Not many changes since last month's scan results, though there are two additions: tests for supported curves for ECDHE key exchange and signature algorithms for DHE and ECDHE key exchange in TLS1.2. I've also extended the scanner to perform few tests for different intolerances, unfortunately they were rather inconclusive - the only certain thing is that about 4.8% of TLS-enabled servers have broken implementations of TLS. Full analysis on my blog: https://securitypitfalls.wordpress.com/2014/12/12/november-2014-results-intolerancies/ SSL/TLS survey of 441636 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 374355 84.7655 3DES Only 402 0.091 AES 413509 93.6312 AES Only 3628 0.8215 AES-CBC Only 2370 0.5366 AES-GCM 226553 51.2986 AES-GCM Only 11 0.0025 CAMELLIA 169951 38.4821 CAMELLIA Only 1 0.0002 CHACHA20 14060 3.1836 Insecure 97652 22.1114 RC4 370269 83.8403 RC4 Only 3694 0.8364 RC4 Preferred 72316 16.3746 RC4 forced in TLS1.1+ 44600 10.0988 x:FF 29 RC4 Only 521 0.118 x:FF 29 RC4 Preferred 77977 17.6564 x:FF 29 incompatible 152 0.0344 y:DHE-RSA-SEED-SHA 81413 18.4344 y:IDEA-CBC-MD5 3271 0.7407 y:IDEA-CBC-SHA 66611 15.0828 y:SEED-SHA 83866 18.9898 z:ADH-AES128-GCM-SHA256 297 0.0672 z:ADH-AES128-SHA 1093 0.2475 z:ADH-AES128-SHA256 258 0.0584 z:ADH-AES256-GCM-SHA384 298 0.0675 z:ADH-AES256-SHA 1105 0.2502 z:ADH-AES256-SHA256 258 0.0584 z:ADH-CAMELLIA128-SHA 461 0.1044 z:ADH-CAMELLIA256-SHA 471 0.1066 z:ADH-DES-CBC-SHA 457 0.1035 z:ADH-DES-CBC3-SHA 1145 0.2593 z:ADH-RC4-MD5 929 0.2104 z:ADH-SEED-SHA 327 0.074 z:AECDH-AES128-SHA 13449 3.0453 z:AECDH-AES256-SHA 13444 3.0441 z:AECDH-DES-CBC3-SHA 13404 3.0351 z:AECDH-NULL-SHA 32 0.0072 z:AECDH-RC4-SHA 12431 2.8148 z:DES-CBC-MD5 21586 4.8877 z:DES-CBC-SHA 57810 13.09 z:DES-CBC3-MD5 38510 8.7199 z:ECDHE-RSA-NULL-SHA 40 0.0091 z:EDH-RSA-DES-CBC-SHA 50046 11.332 z:EXP-ADH-DES-CBC-SHA 370 0.0838 z:EXP-ADH-RC4-MD5 375 0.0849 z:EXP-DES-CBC-SHA 43742 9.9045 z:EXP-EDH-RSA-DES-CBC-SHA 32332 7.321 z:EXP-RC2-CBC-MD5 48992 11.0933 z:EXP-RC4-MD5 51816 11.7327 z:EXP1024-DES-CBC-SHA 10301 2.3325 z:EXP1024-RC4-SHA 10439 2.3637 z:NULL-MD5 308 0.0697 z:NULL-SHA 310 0.0702 z:NULL-SHA256 21 0.0048 z:RC2-CBC-MD5 21992 4.9797 z:RC4-64-MD5 1761 0.3987 Cipher ordering Count Percent -------------------------+---------+------- Client side 146876 33.2573 Server side 294760 66.7427 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1219 0.276 AECDH 13477 3.0516 DHE 218697 49.5197 ECDHE 250523 56.7261 ECDHE and DHE 107307 24.2976 RSA 416216 94.2441 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 194241 43.9821 88.8174 DH,1536bits 1 0.0002 0.0005 DH,2047bits 1 0.0002 0.0005 DH,2048bits 22093 5.0025 10.1021 DH,2226bits 1 0.0002 0.0005 DH,2236bits 2 0.0005 0.0009 DH,3072bits 11 0.0025 0.005 DH,3248bits 2 0.0005 0.0009 DH,4096bits 1313 0.2973 0.6004 DH,512bits 32507 7.3606 14.8639 DH,768bits 866 0.1961 0.396 DH,8192bits 1 0.0002 0.0005 ECDH,B-163,163bits 12 0.0027 0.0048 ECDH,B-571,570bits 565 0.1279 0.2255 ECDH,P-224,224bits 15 0.0034 0.006 ECDH,P-256,256bits 244052 55.2609 97.417 ECDH,P-384,384bits 717 0.1624 0.2862 ECDH,P-521,521bits 6141 1.3905 2.4513 Prefer DH,1024bits 102473 23.203 46.8562 Prefer DH,2048bits 2729 0.6179 1.2478 Prefer DH,2236bits 1 0.0002 0.0005 Prefer DH,3072bits 1 0.0002 0.0005 Prefer DH,4096bits 87 0.0197 0.0398 Prefer DH,512bits 23 0.0052 0.0105 Prefer DH,768bits 459 0.1039 0.2099 Prefer ECDH,B-163,163bits 12 0.0027 0.0048 Prefer ECDH,B-571,570bits 394 0.0892 0.1573 Prefer ECDH,P-224,224bits 14 0.0032 0.0056 Prefer ECDH,P-256,256bits 196706 44.5403 78.5181 Prefer ECDH,P-384,384bits 660 0.1494 0.2634 Prefer ECDH,P-521,521bits 5660 1.2816 2.2593 Prefer PFS 309219 70.0167 0 Support PFS 361913 81.9483 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 19 0.0043 brainpoolP384r1 19 0.0043 brainpoolP512r1 19 0.0043 prime192v1 573 0.1297 prime256v1 245656 55.6241 prime256v1 Only 213263 48.2893 secp160k1 554 0.1254 secp160r1 554 0.1254 secp160r2 554 0.1254 secp192k1 565 0.1279 secp224k1 576 0.1304 secp224r1 714 0.1617 secp256k1 579 0.1311 secp384r1 32501 7.3592 secp384r1 Only 109 0.0247 secp521r1 7817 1.77 secp521r1 Only 69 0.0156 sect163k1 559 0.1266 sect163k1 Only 1 0.0002 sect163r1 557 0.1261 sect163r2 570 0.1291 sect163r2 Only 12 0.0027 sect193r1 557 0.1261 sect193r2 557 0.1261 sect233k1 573 0.1297 sect233r1 573 0.1297 sect239k1 572 0.1295 sect283k1 573 0.1297 sect283r1 572 0.1295 sect409k1 570 0.1291 sect409r1 570 0.1291 sect571k1 574 0.13 sect571r1 574 0.13 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 52248 11.8306 True 161110 36.4803 order-specific 10 0.0023 unknown 228268 51.6869 ECC curve ordering Count Percent -------------------------+---------+-------- client 577 0.1307 inconclusive-noecc 2 0.0005 server 245280 55.539 unknown 195777 44.3299 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 24443 5.5346 ECDSA-SHA224 24448 5.5358 ECDSA-SHA256 24449 5.536 ECDSA-SHA384 24451 5.5365 ECDSA-SHA512 24454 5.5371 ECDSA-SHA512 Only 3 0.0007 RSA-MD5 106330 24.0764 RSA-MD5 Only 3 0.0007 RSA-SHA1 225736 51.1136 RSA-SHA1 Only 35561 8.0521 RSA-SHA224 186614 42.2552 RSA-SHA256 191459 43.3522 RSA-SHA256 Only 926 0.2097 RSA-SHA384 186997 42.3419 RSA-SHA512 187037 42.3509 RSA-SHA512 Only 37 0.0084 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 170553 38.6185 indeterminate 8 0.0018 intolerant 661 0.1497 order-fallback 5 0.0011 server 80372 18.1987 unsupported 40930 9.2678 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 24438 5.5335 ECDSA intolerant 20 0.0045 ECDSA pfs-rsa-SHA512 1 0.0002 RSA False 104894 23.7512 RSA SHA1 105580 23.9066 RSA intolerant 15354 3.4766 RSA pfs-ecdsa-SHA512 2 0.0005 RSA soft-nopfs 1464 0.3315 Renegotiation Count Percent -------------------------+---------+-------- False 11218 2.5401 insecure 28271 6.4014 secure 402147 91.0585 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 19036 4.3103 False 11218 2.5401 NONE 411382 93.1496 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 1 0.0002 1 only 1 0.0002 3 2 0.0005 3 only 2 0.0005 5 1 0.0002 5 only 1 0.0002 10 3 0.0007 10 only 3 0.0007 15 7 0.0016 15 only 7 0.0016 30 9 0.002 30 only 9 0.002 45 1 0.0002 45 only 1 0.0002 60 71 0.0161 60 only 67 0.0152 65 1 0.0002 65 only 1 0.0002 70 1 0.0002 75 1 0.0002 75 only 1 0.0002 100 16 0.0036 100 only 16 0.0036 120 15 0.0034 120 only 15 0.0034 128 1 0.0002 128 only 1 0.0002 180 35 0.0079 180 only 35 0.0079 240 2 0.0005 240 only 2 0.0005 300 169526 38.3859 300 only 156066 35.3382 360 1 0.0002 360 only 1 0.0002 400 2 0.0005 400 only 2 0.0005 420 25 0.0057 420 only 17 0.0038 480 11 0.0025 480 only 10 0.0023 600 12859 2.9117 600 only 12605 2.8542 660 1 0.0002 660 only 1 0.0002 900 355 0.0804 900 only 337 0.0763 960 2 0.0005 960 only 2 0.0005 1000 1 0.0002 1000 only 1 0.0002 1200 253 0.0573 1200 only 249 0.0564 1500 11 0.0025 1500 only 10 0.0023 1800 258 0.0584 1800 only 254 0.0575 2100 1 0.0002 2100 only 1 0.0002 2400 1 0.0002 2400 only 1 0.0002 2700 5 0.0011 2700 only 5 0.0011 3000 8 0.0018 3000 only 8 0.0018 3600 336 0.0761 3600 only 309 0.07 5400 2 0.0005 6000 4 0.0009 6000 only 4 0.0009 7200 11602 2.6271 7200 only 8915 2.0186 10800 16 0.0036 10800 only 8 0.0018 14400 1087 0.2461 14400 only 1086 0.2459 18000 1 0.0002 18000 only 1 0.0002 21600 3246 0.735 21600 only 3244 0.7345 28800 13 0.0029 28800 only 12 0.0027 36000 420 0.0951 36000 only 412 0.0933 43200 2089 0.473 43200 only 2089 0.473 64800 40233 9.11 64800 only 40222 9.1075 72000 5 0.0011 72000 only 5 0.0011 86000 37 0.0084 86000 only 37 0.0084 86400 176 0.0399 86400 only 174 0.0394 100800 13809 3.1268 100800 only 13809 3.1268 115200 1 0.0002 115200 only 1 0.0002 129600 13 0.0029 129600 only 13 0.0029 604800 1 0.0002 604800 only 1 0.0002 864000 6 0.0014 864000 only 6 0.0014 None 201554 45.638 None only 185054 41.9019 Certificate sig alg Count Percent -------------------------+---------+-------- None 14532 3.2905 ecdsa-with-SHA256 24424 5.5303 sha1WithRSAEncryption 300669 68.0807 sha256WithRSAEncryption 116628 26.4082 sha512WithRSAEncryption 1 0.0002 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 24452 5.5367 ECDSA 384 5 0.0011 ECDSA 521 1 0.0002 RSA 1024 1689 0.3824 RSA 2028 1 0.0002 RSA 2047 2 0.0005 RSA 2048 400697 90.7301 RSA 2049 1 0.0002 RSA 2056 6 0.0014 RSA 2058 2 0.0005 RSA 2064 1 0.0002 RSA 2080 2 0.0005 RSA 2084 10 0.0023 RSA 2096 1 0.0002 RSA 2345 1 0.0002 RSA 2408 3 0.0007 RSA 2432 8 0.0018 RSA 2536 1 0.0002 RSA 2612 1 0.0002 RSA 3071 1 0.0002 RSA 3072 54 0.0122 RSA 3248 3 0.0007 RSA 3600 1 0.0002 RSA 4046 1 0.0002 RSA 4048 2 0.0005 RSA 4056 33 0.0075 RSA 4086 3 0.0007 RSA 4092 2 0.0005 RSA 4096 14699 3.3283 RSA 4098 2 0.0005 RSA 8192 4 0.0009 RSA/ECDSA Dual Stack 40 0.0091 OCSP stapling Count Percent -------------------------+---------+-------- Supported 73634 16.673 Unsupported 368002 83.327 Supported Protocols Count Percent -------------------------+---------+------- SSL2 38835 8.7934 SSL2 Only 100 0.0226 SSL3 204062 46.2059 SSL3 Only 2195 0.497 SSL3 or TLS1 Only 108575 24.5847 TLS1 438481 99.2856 TLS1 Only 46428 10.5127 TLS1.1 281522 63.7453 TLS1.1 Only 25 0.0057 TLS1.1 or up Only 443 0.1003 TLS1.2 292517 66.2349 TLS1.2 Only 337 0.0763 TLS1.2, 1.0 but not 1.1 13585 3.0761 Statistics from 477473 chains provided by 632817 hosts Server provided chains Count Percent -------------------------+---------+------- complete 413143 65.2863 incomplete 27529 4.3502 untrusted 192145 30.3634 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 2158 0.452 3 444774 93.1517 4 30513 6.3905 5 28 0.0059 CA key size in chains Count -------------------------+--------- ECDSA 256 24427 ECDSA 384 24427 RSA 1024 1337 RSA 2045 1 RSA 2048 893943 RSA 4096 39222 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 24427 5.1159 ECDSA 384 24427 5.1159 RSA 1024 1333 0.2792 RSA 2045 1 0.0002 RSA 2048 451667 94.5953 RSA 4096 38725 8.1104 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 24427 sha1WithRSAEncryption 336966 sha256WithRSAEncryption 90026 sha384WithRSAEncryption 54445 sha512WithRSAEncryption 20 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 337471 70.6786 112 115573 24.2051 128 24429 5.1163 Most popular root CAs Count Percent ---------------------------------------------+---------+------- (2c543cd1) GeoTrust Global CA 112050 23.4673 (157753a5) AddTrust External CA Root 76553 16.0329 (5ad8a5d6) GlobalSign Root CA 48090 10.0718 (cbf06781) Go Daddy Root Certificate Authorit 37124 7.7751 (b204d74a) VeriSign Class 3 Public Primary Ce 30047 6.2929 (2e4eed3c) thawte Primary Root CA 28036 5.8717 (eed8c118) COMODO ECC Certification Authority 24425 5.1155 (244b5494) DigiCert High Assurance EV Root CA 23682 4.9599 (f081611a) The Go Daddy Group, Inc. 17028 3.5663 (b13cc6df) UTN-USERFirst-Hardware 12816 2.6841 (653b494a) Baltimore CyberTrust Root 11357 2.3786 (40547a79) COMODO Certification Authority 9670 2.0252 (ae8153b9) StartCom Certification Authority 9305 1.9488 (f387163d) Starfield Technologies, Inc. 7652 1.6026 Scan performed between 11th and 19th of November 2014. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
