Fedora crypto policy vs the real world Was: available crypto policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I went and extended the scanning script from
https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
and performed the same scan again.

The most important change is that I captured also the information
about the used certificate by server (both the key size, signature
and if it links to trust anchors we distribute in F19). That makes
the cohort significantly different (my 305280 valid servers vs
Julien Vehent's 451470 SSL-enabled servers).

The results are both good and bad.

The bad:
 1. Over 10% of servers prefer RC4 with TLS1.1 or TLS1.2 (!!)
 2. 1.77% of servers support only RC4 (which is an increase from
    Julien scan result of 1.5%)
 3. Nearly 20% of servers prefer RC4
 4. There are still servers that support *only* SSLv2
 5. Nearly 95% of servers have certificates signed with SHA-1
 6. Over 30% of servers prefer PFS with 1024 bit DH params
 7. 15% of servers enable export suites
 8. 19% enable single DES suites
 9. 3% of servers support only 3DES ciphers

The good:
 1. There are no servers with valid certificates and <1024 bit RSA keys
 2. While there are quite a few servers that use 768bit or 512bit DH
    (about 0.2%) very few of them actually prefer them (0.023%)
 3. There are no servers with certificates with md5 signatures
 4. Nearly 50% of servers support TLS1.1 or greater
 5. Over 99% of servers use at least 2047 bit RSA certificates

Note that the results do not include results from SNI-only servers.
Also, for some reason google servers like YouTube don't present ECDSA
certificates to the script.

SSL/TLS survey of 305280 websites from Alexa's top 0.97 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)


Supported Ciphers         Count     Percent
-------------------------+---------+-------
3DES                      274509    89.9204
3DES Only                 9642      3.1584
AES                       277201    90.8022
AES Only                  523       0.1713
AES-CBC Only              267       0.0875
AES-GCM                   100595    32.9517
AES-GCM Only              12        0.0039
CAMELLIA                  112135    36.7319
CAMELLIA Only             1         0.0003
CHACHA20                  19072     6.2474
RC4                       268298    87.8859
RC4 Only                  5418      1.7748
RC4 Preferred             59552     19.5073
RC4 forced in TLS1.1+     31737     10.396
z:ADH-DES-CBC-SHA         1016      0.3328
z:ADH-SEED-SHA            795       0.2604
z:AECDH-NULL-SHA          8         0.0026
z:DES-CBC-MD5             279       0.0914
z:DES-CBC-SHA             60744     19.8978
z:DHE-RSA-SEED-SHA        46262     15.154
z:ECDHE-RSA-NULL-SHA      6         0.002
z:EDH-RSA-DES-CBC-SHA     49529     16.2241
z:EXP-ADH-DES-CBC-SHA     624       0.2044
z:EXP-DES-CBC-SHA         49850     16.3293
z:EXP-EDH-RSA-DES-CBC-SHA 36180     11.8514
z:EXP-RC2-CBC-MD5         47372     15.5176
z:IDEA-CBC-MD5            28        0.0092
z:IDEA-CBC-SHA            44932     14.7183
z:NULL-MD5                322       0.1055
z:NULL-SHA                317       0.1038
z:NULL-SHA256             11        0.0036
z:RC2-CBC-MD5             307       0.1006
z:SEED-SHA                59061     19.3465

Supported Handshakes      Count     Percent
-------------------------+---------+-------
DHE                       144983    47.4918
DHE and ECDHE             33828     11.081
ECDHE                     113831    37.2874

Supported PFS             Count     Percent  PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits               138534    45.3793  61.5745
DH,2048bits               5471      1.7921   2.4317
DH,3072bits               2         0.0007   0.0009
DH,3248bits               2         0.0007   0.0009
DH,4094bits               1         0.0003   0.0004
DH,4096bits               250       0.0819   0.1111
DH,512bits                78        0.0256   0.0347
DH,768bits                651       0.2132   0.2894
ECDH,B-163,163bits        1         0.0003   0.0004
ECDH,B-571,570bits        279       0.0914   0.124
ECDH,P-224,224bits        3         0.001    0.0013
ECDH,P-256,256bits        113201    37.081   50.3147
ECDH,P-384,384bits        138       0.0452   0.0613
ECDH,P-521,521bits        266       0.0871   0.1182
Prefer DH,1024bits        99280     32.521   44.1272
Prefer DH,2048bits        1848      0.6053   0.8214
Prefer DH,4096bits        12        0.0039   0.0053
Prefer DH,512bits         1         0.0003   0.0004
Prefer DH,768bits         72        0.0236   0.032
Prefer ECDH,B-163,163bits 1         0.0003   0.0004
Prefer ECDH,B-571,570bits 226       0.074    0.1005
Prefer ECDH,P-256,256bits 80220     26.2775  35.6556
Prefer ECDH,P-384,384bits 84        0.0275   0.0373
Prefer ECDH,P-521,521bits 246       0.0806   0.1093
Prefer PFS                181990    59.6141  80.8895
Support PFS               224986    73.6982  100.0

Certificate sig alg       Count     Percent 
-------------------------+---------+--------
None                      11870     3.8882   
sha1WithRSAEncryption     289276    94.7576  
sha256WithRSAEncryption   16033     5.2519   

Certificate key size      Count     Percent 
-------------------------+---------+--------
RSA 1024                  2098      0.6872   
RSA 2028                  1         0.0003   
RSA 2047                  3         0.001    
RSA 2048                  295413    96.7679  
RSA 2049                  4         0.0013   
RSA 2056                  3         0.001    
RSA 2058                  1         0.0003   
RSA 2060                  1         0.0003   
RSA 2064                  1         0.0003   
RSA 2080                  3         0.001    
RSA 2084                  2         0.0007   
RSA 2345                  1         0.0003   
RSA 2408                  1         0.0003   
RSA 2432                  88        0.0288   
RSA 2536                  1         0.0003   
RSA 2612                  1         0.0003   
RSA 3000                  1         0.0003   
RSA 3050                  1         0.0003   
RSA 3072                  18        0.0059   
RSA 3248                  2         0.0007   
RSA 3600                  1         0.0003   
RSA 4042                  1         0.0003   
RSA 4048                  1         0.0003   
RSA 4069                  1         0.0003   
RSA 4086                  1         0.0003   
RSA 4092                  2         0.0007   
RSA 4096                  7634      2.5007   
RSA 4098                  1         0.0003   
RSA 4192                  2         0.0007   
RSA 8192                  4         0.0013   
RSA/ECDSA Dual Stack      0         0.0

Supported Protocols       Count     Percent
-------------------------+---------+-------
SSL2                      644       0.211
SSL2 Only                 20        0.0066
SSL3                      303052    99.2702
SSL3 Only                 3706      1.214
SSL3 or TLS1 Only         155876    51.06
TLS1                      301098    98.6301
TLS1 Only                 673       0.2205
TLS1.1                    136386    44.6757
TLS1.1 Only               4         0.0013
TLS1.1 or up Only         60        0.0197
TLS1.2                    144857    47.4505
TLS1.2 Only               45        0.0147
TLS1.2, 1.0 but not 1.1   12292     4.0265

(the scan was performed between 5th and 17th of April 2014,
full results available on request - 34MiB xz tarball)

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario@xxxxxxxxxx
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux