018 12.1013
72000 12 0.002
72000 only 12 0.002
79200 1 0.0002
79200 only 1 0.0002
86400 3232 0.5356
86400 only 3222 0.534
100800 9169 1.5196
100800 only 9156 1.5174
108000 1 0.0002
108000 only 1 0.0002
115200 1 0.0002
115200 only 1 0.0002
129600 6 0.001
129600 only 6 0.001
172800 49 0.0081
172800 only 49 0.0081
216000 3 0.0005
216000 only 3 0.0005
259200 3 0.0005
259200 only 3 0.0005
432000 1 0.0002
432000 only 1 0.0002
604800 1 0.0002
864000 2 0.0003
864000 only 2 0.0003
7776000 2 0.0003
7776000 only 2 0.0003
None 147458 24.4382
None only 144200 23.8983
Certificate sig alg Count Percent
-------------------------+---------+--------
None 10178 1.6868
ecdsa-with-SHA256 70598 11.7002
sha1WithRSAEncryption 17351 2.8756
sha256WithRSAEncryption 533303 88.3843
sha384WithRSAEncryption 7 0.0012
sha512WithRSAEncryption 77 0.0128
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 72865 12.0759
ECDSA 384 41 0.0068
ECDSA 521 1 0.0002
RSA 1024 14 0.0023
RSA 2048 516458 85.5926
RSA 2049 4 0.0007
RSA 2056 1 0.0002
RSA 2058 3 0.0005
RSA 2059 1 0.0002
RSA 2080 6 0.001
RSA 2084 1 0.0002
RSA 2086 1 0.0002
RSA 2096 3 0.0005
RSA 2408 1 0.0002
RSA 2432 6 0.001
RSA 2560 1 0.0002
RSA 2948 1 0.0002
RSA 3072 158 0.0262
RSA 3096 2 0.0003
RSA 3120 1 0.0002
RSA 3248 3 0.0005
RSA 4048 3 0.0005
RSA 4056 21 0.0035
RSA 4069 1 0.0002
RSA 4086 3 0.0005
RSA 4092 2 0.0003
RSA 4094 1 0.0002
RSA 4095 1 0.0002
RSA 4096 33887 5.6161
RSA 4196 1 0.0002
RSA 8192 12 0.002
RSA 8392 1 0.0002
RSA/ECDSA Dual Stack 20097 3.3307
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 139486 23.117
Unsupported 463905 76.883
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 15694 2.601
SSL2 Only 9 0.0015
SSL3 88647 14.6915
SSL3 Only 325 0.0539
SSL3 or TLS1 Only 47120 7.8092
SSL3 or lower Only 335 0.0555
TLS1 590402 97.8473
TLS1 Only 28435 4.7125
TLS1 or lower Only 61759 10.2353
TLS1.1 532582 88.2648
TLS1.1 Only 43 0.0071
TLS1.1 or up Only 12475 2.0675
TLS1.2 539663 89.4384
TLS1.2 Only 3587 0.5945
TLS1.2, 1.0 but not 1.1 5029 0.8335
Client Hello intolerance Count Percent
----------------------------------------+---------+-------
Huge Cipher List 539862 89.4713
Huge Cipher List (trunc 16388) 143271 23.7443
SSL 3.254 19882 3.295
TLS 1.0 66391 11.003
TLS 1.1 3190 0.5287
TLS 1.2 67 0.0111
TLS 1.3 7896 1.3086
TLS 1.4 14758 2.4458
Xmas tree 43001 7.1266
x:missing information 44 0.0073
Statistics from 544239 chains provided by 734331 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 493648 67.2242
incomplete 20056 2.7312
untrusted 220627 30.0446
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 1 0.0002
3 540295 99.2753
4 3930 0.7221
5 13 0.0024
CA key size in chains Count
-------------------------+---------
ECDSA 256 30197
ECDSA 384 30193
RSA 1024 9
RSA 2045 2
RSA 2048 845143
RSA 4096 186889
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 30197 5.5485
ECDSA 384 30193 5.5477
RSA 1024 7 0.0013
RSA 2045 2 0.0004
RSA 2048 513612 94.3725
RSA 4096 186227 34.2179
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 30185
sha1WithRSAEncryption 20474
sha256WithRSAEncryption 330105
sha384WithRSAEncryption 167373
sha512WithRSAEncryption 57
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 20448 3.7572
112 493575 90.6909
128 30216 5.552
Most popular root CAs Count Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 149876 27.5386
(2c543cd1) GeoTrust Global CA 82272 15.1169
(cbf06781) Go Daddy Root Certificate Authorit 46152 8.4801
(5ad8a5d6) GlobalSign Root CA 42046 7.7256
(b204d74a) VeriSign Class 3 Public Primary Ce 30585 5.6198
(eed8c118) COMODO ECC Certification Authority 30178 5.545
(244b5494) DigiCert High Assurance EV Root CA 21202 3.8957
(2e4eed3c) thawte Primary Root CA 17390 3.1953
(fc5a8f99) USERTrust RSA Certification Author 17354 3.1887
(2e5ac55d) DST Root CA X3 16492 3.0303
(653b494a) Baltimore CyberTrust Root 11315 2.079
(3513523f) DigiCert Global Root CA 10347 1.9012
(ae8153b9) StartCom Certification Authority 9044 1.6618
(4bfab552) Starfield Root Certificate Authori 9012 1.6559
(e2799e36) GeoTrust Primary Certification Aut 6148 1.1297
(480720ec) GeoTrust Primary Certification Aut 5775 1.0611
(02265526) Entrust Root Certification Authori 3969 0.7293
(ba89ed3b) thawte Primary Root CA - G3 3394 0.6236
(8096d0a9) Certification Authority of WoSign 2877 0.5286
(157753a5) AddTrust External CA Root 2782 0.5112
Most popular intermediate CA Count Percent
---------------------------------------------+---------+-------
(8d28ae65) COMODO RSA Domain Validation Secur 100923 18.5439
(27eb7704) Go Daddy Secure Certificate Author 46152 8.4801
(53f3e569) RapidSSL SHA256 CA - G3 40339 7.412
(6cfa716c) COMODO ECC Domain Validation Secur 30126 5.5354
(7d9c641e) Symantec Class 3 Secure Server CA 21662 3.9802
(1400f578) cPanel, Inc. Certification Authori 19580 3.5977
(38ae8eda) DigiCert SHA2 High Assurance Serve 17140 3.1494
(4f06f81d) Let's Encrypt Authority X3 16492 3.0303
(16744f0c) AlphaSSL CA - SHA256 - G2 16239 2.9838
(493a2f06) COMODO RSA Domain Validation Secur 13442 2.4699
(10310d4b) GeoTrust SSL CA - G3 13423 2.4664
(80ecc636) RapidSSL SHA256 CA 12795 2.351
(d7d634d4) GlobalSign Domain Validation CA - 11432 2.1005
(b85455c4) GlobalSign Organization Validation 11363 2.0879
(c43a77d9) COMODO RSA Organization Validation 11217 2.061
(85cf5865) DigiCert SHA2 Secure Server CA 10208 1.8756
(9ad474ec) thawte SSL CA - G2 9146 1.6805
(cd7781e5) Starfield Secure Certificate Autho 9012 1.6559
(d84ef247) GeoTrust DV SSL CA - G4 7163 1.3161
(a0f7ac3e) Symantec Class 3 EV SSL CA - G3 7144 1.3127
(3d97f5e2) Verizon Akamai SureServer CA G14-S 7025 1.2908
(fd917e82) SecureCore RSA DV CA 6995 1.2853
(b71a5f76) GeoTrust EV SSL CA - G4 5724 1.0517
(661c52cc) thawte DV SSL CA - G2 5368 0.9863
(e22cd3f0) COMODO RSA Extended Validation Sec 4365 0.802
(7f8496de) StartCom Class 1 DV Server CA 3678 0.6758
(45bfefc3) DigiCert SHA2 Extended Validation 3527 0.6481
(2835d715) Entrust Certification Authority - 3328 0.6115
(f131b364) RapidSSL CA 3180 0.5843
(98d7cad7) GeoTrust DV SSL CA - G3 3154 0.5795
Scan performed between 20th of July and 17th of August 2016
securitypitfalls 