ssl

December 2014 scan results

Unfortunately, not only the results from December last year are late (sorry about that), they are also rather unexciting.

Cipher suites

The used cipher suites haven’t changed much. AES-GCM has gained about 2%, RC4 only servers have increased by a bit, but are still staying below 1% mark. Fortunately both servers that prefer RC4 in general and ones that use RC4 in TLSv1.1 and TLSv1.2 have fallen by 1.2% and 0.7% respectively. Similarly, servers that use insecure cipher suites have fallen 1.2%.

Support for PFS is similarly increasing, support for P-256 curve alone increased by 1.75%

All in all, just continuation of established trends.

Supported ECC curves and TLSv1.2 PFS key exchange

Not much changes here either, only prime256v1 (a.k.a. P-256) gained significant support of nearly 3%. No big changes in either the handling of unsupported curves or signature algorithms.

Vulnerabilities

Many servers still support both insecure renegotiation and compression at 6.1% and 4% respectively, with little change since last month.

Certificates

One of the biggest changes is the result of actions by CA’s: the slow depreciation of certificates signed by SHA-1. Over 5% less servers use this weak signature scheme. Nearly all of them started using the secure SHA-256 scheme.

The size of the signed keys haven’t changed though. 2048bit RSA is still dominating the landscape of server certificates.

Protocol versions

The rate of change in the wake of POODLE has fallen dramatically, while still 40% of servers support the insecure SSLv3 protocol this translates only to 6% change since last month. Fortunately, very few servers actually require the client to support protocols older than TLSv1.0 – just 0.4%.

At the same time TLSv1.2 has gained about 1.7% share.

Results

SSL/TLS survey of 447186 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      378348    84.6064
3DES Only                 409       0.0915
AES                       419934    93.9059
AES Only                  6307      1.4104
AES-CBC Only              4535      1.0141
AES-GCM                   237571    53.1258
AES-GCM Only              11        0.0025
CAMELLIA                  173896    38.8867
CAMELLIA Only             2         0.0004
CHACHA20                  13870     3.1016
Insecure                  93150     20.8303
RC4                       366313    81.9151
RC4 Only                  3873      0.8661
RC4 Preferred             67762     15.153
RC4 forced in TLS1.1+     42015     9.3954
x:FF 29 RC4 Only          527       0.1178
x:FF 29 RC4 Preferred     73724     16.4862
x:FF 29 incompatible      139       0.0311
y:DHE-RSA-SEED-SHA        83551     18.6837
y:IDEA-CBC-MD5            3036      0.6789
y:IDEA-CBC-SHA            67508     15.0962
y:SEED-SHA                84973     19.0017
z:ADH-AES128-GCM-SHA256   293       0.0655
z:ADH-AES128-SHA          992       0.2218
z:ADH-AES128-SHA256       241       0.0539
z:ADH-AES256-GCM-SHA384   300       0.0671
z:ADH-AES256-SHA          1007      0.2252
z:ADH-AES256-SHA256       241       0.0539
z:ADH-CAMELLIA128-SHA     420       0.0939
z:ADH-CAMELLIA256-SHA     430       0.0962
z:ADH-DES-CBC-SHA         407       0.091
z:ADH-DES-CBC3-SHA        1034      0.2312
z:ADH-RC4-MD5             826       0.1847
z:ADH-SEED-SHA            294       0.0657
z:AECDH-AES128-SHA        13690     3.0614
z:AECDH-AES256-SHA        13690     3.0614
z:AECDH-DES-CBC3-SHA      13651     3.0526
z:AECDH-NULL-SHA          27        0.006
z:AECDH-RC4-SHA           12738     2.8485
z:DES-CBC-MD5             19967     4.465
z:DES-CBC-SHA             54475     12.1817
z:DES-CBC3-MD5            35969     8.0434
z:ECDHE-RSA-NULL-SHA      32        0.0072
z:EDH-RSA-DES-CBC-SHA     46870     10.4811
z:EXP-ADH-DES-CBC-SHA     330       0.0738
z:EXP-ADH-RC4-MD5         334       0.0747
z:EXP-DES-CBC-SHA         40137     8.9755
z:EXP-EDH-RSA-DES-CBC-SHA 29161     6.521
z:EXP-RC2-CBC-MD5         45160     10.0987
z:EXP-RC4-MD5             48009     10.7358
z:EXP1024-DES-CBC-SHA     9943      2.2235
z:EXP1024-RC4-SHA         10098     2.2581
z:NULL-MD5                292       0.0653
z:NULL-SHA                296       0.0662
z:NULL-SHA256             9         0.002
z:RC2-CBC-MD5             20356     4.552
z:RC4-64-MD5              1712      0.3828

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               145491    32.5348
Server side               301695    67.4652

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1117      0.2498
AECDH                     13714     3.0667
DHE                       223710    50.0262
ECDHE                     262693    58.7436
ECDHE and DHE             116323    26.0122
RSA                       420069    93.9361

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               195986    43.8265  87.6072
DH,1536bits               1         0.0002   0.0004
DH,2048bits               25243     5.6449   11.2838
DH,2226bits               1         0.0002   0.0004
DH,2236bits               2         0.0004   0.0009
DH,2430bits               1         0.0002   0.0004
DH,3072bits               13        0.0029   0.0058
DH,3248bits               2         0.0004   0.0009
DH,4094bits               1         0.0002   0.0004
DH,4096bits               1546      0.3457   0.6911
DH,512bits                127       0.0284   0.0568
DH,768bits                818       0.1829   0.3657
DH,8192bits               1         0.0002   0.0004
ECDH,B-163,163bits        11        0.0025   0.0042
ECDH,B-571,570bits        627       0.1402   0.2387
ECDH,K-163,163bits        1         0.0002   0.0004
ECDH,P-224,224bits        49        0.011    0.0187
ECDH,P-256,256bits        257780    57.6449  98.1298
ECDH,P-384,384bits        759       0.1697   0.2889
ECDH,P-521,521bits        4352      0.9732   1.6567
Prefer DH,1024bits        101308    22.6546  45.2854
Prefer DH,1536bits        1         0.0002   0.0004
Prefer DH,2048bits        2733      0.6112   1.2217
Prefer DH,2236bits        1         0.0002   0.0004
Prefer DH,4096bits        102       0.0228   0.0456
Prefer DH,512bits         8         0.0018   0.0036
Prefer DH,768bits         455       0.1017   0.2034
Prefer ECDH,B-163,163bits 11        0.0025   0.0042
Prefer ECDH,B-571,570bits 441       0.0986   0.1679
Prefer ECDH,P-224,224bits 18        0.004    0.0069
Prefer ECDH,P-256,256bits 206995    46.2883  78.7973
Prefer ECDH,P-384,384bits 701       0.1568   0.2669
Prefer ECDH,P-521,521bits 3970      0.8878   1.5113
Prefer PFS                316744    70.8305  0
Support PFS               370080    82.7575  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           21        0.0047   
brainpoolP384r1           21        0.0047   
brainpoolP512r1           21        0.0047   
prime192v1                638       0.1427   
prime256v1                262107    58.6125  
prime256v1 Only           224888    50.2896  
secp160k1                 612       0.1369   
secp160r1                 612       0.1369   
secp160r2                 611       0.1366   
secp192k1                 633       0.1416   
secp224k1                 670       0.1498   
secp224r1                 913       0.2042   
secp224r1 Only            1         0.0002   
secp256k1                 681       0.1523   
secp384r1                 37358     8.354    
secp384r1 Only            140       0.0313   
secp521r1                 9820      2.196    
secp521r1 Only            76        0.017    
sect163k1                 615       0.1375   
sect163k1 Only            2         0.0004   
sect163r1                 613       0.1371   
sect163r2                 623       0.1393   
sect163r2 Only            11        0.0025   
sect193r1                 612       0.1369   
sect193r2                 612       0.1369   
sect233k1                 660       0.1476   
sect233r1                 660       0.1476   
sect239k1                 660       0.1476   
sect283k1                 659       0.1474   
sect283r1                 659       0.1474   
sect409k1                 658       0.1471   
sect409r1                 658       0.1471   
sect571k1                 669       0.1496   
sect571r1                 669       0.1496   

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          53728     12.0147  
True                           172271    38.5233  
order-specific                 18        0.004    
unknown                        221169    49.4579  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    651       0.1456   
inconclusive-noecc        11        0.0025   
server                    261689    58.5191  
unknown                   184835    41.3329  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     25418     5.684    
ECDSA-SHA224                   25440     5.6889   
ECDSA-SHA256                   25455     5.6923   
ECDSA-SHA384                   25468     5.6952   
ECDSA-SHA512                   25495     5.7012   
ECDSA-SHA512 Only              27        0.006    
RSA-MD5                        109093    24.3954  
RSA-MD5 Only                   4         0.0009   
RSA-SHA1                       235950    52.7633  
RSA-SHA1 Only                  37466     8.3782   
RSA-SHA224                     193902    43.3605  
RSA-SHA256                     200147    44.757   
RSA-SHA256 Only                1249      0.2793   
RSA-SHA384                     194348    43.4602  
RSA-SHA512                     194433    43.4792  
RSA-SHA512 Only                76        0.017    

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         177369    39.6634  
indeterminate                  7         0.0016   
intolerant                     984       0.22     
order-fallback                 7         0.0016   
server                         84987     19.0048  
unsupported                    40384     9.0307   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     25401     5.6802   
ECDSA intolerant               119       0.0266   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      107562    24.0531  
RSA SHA1                       111710    24.9807  
RSA intolerant                 17117     3.8277   
RSA pfs-ecdsa-SHA512           2         0.0004   
RSA soft-nopfs                 1576      0.3524   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     10805     2.4162   
insecure                  27291     6.1028   
secure                    409090    91.4809  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      18282     4.0882   
False                     10805     2.4162   
NONE                      418099    93.4955  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         2         0.0004   
1 only                    2         0.0004   
3                         2         0.0004   
3 only                    2         0.0004   
5                         1         0.0002   
5 only                    1         0.0002   
10                        5         0.0011   
10 only                   5         0.0011   
15                        8         0.0018   
15 only                   8         0.0018   
30                        7         0.0016   
30 only                   6         0.0013   
60                        65        0.0145   
60 only                   62        0.0139   
70                        1         0.0002   
75                        1         0.0002   
75 only                   1         0.0002   
100                       16        0.0036   
100 only                  16        0.0036   
120                       20        0.0045   
120 only                  20        0.0045   
128                       1         0.0002   
128 only                  1         0.0002   
180                       33        0.0074   
180 only                  33        0.0074   
240                       2         0.0004   
240 only                  2         0.0004   
256                       1         0.0002   
256 only                  1         0.0002   
300                       175517    39.2492  
300 only                  163896    36.6505  
400                       1         0.0002   
400 only                  1         0.0002   
420                       33        0.0074   
420 only                  27        0.006    
480                       10        0.0022   
480 only                  10        0.0022   
600                       14086     3.1499   
600 only                  13798     3.0855   
720                       1         0.0002   
720 only                  1         0.0002   
900                       496       0.1109   
900 only                  480       0.1073   
960                       3         0.0007   
960 only                  3         0.0007   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      254       0.0568   
1200 only                 253       0.0566   
1500                      10        0.0022   
1500 only                 8         0.0018   
1800                      265       0.0593   
1800 only                 261       0.0584   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      2         0.0004   
2400 only                 2         0.0004   
2520                      1         0.0002   
2520 only                 1         0.0002   
2700                      5         0.0011   
2700 only                 5         0.0011   
3000                      9         0.002    
3000 only                 9         0.002    
3600                      336       0.0751   
3600 only                 313       0.07     
4800                      1         0.0002   
4800 only                 1         0.0002   
5400                      2         0.0004   
6000                      3         0.0007   
6000 only                 3         0.0007   
7200                      11839     2.6474   
7200 only                 9113      2.0379   
10800                     17        0.0038   
10800 only                8         0.0018   
14400                     1145      0.256    
14400 only                1145      0.256    
18000                     2         0.0004   
18000 only                2         0.0004   
21600                     2996      0.67     
21600 only                2995      0.6697   
28800                     9         0.002    
28800 only                8         0.0018   
30000                     1         0.0002   
30000 only                1         0.0002   
36000                     394       0.0881   
36000 only                389       0.087    
43200                     2088      0.4669   
43200 only                2088      0.4669   
60000                     1         0.0002   
60000 only                1         0.0002   
64800                     41860     9.3608   
64800 only                41586     9.2995   
72000                     8         0.0018   
72000 only                8         0.0018   
86000                     36        0.0081   
86000 only                36        0.0081   
86400                     218       0.0487   
86400 only                218       0.0487   
100800                    13600     3.0412   
100800 only               13599     3.041    
129600                    13        0.0029   
129600 only               13        0.0029   
216000                    1         0.0002   
216000 only               1         0.0002   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    4         0.0009   
864000 only               4         0.0009   
2592000                   3         0.0007   
2592000 only              3         0.0007   
None                      196733    43.9936  
None only                 181749    40.6428  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      14674     3.2814   
ecdsa-with-SHA256         25488     5.6996   
sha1WithRSAEncryption     280609    62.75    
sha256WithRSAEncryption   141161    31.5665  
sha512WithRSAEncryption   6         0.0013   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 25516     5.7059   
ECDSA 384                 4         0.0009   
ECDSA 521                 1         0.0002   
RSA 1024                  1164      0.2603   
RSA 10240                 6         0.0013   
RSA 2028                  1         0.0002   
RSA 2047                  1         0.0002   
RSA 2048                  405216    90.6146  
RSA 2049                  3         0.0007   
RSA 2056                  6         0.0013   
RSA 2058                  2         0.0004   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0004   
RSA 2084                  11        0.0025   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  2         0.0004   
RSA 2432                  7         0.0016   
RSA 2536                  1         0.0002   
RSA 2612                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  67        0.015    
RSA 3102                  1         0.0002   
RSA 3248                  3         0.0007   
RSA 3600                  1         0.0002   
RSA 4048                  2         0.0004   
RSA 4056                  31        0.0069   
RSA 4086                  3         0.0007   
RSA 4092                  1         0.0002   
RSA 4096                  15176     3.3937   
RSA 4098                  1         0.0002   
RSA 8192                  3         0.0007   
RSA/ECDSA Dual Stack      38        0.0085

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 77324     17.2912  
Unsupported               369862    82.7088  

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      36284     8.1138
SSL2 Only                 91        0.0203
SSL3                      179062    40.042
SSL3 Only                 1745      0.3902
SSL3 or TLS1 Only         105359    23.5604
SSL3 or lower Only        1809      0.4045
TLS1                      444489    99.3969
TLS1 Only                 52837     11.8154
TLS1 or lower Only        138580    30.9893
TLS1.1                    293865    65.7143
TLS1.1 Only               27        0.006
TLS1.1 or up Only         523       0.117
TLS1.2                    303723    67.9187
TLS1.2 Only               390       0.0872
TLS1.2, 1.0 but not 1.1   12385     2.7695

Statistics from 470946 chains provided by 638990 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  410153    64.1877
incomplete                27383     4.2854
untrusted                 201454    31.5269

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         1649      0.3501
3                         431002    91.5183
4                         38270     8.1262
5                         25        0.0053

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 25501     
ECDSA 384                 25501     
RSA 1024                  1364      
RSA 2045                  1         
RSA 2048                  879560    
RSA 4096                  46636     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 25501     5.4148
ECDSA 384                 25501     5.4148
RSA 1024                  1360      0.2888
RSA 2045                  1         0.0002
RSA 2048                  444009    94.2802
RSA 4096                  46099     9.7886

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              25501     
sha1WithRSAEncryption          305263    
sha256WithRSAEncryption        107270    
sha384WithRSAEncryption        69568     
sha512WithRSAEncryption        15        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        305164    64.7981
112                       140279    29.7866
128                       25503     5.4153

Most popular root CAs                         Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 110291    23.419
(157753a5) AddTrust External CA Root          77350     16.4244
(5ad8a5d6) GlobalSign Root CA                 47688     10.126
(b204d74a) VeriSign Class 3 Public Primary Ce 29428     6.2487
(cbf06781) Go Daddy Root Certificate Authorit 38568     8.1895
(2e4eed3c) thawte Primary Root CA             26893     5.7104
(eed8c118) COMODO ECC Certification Authority 25498     5.4142
(244b5494) DigiCert High Assurance EV Root CA 23587     5.0084
(f081611a) The Go Daddy Group, Inc.           13909     2.9534
(b13cc6df) UTN-USERFirst-Hardware             11545     2.4514
(653b494a) Baltimore CyberTrust Root          11478     2.4372
(ae8153b9) StartCom Certification Authority   9006      1.9123
(40547a79) COMODO Certification Authority     8167      1.7342
(f387163d) Starfield Technologies, Inc.       7454      1.5828
(3513523f) DigiCert Global Root CA            5105      1.084
(480720ec) GeoTrust Primary Certification Aut 4748      1.0082

Scan performed between 11th and 20th of December 2014.

November 2014 results – intolerancies

This time around, I have extended the scanning script to also include tests checking whatever servers are tolerant to specific settings inside client hello messages. The scan itself also gained a fallback mode in case the regular scan (used up until now for all data collection) haven’t detected any ciphers to be supported by server or server appearing to support just SSLv2. Another additions include scan for supported curves for ECDHE key exchange, key signature algorithm for TLSv1.2 ECDHE and DHE key exchange, secure renegotiation support and compression.

Protocol versions

While I have provided some results for intolerance of specific settings in the Halloween special, scan of the full Alexa top 1 million proved to be much more complex and harder to pin down in just few lines. I’m afraid I won’t be able to tell much about the bugs the servers seem to be showing until I develop tests for specific bugs rather than current probing with very generic (and rather standard) client hello messages.

That being said, general statistics look like this: about 4.8% of servers refused connection that started with a big full featured TLSv1.2 client hello, that includes about 0.1% of servers that are strictly TLSv1.2 ClientHello intolerant (even when inside V2 Client Hello) and 0.18% that are intolerant to regular TLSv1.2 client hello, rest seem to be intolerant to just big client hello or placement of RC4-SHA and RC4-MD5 ciphers after 64th position (Windows 2003 bug).

Supported curves

Around 56.7% of servers will negotiate ECDHE cipher suites. The vast majority of servers support the NIST prime256v1 curve (55.6% of all TLS-enabled) and high part of them support only this one curve (48.2%). Second most supported curve is secp384r1, where 7.3% of servers support it (0.02% support only this one). Third most supported curve is secp521r1, at 1.77%. Other curves hover around 0.13% mark, with the exception of brainpool curves (all 3 of them), which are supported by only 19 servers.

At the same time, there are servers which support only secp521r1, sect163k1 or sect163r2 curves – those servers won’t be able to negotiate ECDHE ciphers with common web browsers. This is because secp521r1 curve is supported only by some browsers (list that doesn’t include Firefox and Internet Explorer) while the other two are unsupported by all major browsers.

Interestingly, nearly all servers dictate the selected curve (use server side ordering for curves) – only 0.13% of servers let the client select the most preferred curve.

Many servers (11.8% of total) will abort connection completely in case the client does not support the curve preferred by server.

Signature algorithms in PFS TLSv1.2 key exchange

As more eagle-eyed readers of the RFC 5246 (TLSv1.2 definition) may have noticed, the standard also allows the peers to negotiate the signature algorithm used for signing the DHE and ECDHE key exchange. In detail it allows the server to sign the key exchange with MD5, SHA1 and SHA-2 family functions.

As we all know, MD5 is far from secure when used for digital signatures.

Unfortunately, many servers (24% of TLS-enabled) will sign the message with MD5 if the client “doesn’t leave them any choice”. Few (3 in total) will sign the key exchange only using MD5! The situation with the weak-but-no-broken-yet SHA1 is not much better as 8% of servers will use only it for signing.

On many servers support for SHA2 family of functions is still lagging a bit behind after SHA1 (respectively at around 42% and 51% of all).

Majority of servers will honour the client preferred signature mechanism (38% of TLS-enabled) while minority will take only its preference of it (18%).

In case the client doesn’t advertise any signature algorithm supported by server the behaviour is rather diverse. Most common is just forcing the client to accept SHA-1 signatures (at 23.9%), close second (at 23.7%) is aborting the connection if the client doesn’t advertise any RSA based signature algorithms. Less common still is aborting as soon as the client advertises only the unsupported signature algorithms (at 3.47%). Very few servers opt out to select ciphers that don’t require negotiation of signature algorithms (at 0.3%).

For servers with ECDSA keys, the situation is more uniform, where 5.5% of all TLS enabled servers will just force the SHA-1 signature algorithm, 20 servers will abort the connection while just one will drop down to RSA based, but still PFS-enabled cipher suite.

Cipher suites

Going back to our usual programming, use of cipher suites didn’t see much changes.

3DES ciphers have decreased a bit (2%) while AES-GCM have increased by a bit (also ~2%). While servers that support RC4 have decreased slightly (~1.5%) the amount of servers that force the use of RC4 remained essentially the same.

Amount of servers that will negotiate insecure cipher suites has grown by just under 2%, but this may be caused by addition of DES-CBC3-MD5 (at 8.7%), EXP-RC4-MD5 (at 11.7%), EXP1024-DES-CBC-SHA (at 2.3%), EXP1024-RC4-SHA (at 2.3%) and RC4-64-MD5 (at 0.39%) ciphers to the list of insecure ciphers which previously either were counted towards the RC4 and 3DES numbers or not tested at all (the EXP1024 ciphers).

It’s nice to see that more servers still use server side cipher ordering, this month at 66.7% (up by just under 6%).

We’ve also seen a 1.5% growth in servers that prefer PFS capable cipher suites, caused nearly entirely by servers that prefer the P-256 NIST curve for ECDHE key exchange.

Server certificates

A slight increase in the number of servers that have certificates signed by ECDSA keys, by 0.7%.

The other good news is that SHA-1 keeps on loosing, this month by 7.6% to a level of 68%.

The key sizes haven’t seen much changes, 2048bit is still dominant at 90.7% for RSA while 256 bit is dominant at 5.5% for ECDSA.

Looks like google have once again modified their Apple clients detection, as the number of servers that report support for both RSA and ECDSA ciphersuites have gone back to nearly 0 (and the scanning script once again doesn’t report support of ECDHE-ECDSA ciphers for sites like youtube.com).

Protocols

Administrators keep on updating their configurations, SSLv2 support has gone down by 1.5% to 8.8% while SSLv3 support has gone down by 23% to a level of 46% making it the first month when SSLv3 is supported by less than half the web servers.

A bit surprisingly, TLSv1.0 has gained a bit of market, from the previous 97.7% to current 99.2% making it virtually ubiquitous.

TLSv1.1 and TLSv1.2 have gained a bit less, at around 1.5% and 2% respectively.

Vulnerabilities

Some of the servers are still vulnerable to long known attacks requiring support for compression (at 4.3%) and lack of implementation of RFC 5746 (secure renegotiation) which is missing on nearly 6.5% of servers. This facilitates the CRIME and renegotiation attacks respectively.

Trust chains

The changes for individual certificates or trust chains in general are not significant, all are below the 1% mark, but they all go in the right direction – for higher security.

Detailed cipher scan results

SSL/TLS survey of 441636 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      374355    84.7655
3DES Only                 402       0.091
AES                       413509    93.6312
AES Only                  3628      0.8215
AES-CBC Only              2370      0.5366
AES-GCM                   226553    51.2986
AES-GCM Only              11        0.0025
CAMELLIA                  169951    38.4821
CAMELLIA Only             1         0.0002
CHACHA20                  14060     3.1836
Insecure                  97652     22.1114
RC4                       370269    83.8403
RC4 Only                  3694      0.8364
RC4 Preferred             72316     16.3746
RC4 forced in TLS1.1+     44600     10.0988
x:FF 29 RC4 Only          521       0.118
x:FF 29 RC4 Preferred     77977     17.6564
x:FF 29 incompatible      152       0.0344
y:DHE-RSA-SEED-SHA        81413     18.4344
y:IDEA-CBC-MD5            3271      0.7407
y:IDEA-CBC-SHA            66611     15.0828
y:SEED-SHA                83866     18.9898
z:ADH-AES128-GCM-SHA256   297       0.0672
z:ADH-AES128-SHA          1093      0.2475
z:ADH-AES128-SHA256       258       0.0584
z:ADH-AES256-GCM-SHA384   298       0.0675
z:ADH-AES256-SHA          1105      0.2502
z:ADH-AES256-SHA256       258       0.0584
z:ADH-CAMELLIA128-SHA     461       0.1044
z:ADH-CAMELLIA256-SHA     471       0.1066
z:ADH-DES-CBC-SHA         457       0.1035
z:ADH-DES-CBC3-SHA        1145      0.2593
z:ADH-RC4-MD5             929       0.2104
z:ADH-SEED-SHA            327       0.074
z:AECDH-AES128-SHA        13449     3.0453
z:AECDH-AES256-SHA        13444     3.0441
z:AECDH-DES-CBC3-SHA      13404     3.0351
z:AECDH-NULL-SHA          32        0.0072
z:AECDH-RC4-SHA           12431     2.8148
z:DES-CBC-MD5             21586     4.8877
z:DES-CBC-SHA             57810     13.09
z:DES-CBC3-MD5            38510     8.7199
z:ECDHE-RSA-NULL-SHA      40        0.0091
z:EDH-RSA-DES-CBC-SHA     50046     11.332
z:EXP-ADH-DES-CBC-SHA     370       0.0838
z:EXP-ADH-RC4-MD5         375       0.0849
z:EXP-DES-CBC-SHA         43742     9.9045
z:EXP-EDH-RSA-DES-CBC-SHA 32332     7.321
z:EXP-RC2-CBC-MD5         48992     11.0933
z:EXP-RC4-MD5             51816     11.7327
z:EXP1024-DES-CBC-SHA     10301     2.3325
z:EXP1024-RC4-SHA         10439     2.3637
z:NULL-MD5                308       0.0697
z:NULL-SHA                310       0.0702
z:NULL-SHA256             21        0.0048
z:RC2-CBC-MD5             21992     4.9797
z:RC4-64-MD5              1761      0.3987

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               146876    33.2573
Server side               294760    66.7427

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1219      0.276
AECDH                     13477     3.0516
DHE                       218697    49.5197
ECDHE                     250523    56.7261
ECDHE and DHE             107307    24.2976
RSA                       416216    94.2441

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               194241    43.9821  88.8174
DH,1536bits               1         0.0002   0.0005
DH,2047bits               1         0.0002   0.0005
DH,2048bits               22093     5.0025   10.1021
DH,2226bits               1         0.0002   0.0005
DH,2236bits               2         0.0005   0.0009
DH,3072bits               11        0.0025   0.005
DH,3248bits               2         0.0005   0.0009
DH,4096bits               1313      0.2973   0.6004
DH,512bits                32507     7.3606   14.8639
DH,768bits                866       0.1961   0.396
DH,8192bits               1         0.0002   0.0005
ECDH,B-163,163bits        12        0.0027   0.0048
ECDH,B-571,570bits        565       0.1279   0.2255
ECDH,P-224,224bits        15        0.0034   0.006
ECDH,P-256,256bits        244052    55.2609  97.417
ECDH,P-384,384bits        717       0.1624   0.2862
ECDH,P-521,521bits        6141      1.3905   2.4513
Prefer DH,1024bits        102473    23.203   46.8562
Prefer DH,2048bits        2729      0.6179   1.2478
Prefer DH,2236bits        1         0.0002   0.0005
Prefer DH,3072bits        1         0.0002   0.0005
Prefer DH,4096bits        87        0.0197   0.0398
Prefer DH,512bits         23        0.0052   0.0105
Prefer DH,768bits         459       0.1039   0.2099
Prefer ECDH,B-163,163bits 12        0.0027   0.0048
Prefer ECDH,B-571,570bits 394       0.0892   0.1573
Prefer ECDH,P-224,224bits 14        0.0032   0.0056
Prefer ECDH,P-256,256bits 196706    44.5403  78.5181
Prefer ECDH,P-384,384bits 660       0.1494   0.2634
Prefer ECDH,P-521,521bits 5660      1.2816   2.2593
Prefer PFS                309219    70.0167  0
Support PFS               361913    81.9483  0

Supported ECC curves      Count     Percent 
-------------------------+---------+--------
brainpoolP256r1           19        0.0043   
brainpoolP384r1           19        0.0043   
brainpoolP512r1           19        0.0043   
prime192v1                573       0.1297   
prime256v1                245656    55.6241  
prime256v1 Only           213263    48.2893  
secp160k1                 554       0.1254   
secp160r1                 554       0.1254   
secp160r2                 554       0.1254   
secp192k1                 565       0.1279   
secp224k1                 576       0.1304   
secp224r1                 714       0.1617   
secp256k1                 579       0.1311   
secp384r1                 32501     7.3592   
secp384r1 Only            109       0.0247   
secp521r1                 7817      1.77     
secp521r1 Only            69        0.0156   
sect163k1                 559       0.1266   
sect163k1 Only            1         0.0002   
sect163r1                 557       0.1261   
sect163r2                 570       0.1291   
sect163r2 Only            12        0.0027   
sect193r1                 557       0.1261   
sect193r2                 557       0.1261   
sect233k1                 573       0.1297   
sect233r1                 573       0.1297   
sect239k1                 572       0.1295   
sect283k1                 573       0.1297   
sect283r1                 572       0.1295   
sect409k1                 570       0.1291   
sect409r1                 570       0.1291   
sect571k1                 574       0.13     
sect571r1                 574       0.13     

Unsupported curve fallback     Count     Percent 
------------------------------+---------+--------
False                          52248     11.8306  
True                           161110    36.4803  
order-specific                 10        0.0023   
unknown                        228268    51.6869  

ECC curve ordering        Count     Percent 
-------------------------+---------+--------
client                    577       0.1307   
inconclusive-noecc        2         0.0005   
server                    245280    55.539   
unknown                   195777    44.3299  

TLSv1.2 PFS supported sigalgs  Count     Percent 
------------------------------+---------+--------
ECDSA-SHA1                     24443     5.5346   
ECDSA-SHA224                   24448     5.5358   
ECDSA-SHA256                   24449     5.536    
ECDSA-SHA384                   24451     5.5365   
ECDSA-SHA512                   24454     5.5371   
ECDSA-SHA512 Only              3         0.0007   
RSA-MD5                        106330    24.0764  
RSA-MD5 Only                   3         0.0007   
RSA-SHA1                       225736    51.1136  
RSA-SHA1 Only                  35561     8.0521   
RSA-SHA224                     186614    42.2552  
RSA-SHA256                     191459    43.3522  
RSA-SHA256 Only                926       0.2097   
RSA-SHA384                     186997    42.3419  
RSA-SHA512                     187037    42.3509  
RSA-SHA512 Only                37        0.0084   

TLSv1.2 PFS ordering           Count     Percent 
------------------------------+---------+--------
client                         170553    38.6185  
indeterminate                  8         0.0018   
intolerant                     661       0.1497   
order-fallback                 5         0.0011   
server                         80372     18.1987  
unsupported                    40930     9.2678   

TLSv1.2 PFS sigalg fallback    Count     Percent 
------------------------------+---------+--------
ECDSA SHA1                     24438     5.5335   
ECDSA intolerant               20        0.0045   
ECDSA pfs-rsa-SHA512           1         0.0002   
RSA False                      104894    23.7512  
RSA SHA1                       105580    23.9066  
RSA intolerant                 15354     3.4766   
RSA pfs-ecdsa-SHA512           2         0.0005   
RSA soft-nopfs                 1464      0.3315   

Renegotiation             Count     Percent 
-------------------------+---------+--------
False                     11218     2.5401   
insecure                  28271     6.4014   
secure                    402147    91.0585  

Compression               Count     Percent 
-------------------------+---------+--------
1 (zlib compression)      19036     4.3103   
False                     11218     2.5401   
NONE                      411382    93.1496  

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
1                         1         0.0002   
1 only                    1         0.0002   
3                         2         0.0005   
3 only                    2         0.0005   
5                         1         0.0002   
5 only                    1         0.0002   
10                        3         0.0007   
10 only                   3         0.0007   
15                        7         0.0016   
15 only                   7         0.0016   
30                        9         0.002    
30 only                   9         0.002    
45                        1         0.0002   
45 only                   1         0.0002   
60                        71        0.0161   
60 only                   67        0.0152   
65                        1         0.0002   
65 only                   1         0.0002   
70                        1         0.0002   
75                        1         0.0002   
75 only                   1         0.0002   
100                       16        0.0036   
100 only                  16        0.0036   
120                       15        0.0034   
120 only                  15        0.0034   
128                       1         0.0002   
128 only                  1         0.0002   
180                       35        0.0079   
180 only                  35        0.0079   
240                       2         0.0005   
240 only                  2         0.0005   
300                       169526    38.3859  
300 only                  156066    35.3382  
360                       1         0.0002   
360 only                  1         0.0002   
400                       2         0.0005   
400 only                  2         0.0005   
420                       25        0.0057   
420 only                  17        0.0038   
480                       11        0.0025   
480 only                  10        0.0023   
600                       12859     2.9117   
600 only                  12605     2.8542   
660                       1         0.0002   
660 only                  1         0.0002   
900                       355       0.0804   
900 only                  337       0.0763   
960                       2         0.0005   
960 only                  2         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      253       0.0573   
1200 only                 249       0.0564   
1500                      11        0.0025   
1500 only                 10        0.0023   
1800                      258       0.0584   
1800 only                 254       0.0575   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      1         0.0002   
2400 only                 1         0.0002   
2700                      5         0.0011   
2700 only                 5         0.0011   
3000                      8         0.0018   
3000 only                 8         0.0018   
3600                      336       0.0761   
3600 only                 309       0.07     
5400                      2         0.0005   
6000                      4         0.0009   
6000 only                 4         0.0009   
7200                      11602     2.6271   
7200 only                 8915      2.0186   
10800                     16        0.0036   
10800 only                8         0.0018   
14400                     1087      0.2461   
14400 only                1086      0.2459   
18000                     1         0.0002   
18000 only                1         0.0002   
21600                     3246      0.735    
21600 only                3244      0.7345   
28800                     13        0.0029   
28800 only                12        0.0027   
36000                     420       0.0951   
36000 only                412       0.0933   
43200                     2089      0.473    
43200 only                2089      0.473    
64800                     40233     9.11     
64800 only                40222     9.1075   
72000                     5         0.0011   
72000 only                5         0.0011   
86000                     37        0.0084   
86000 only                37        0.0084   
86400                     176       0.0399   
86400 only                174       0.0394   
100800                    13809     3.1268   
100800 only               13809     3.1268   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    13        0.0029   
129600 only               13        0.0029   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    6         0.0014   
864000 only               6         0.0014   
None                      201554    45.638   
None only                 185054    41.9019  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      14532     3.2905   
ecdsa-with-SHA256         24424     5.5303   
sha1WithRSAEncryption     300669    68.0807  
sha256WithRSAEncryption   116628    26.4082  
sha512WithRSAEncryption   1         0.0002   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 24452     5.5367   
ECDSA 384                 5         0.0011   
ECDSA 521                 1         0.0002   
RSA 1024                  1689      0.3824   
RSA 2028                  1         0.0002   
RSA 2047                  2         0.0005   
RSA 2048                  400697    90.7301  
RSA 2049                  1         0.0002   
RSA 2056                  6         0.0014   
RSA 2058                  2         0.0005   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0005   
RSA 2084                  10        0.0023   
RSA 2096                  1         0.0002   
RSA 2345                  1         0.0002   
RSA 2408                  3         0.0007   
RSA 2432                  8         0.0018   
RSA 2536                  1         0.0002   
RSA 2612                  1         0.0002   
RSA 3071                  1         0.0002   
RSA 3072                  54        0.0122   
RSA 3248                  3         0.0007   
RSA 3600                  1         0.0002   
RSA 4046                  1         0.0002   
RSA 4048                  2         0.0005   
RSA 4056                  33        0.0075   
RSA 4086                  3         0.0007   
RSA 4092                  2         0.0005   
RSA 4096                  14699     3.3283   
RSA 4098                  2         0.0005   
RSA 8192                  4         0.0009   
RSA/ECDSA Dual Stack      40        0.0091

OCSP stapling             Count     Percent 
-------------------------+---------+--------
Supported                 73634     16.673   
Unsupported               368002    83.327   

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      38835     8.7934
SSL2 Only                 100       0.0226
SSL3                      204062    46.2059
SSL3 Only                 2195      0.497
SSL3 or TLS1 Only         108575    24.5847
TLS1                      438481    99.2856
TLS1 Only                 46428     10.5127
TLS1.1                    281522    63.7453
TLS1.1 Only               25        0.0057
TLS1.1 or up Only         443       0.1003
TLS1.2                    292517    66.2349
TLS1.2 Only               337       0.0763
TLS1.2, 1.0 but not 1.1   13585     3.0761

Scan performed between 11th and 19th of November 2014.

Detail trust chain results

Statistics from 477473 chains provided by 632817 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  413143    65.2863
incomplete                27529     4.3502
untrusted                 192145    30.3634

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2158      0.452
3                         444774    93.1517
4                         30513     6.3905
5                         28        0.0059

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 24427     
ECDSA 384                 24427     
RSA 1024                  1337      
RSA 2045                  1         
RSA 2048                  893943    
RSA 4096                  39222     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 24427     5.1159
ECDSA 384                 24427     5.1159
RSA 1024                  1333      0.2792
RSA 2045                  1         0.0002
RSA 2048                  451667    94.5953
RSA 4096                  38725     8.1104

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              24427     
sha1WithRSAEncryption          336966    
sha256WithRSAEncryption        90026     
sha384WithRSAEncryption        54445     
sha512WithRSAEncryption        20        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        337471    70.6786
112                       115573    24.2051
128                       24429     5.1163

Most popular root CAs                         Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 112050    23.4673
(157753a5) AddTrust External CA Root          76553     16.0329
(5ad8a5d6) GlobalSign Root CA                 48090     10.0718
(cbf06781) Go Daddy Root Certificate Authorit 37124     7.7751
(b204d74a) VeriSign Class 3 Public Primary Ce 30047     6.2929
(2e4eed3c) thawte Primary Root CA             28036     5.8717
(eed8c118) COMODO ECC Certification Authority 24425     5.1155
(244b5494) DigiCert High Assurance EV Root CA 23682     4.9599
(f081611a) The Go Daddy Group, Inc.           17028     3.5663
(b13cc6df) UTN-USERFirst-Hardware             12816     2.6841
(653b494a) Baltimore CyberTrust Root          11357     2.3786
(40547a79) COMODO Certification Authority     9670      2.0252
(ae8153b9) StartCom Certification Authority   9305      1.9488
(f387163d) Starfield Technologies, Inc.       7652      1.6026

October 2014 results – big changes

While last month’s results were not very interesting, this month is anything but.

But before we go into results, there were few small changes to how the statistics are reported. First difference is that the “x:FF 29 RC4 Preferred” now includes sites that prefer RC4 ciphers independent of other ciphers. Second is the addition of new item “Insecure”, which is the sum total of sites that use any cipher with a “z:” state, it does not include sites that also include IDEA or SEED ciphers. Ciphersuites that use those two ciphers are now prefixed with “y:”, as they are iffy in the sense that they haven’t been widely analysed, but otherwise don’t have known weaknesses.

Since the last scan two big things happened. POODLE attack that has shown SSLv3 to be completely insecure in CBC mode and Cloudflare deploying their Universal SSL.The former should cause far less sites to have SSLv3 enabled while the former should show more sites using ECDSA certificates and more TLS enabled sites in general.

Cipher suite results

This time ’round, the number of TLS enabled servers has increased by over 33 thousand (7.6%) a much bigger amount than previous months.

Usage of AES-GCM has increased by 5.5% to 48.3%. Surprisingly the percentage of CAMELLIA enabled servers has fallen, but it’s caused by the overall increase of number of TLS enabled servers, not by fewer servers supporting this cipher.

As far as bad choices go, sites that use completely broken ciphers (AECDH, single DES, export grade, etc.) has fallen by 2.6% to 20.3%.

RC4 is still a problem, percent of servers that support it has fallen by just 2%. Percentage of servers that don’t support anything else has decreased by just 0.13% to 0.82%. It’s a biggest drop in months, but it still makes it impossible for browser vendors to drop it completely.  Similar fate share servers that prefer RC4 where their numbers fallen by just 2.28% to 15.5% of total. The good news is that it’s a reversal of a few months negative trend.

Misconfiguration that causes AECDH ciphers to be enabled is still common, just 0.6% fewer servers support it compared to last month, bringing their numbers to around 3.2%.

Cipher ordering has shown a big shift this time, just over 60% server now use their order instead of client side order, a change of over 5%!

There is also a rather big up-tick in fraction of servers that don’t enable the RSA key exchange, from less than a 1% to nearly 4% now.

More servers also started preferring Forward Secrecy: an increase of 3.8% to 68.6%. Also more servers support PFS now: 2.2% more for a total of 82%.

Server certificates

Another significant change are the certificates used by servers, while previously just 4 servers did use certificates signed by a ECDSA CA, now there are nearly 21 thousands of them, giving a total of 4.8% of servers using them. The servers that use RSA CAs have also seen a big change, nearly 4% more servers now have their certificates signed with SHA256, to a total of 20.5%.

The vast majority of those new ECDSA certificates use P-256 curve, a total of 6.6%, creating an increase of 4.5%.

Protocols

Obviously SSLv3 support has taken a blow, its use has fallen by over 26%, bringing its support to 69.5% (far too small change given the severity of POODLE). It looks like many administrators also have taken the time to actually update the cryptographic libraries they use, as TLS1.2 support has increased by 4.5% to a total of 64%.

Trust chains

With the introduction of ECDSA CAs, we can finally see a significant percentage of servers reach 128 bit level of security. We can also see that all of intermediate ECDSA CAs have been signed with SHA384. No big changes besides that.

Detailed cipher suite statistics

SSL/TLS survey of 435987 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      377229    86.523
3DES Only                 168       0.0385
AES                       409388    93.8991
AES Only                  2002      0.4592
AES-CBC Only              877       0.2012
AES-GCM                   210554    48.2936
AES-GCM Only              17        0.0039
CAMELLIA                  171200    39.2672
CHACHA20                  14611     3.3512
Insecure                  88343     20.2628
RC4                       375776    86.1897
RC4 Only                  3595      0.8246
RC4 Preferred             67695     15.5268
RC4 forced in TLS1.1+     47943     10.9964
x:FF 29 RC4 Only          5814      1.3335
x:FF 29 RC4 Preferred     79458     18.2249
x:FF 29 incompatible      164       0.0376
y:DHE-RSA-SEED-SHA        80620     18.4914
y:IDEA-CBC-MD5            3756      0.8615
y:IDEA-CBC-SHA            67532     15.4895
y:SEED-SHA                86784     19.9052
z:ADH-AES128-GCM-SHA256   338       0.0775
z:ADH-AES128-SHA          1197      0.2745
z:ADH-AES128-SHA256       317       0.0727
z:ADH-AES256-GCM-SHA384   338       0.0775
z:ADH-AES256-SHA          1202      0.2757
z:ADH-AES256-SHA256       317       0.0727
z:ADH-CAMELLIA128-SHA     559       0.1282
z:ADH-CAMELLIA256-SHA     567       0.13
z:ADH-DES-CBC-SHA         530       0.1216
z:ADH-DES-CBC3-SHA        1250      0.2867
z:ADH-RC4-MD5             1059      0.2429
z:ADH-SEED-SHA            393       0.0901
z:AECDH-AES128-SHA        14245     3.2673
z:AECDH-AES256-SHA        14255     3.2696
z:AECDH-DES-CBC3-SHA      14216     3.2606
z:AECDH-NULL-SHA          30        0.0069
z:AECDH-RC4-SHA           13277     3.0453
z:DES-CBC-MD5             24072     5.5213
z:DES-CBC-SHA             66848     15.3326
z:ECDHE-RSA-NULL-SHA      36        0.0083
z:EDH-RSA-DES-CBC-SHA     58599     13.4405
z:EXP-ADH-DES-CBC-SHA     435       0.0998
z:EXP-ADH-RC4-MD5         438       0.1005
z:EXP-DES-CBC-SHA         52036     11.9352
z:EXP-EDH-RSA-DES-CBC-SHA 40390     9.264
z:EXP-RC2-CBC-MD5         56308     12.9151
z:NULL-MD5                359       0.0823
z:NULL-SHA                361       0.0828
z:NULL-SHA256             19        0.0044
z:RC2-CBC-MD5             28014     6.4254

Cipher ordering           Count     Percent
-------------------------+---------+-------
Client side               170342    39.0704
Server side               265645    60.9296

FF 29 selected ciphers        Count    Percent
-----------------------------+---------+------
AES128-SHA                     41722     9.5696
AES256-SHA                     25362     5.8171
CAMELLIA128-SHA                132       0.0303
CAMELLIA256-SHA                45        0.0103
DES-CBC3-SHA                   1046      0.2399
DHE-RSA-AES128-SHA             98725     22.644
DHE-RSA-AES256-SHA             14490     3.3235
DHE-RSA-CAMELLIA128-SHA        34        0.0078
DHE-RSA-CAMELLIA256-SHA        540       0.1239
ECDHE-ECDSA-AES128-GCM-SHA256  28993     6.65
ECDHE-ECDSA-AES128-SHA         33        0.0076
ECDHE-ECDSA-AES256-SHA         1         0.0002
ECDHE-RSA-AES128-GCM-SHA256    115469    26.4845
ECDHE-RSA-AES128-SHA           3024      0.6936
ECDHE-RSA-AES256-SHA           26483     6.0743
ECDHE-RSA-DES-CBC3-SHA         41        0.0094
ECDHE-RSA-RC4-SHA              22083     5.0651
EDH-RSA-DES-CBC3-SHA           234       0.0537
RC4-MD5                        14117     3.2379
RC4-SHA                        43249     9.9198
x:DHE                          114023    26.1528
x:ECDHE                        196127    44.9846
x:kRSA                         125673    28.8249

Supported Handshakes      Count     Percent
-------------------------+---------+-------
ADH                       1316      0.3018
AECDH                     14284     3.2762
DHE                       211473    48.5044
ECDHE                     234954    53.8901
ECDHE and DHE             88609     20.3238
RSA                       418706    96.0363

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               191816    43.9958  90.7047
DH,1536bits               1         0.0002   0.0005
DH,2048bits               17701     4.06     8.3703
DH,2226bits               1         0.0002   0.0005
DH,2236bits               2         0.0005   0.0009
DH,2430bits               1         0.0002   0.0005
DH,3072bits               9         0.0021   0.0043
DH,3247bits               1         0.0002   0.0005
DH,3248bits               2         0.0005   0.0009
DH,4096bits               1006      0.2307   0.4757
DH,512bits                40546     9.2998   19.1731
DH,768bits                779       0.1787   0.3684
DH,8192bits               1         0.0002   0.0005
ECDH,B-163,163bits        15        0.0034   0.0064
ECDH,B-571,570bits        456       0.1046   0.1941
ECDH,P-224,224bits        6         0.0014   0.0026
ECDH,P-256,256bits        233089    53.4624  99.2062
ECDH,P-384,384bits        675       0.1548   0.2873
ECDH,P-521,521bits        1259      0.2888   0.5358
Prefer DH,1024bits        111225    25.5111  52.5954
Prefer DH,1536bits        1         0.0002   0.0005
Prefer DH,2048bits        1875      0.4301   0.8866
Prefer DH,2236bits        1         0.0002   0.0005
Prefer DH,3072bits        1         0.0002   0.0005
Prefer DH,4096bits        61        0.014    0.0288
Prefer DH,512bits         6         0.0014   0.0028
Prefer DH,768bits         443       0.1016   0.2095
Prefer ECDH,B-163,163bits 15        0.0034   0.0064
Prefer ECDH,B-571,570bits 357       0.0819   0.1519
Prefer ECDH,P-224,224bits 4         0.0009   0.0017
Prefer ECDH,P-256,256bits 183233    42.0272  77.9868
Prefer ECDH,P-384,384bits 616       0.1413   0.2622
Prefer ECDH,P-521,521bits 1191      0.2732   0.5069
Prefer PFS                299029    68.5867  0
Support PFS               357818    82.0708  0

TLS session ticket hint   Count     Percent 
-------------------------+---------+--------
3                         2         0.0005   
3 only                    2         0.0005   
5                         1         0.0002   
5 only                    1         0.0002   
10                        1         0.0002   
10 only                   1         0.0002   
30                        10        0.0023   
30 only                   3         0.0007   
60                        57        0.0131   
60 only                   50        0.0115   
64                        1         0.0002   
100                       17        0.0039   
100 only                  17        0.0039   
120                       14        0.0032   
120 only                  14        0.0032   
128                       2         0.0005   
128 only                  2         0.0005   
180                       27        0.0062   
180 only                  27        0.0062   
240                       3         0.0007   
240 only                  3         0.0007   
300                       168875    38.734   
300 only                  151039    34.643   
360                       1         0.0002   
360 only                  1         0.0002   
400                       1         0.0002   
400 only                  1         0.0002   
420                       22        0.005    
420 only                  13        0.003    
480                       10        0.0023   
480 only                  10        0.0023   
600                       9358      2.1464   
600 only                  9103      2.0879   
900                       289       0.0663   
900 only                  266       0.061    
960                       2         0.0005   
960 only                  2         0.0005   
1000                      1         0.0002   
1000 only                 1         0.0002   
1200                      64        0.0147   
1200 only                 61        0.014    
1500                      9         0.0021   
1500 only                 8         0.0018   
1800                      211       0.0484   
1800 only                 204       0.0468   
2100                      1         0.0002   
2100 only                 1         0.0002   
2400                      1         0.0002   
2400 only                 1         0.0002   
2700                      5         0.0011   
2700 only                 5         0.0011   
3000                      11        0.0025   
3000 only                 11        0.0025   
3600                      296       0.0679   
3600 only                 281       0.0645   
5400                      2         0.0005   
7200                      11402     2.6152   
7200 only                 8697      1.9948   
10800                     15        0.0034   
10800 only                8         0.0018   
14400                     929       0.2131   
14400 only                927       0.2126   
21600                     723       0.1658   
21600 only                722       0.1656   
28800                     8         0.0018   
28800 only                8         0.0018   
36000                     409       0.0938   
36000 only                408       0.0936   
43200                     5170      1.1858   
43200 only                5170      1.1858   
64800                     37708     8.6489   
64800 only                33313     7.6408   
72000                     8         0.0018   
72000 only                8         0.0018   
86000                     27        0.0062   
86000 only                23        0.0053   
86400                     168       0.0385   
86400 only                167       0.0383   
100800                    14357     3.293    
100800 only               17        0.0039   
115200                    1         0.0002   
115200 only               1         0.0002   
129600                    11        0.0025   
129600 only               11        0.0025   
604800                    1         0.0002   
604800 only               1         0.0002   
864000                    4         0.0009   
864000 only               4         0.0009   
None                      225373    51.6926  
None only                 185753    42.6052  

Certificate sig alg     Count     Percent 
-------------------------+---------+--------
None                      15401     3.5324   
ecdsa-with-SHA256         20950     4.8052   
sha1WithRSAEncryption     330148    75.7243  
sha256WithRSAEncryption   89341     20.4917  
sha512WithRSAEncryption   1         0.0002   

Certificate key size    Count     Percent 
-------------------------+---------+--------
ECDSA 256                 29029     6.6582   
ECDSA 384                 2         0.0005   
ECDSA 521                 1         0.0002   
RSA 1024                  1672      0.3835   
RSA 2028                  1         0.0002   
RSA 2047                  2         0.0005   
RSA 2048                  403610    92.5739  
RSA 2049                  1         0.0002   
RSA 2056                  5         0.0011   
RSA 2058                  2         0.0005   
RSA 2064                  1         0.0002   
RSA 2080                  2         0.0005
RSA 2084                  8         0.0018
RSA 2345                  1         0.0002
RSA 2408                  2         0.0005
RSA 2432                  11        0.0025
RSA 2536                  1         0.0002
RSA 3050                  1         0.0002
RSA 3072                  61        0.014
RSA 3096                  1         0.0002
RSA 3248                  3         0.0007
RSA 3600                  1         0.0002
RSA 4046                  2         0.0005
RSA 4048                  2         0.0005
RSA 4056                  4         0.0009
RSA 4069                  1         0.0002
RSA 4086                  2         0.0005
RSA 4092                  4         0.0009
RSA 4096                  14038     3.2198
RSA 4098                  2         0.0005
RSA 4192                  1         0.0002
RSA 8192                  5         0.0011
RSA/ECDSA Dual Stack      12472     2.8606

OCSP stapling             Count     Percent
-------------------------+---------+--------
Supported                 60520     13.8811
Unsupported               375467    86.1189

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      44800     10.2755
SSL2 Only                 5536      1.2698
SSL3                      302890    69.4723
SSL3 Only                 2971      0.6814
SSL3 or TLS1 Only         109447    25.1033
TLS1                      426128    97.7387
TLS1 Only                 22838     5.2382
TLS1.1                    270662    62.0803
TLS1.1 Only               25        0.0057
TLS1.1 or up Only         610       0.1399
TLS1.2                    279090    64.0134
TLS1.2 Only               441       0.1011
TLS1.2, 1.0 but not 1.1   12266     2.8134

Detailed trust chain statistics

Statistics from 484280 chains provided by 627529 hosts

Server provided chains    Count     Percent
-------------------------+---------+-------
complete                  403421    64.2872
incomplete                30809     4.9096
untrusted                 193299    30.8032

Trusted chain statistics
========================

Chain length              Count     Percent
-------------------------+---------+-------
2                         2084      0.4303
3                         460867    95.1654
4                         21301     4.3985
5                         28        0.0058

CA key size in chains     Count
-------------------------+---------
ECDSA 256                 20950     
ECDSA 384                 20950     
RSA 1024                  1362      
RSA 2045                  1         
RSA 2048                  915053    
RSA 4096                  29517     

Chains with CA key        Count     Percent
-------------------------+---------+-------
ECDSA 256                 20950     4.326
ECDSA 384                 20950     4.326
RSA 1024                  1357      0.2802
RSA 2045                  1         0.0002
RSA 2048                  461970    95.3932
RSA 4096                  29113     6.0116

Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384              20950     
sha1WithRSAEncryption          377133    
sha256WithRSAEncryption        68752     
sha384WithRSAEncryption        36708     
sha512WithRSAEncryption        10        

Eff. host cert chain LoS  Count     Percent
-------------------------+---------+-------
80                        377698    77.9917
112                       85631     17.6821
128                       20951     4.3262

Common Root CAs                               Count     Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA                 118634    24.497
(157753a5) AddTrust External CA Root          75645     15.6201
(5ad8a5d6) GlobalSign Root CA                 56056     11.5751
(cbf06781) Go Daddy Root Certificate Authorit 34301     7.0829
(2e4eed3c) thawte Primary Root CA             27922     5.7657
(b204d74a) VeriSign Class 3 Public Primary Ce 27262     5.6294
(244b5494) DigiCert High Assurance EV Root CA 23640     4.8815
(eed8c118) COMODO ECC Certification Authority 20947     4.3254
(f081611a) The Go Daddy Group, Inc.           21077     4.3522
(b13cc6df) UTN-USERFirst-Hardware             13019     2.6883
(653b494a) Baltimore CyberTrust Root          11115     2.2952
(40547a79) COMODO Certification Authority     10071     2.0796
(ae8153b9) StartCom Certification Authority   8762      1.8093
(f387163d) Starfield Technologies, Inc.       8273      1.7083

The scan was performed between 13th and 24th of October 2014.

POODLE attack

Unfortunately the script I’m using to acquire the statistics isn’t fast, people responsible for the zmap network scanner have performed a quick look at both Alexa Top 1 Million domains as well as the IPv4 address space.

In short, they found 1186 sites (0.02% of Alexa top 1M) to support SSLv3 as the highest TLS version. At the same time, 96.9% support SSLv3. If we take a look on all of IPv4 address space, the percentage rises to 0.8% and 98.1% respectively.

Head over to their article for details.