Hi, I went and extended the scanning script from https://jve.linuxwall.info/blog/index.php?post/TLS_Survey and performed the same scan again. The most important change is that I captured also the information about the used certificate by server (both the key size, signature and if it links to trust anchors we distribute in F19). That makes the cohort significantly different (my 305280 valid servers vs Julien Vehent's 451470 SSL-enabled servers). The results are both good and bad. The bad: 1. Over 10% of servers prefer RC4 with TLS1.1 or TLS1.2 (!!) 2. 1.77% of servers support only RC4 (which is an increase from Julien scan result of 1.5%) 3. Nearly 20% of servers prefer RC4 4. There are still servers that support *only* SSLv2 5. Nearly 95% of servers have certificates signed with SHA-1 6. Over 30% of servers prefer PFS with 1024 bit DH params 7. 15% of servers enable export suites 8. 19% enable single DES suites 9. 3% of servers support only 3DES ciphers The good: 1. There are no servers with valid certificates and <1024 bit RSA keys 2. While there are quite a few servers that use 768bit or 512bit DH (about 0.2%) very few of them actually prefer them (0.023%) 3. There are no servers with certificates with md5 signatures 4. Nearly 50% of servers support TLS1.1 or greater 5. Over 99% of servers use at least 2047 bit RSA certificates Note that the results do not include results from SNI-only servers. Also, for some reason google servers like YouTube don't present ECDSA certificates to the script. SSL/TLS survey of 305280 websites from Alexa's top 0.97 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 274509 89.9204 3DES Only 9642 3.1584 AES 277201 90.8022 AES Only 523 0.1713 AES-CBC Only 267 0.0875 AES-GCM 100595 32.9517 AES-GCM Only 12 0.0039 CAMELLIA 112135 36.7319 CAMELLIA Only 1 0.0003 CHACHA20 19072 6.2474 RC4 268298 87.8859 RC4 Only 5418 1.7748 RC4 Preferred 59552 19.5073 RC4 forced in TLS1.1+ 31737 10.396 z:ADH-DES-CBC-SHA 1016 0.3328 z:ADH-SEED-SHA 795 0.2604 z:AECDH-NULL-SHA 8 0.0026 z:DES-CBC-MD5 279 0.0914 z:DES-CBC-SHA 60744 19.8978 z:DHE-RSA-SEED-SHA 46262 15.154 z:ECDHE-RSA-NULL-SHA 6 0.002 z:EDH-RSA-DES-CBC-SHA 49529 16.2241 z:EXP-ADH-DES-CBC-SHA 624 0.2044 z:EXP-DES-CBC-SHA 49850 16.3293 z:EXP-EDH-RSA-DES-CBC-SHA 36180 11.8514 z:EXP-RC2-CBC-MD5 47372 15.5176 z:IDEA-CBC-MD5 28 0.0092 z:IDEA-CBC-SHA 44932 14.7183 z:NULL-MD5 322 0.1055 z:NULL-SHA 317 0.1038 z:NULL-SHA256 11 0.0036 z:RC2-CBC-MD5 307 0.1006 z:SEED-SHA 59061 19.3465 Supported Handshakes Count Percent -------------------------+---------+------- DHE 144983 47.4918 DHE and ECDHE 33828 11.081 ECDHE 113831 37.2874 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 138534 45.3793 61.5745 DH,2048bits 5471 1.7921 2.4317 DH,3072bits 2 0.0007 0.0009 DH,3248bits 2 0.0007 0.0009 DH,4094bits 1 0.0003 0.0004 DH,4096bits 250 0.0819 0.1111 DH,512bits 78 0.0256 0.0347 DH,768bits 651 0.2132 0.2894 ECDH,B-163,163bits 1 0.0003 0.0004 ECDH,B-571,570bits 279 0.0914 0.124 ECDH,P-224,224bits 3 0.001 0.0013 ECDH,P-256,256bits 113201 37.081 50.3147 ECDH,P-384,384bits 138 0.0452 0.0613 ECDH,P-521,521bits 266 0.0871 0.1182 Prefer DH,1024bits 99280 32.521 44.1272 Prefer DH,2048bits 1848 0.6053 0.8214 Prefer DH,4096bits 12 0.0039 0.0053 Prefer DH,512bits 1 0.0003 0.0004 Prefer DH,768bits 72 0.0236 0.032 Prefer ECDH,B-163,163bits 1 0.0003 0.0004 Prefer ECDH,B-571,570bits 226 0.074 0.1005 Prefer ECDH,P-256,256bits 80220 26.2775 35.6556 Prefer ECDH,P-384,384bits 84 0.0275 0.0373 Prefer ECDH,P-521,521bits 246 0.0806 0.1093 Prefer PFS 181990 59.6141 80.8895 Support PFS 224986 73.6982 100.0 Certificate sig alg Count Percent -------------------------+---------+-------- None 11870 3.8882 sha1WithRSAEncryption 289276 94.7576 sha256WithRSAEncryption 16033 5.2519 Certificate key size Count Percent -------------------------+---------+-------- RSA 1024 2098 0.6872 RSA 2028 1 0.0003 RSA 2047 3 0.001 RSA 2048 295413 96.7679 RSA 2049 4 0.0013 RSA 2056 3 0.001 RSA 2058 1 0.0003 RSA 2060 1 0.0003 RSA 2064 1 0.0003 RSA 2080 3 0.001 RSA 2084 2 0.0007 RSA 2345 1 0.0003 RSA 2408 1 0.0003 RSA 2432 88 0.0288 RSA 2536 1 0.0003 RSA 2612 1 0.0003 RSA 3000 1 0.0003 RSA 3050 1 0.0003 RSA 3072 18 0.0059 RSA 3248 2 0.0007 RSA 3600 1 0.0003 RSA 4042 1 0.0003 RSA 4048 1 0.0003 RSA 4069 1 0.0003 RSA 4086 1 0.0003 RSA 4092 2 0.0007 RSA 4096 7634 2.5007 RSA 4098 1 0.0003 RSA 4192 2 0.0007 RSA 8192 4 0.0013 RSA/ECDSA Dual Stack 0 0.0 Supported Protocols Count Percent -------------------------+---------+------- SSL2 644 0.211 SSL2 Only 20 0.0066 SSL3 303052 99.2702 SSL3 Only 3706 1.214 SSL3 or TLS1 Only 155876 51.06 TLS1 301098 98.6301 TLS1 Only 673 0.2205 TLS1.1 136386 44.6757 TLS1.1 Only 4 0.0013 TLS1.1 or up Only 60 0.0197 TLS1.2 144857 47.4505 TLS1.2 Only 45 0.0147 TLS1.2, 1.0 but not 1.1 12292 4.0265 (the scan was performed between 5th and 17th of April 2014, full results available on request - 34MiB xz tarball) -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hkario@xxxxxxxxxx Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
