This time we have reached few milestones. First of all, we’re very close to half (46.8%) of the servers in Alexa top 1 million supporting TLS with valid certificates. Of that, over half support and prefer NIST P-256 ECDHE key exchange and just under a half of servers have certificates signed with SHA-256. More on my blog here: https://securitypitfalls.wordpress.com/2015/02/01/january-2015-scan-results/ SSL/TLS survey of 468782 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 379700 80.9971 3DES Only 439 0.0936 AES 441928 94.2715 AES Only 7037 1.5011 AES-CBC Only 4003 0.8539 AES-GCM 266888 56.9322 AES-GCM Only 20 0.0043 CAMELLIA 194963 41.5893 CAMELLIA Only 1 0.0002 CHACHA20 14394 3.0705 Insecure 88248 18.825 RC4 377778 80.5871 RC4 Only 3712 0.7918 RC4 Preferred 64613 13.7832 RC4 forced in TLS1.1+ 41031 8.7527 x:FF 29 RC4 Only 541 0.1154 x:FF 29 RC4 Preferred 70622 15.065 x:FF 29 incompatible 136 0.029 y:DHE-RSA-SEED-SHA 103049 21.9823 y:IDEA-CBC-MD5 2923 0.6235 y:IDEA-CBC-SHA 85417 18.221 y:SEED-SHA 102704 21.9087 z:ADH-AES128-GCM-SHA256 340 0.0725 z:ADH-AES128-SHA 968 0.2065 z:ADH-AES128-SHA256 284 0.0606 z:ADH-AES256-GCM-SHA384 346 0.0738 z:ADH-AES256-SHA 980 0.2091 z:ADH-AES256-SHA256 285 0.0608 z:ADH-CAMELLIA128-SHA 426 0.0909 z:ADH-CAMELLIA256-SHA 435 0.0928 z:ADH-DES-CBC-SHA 374 0.0798 z:ADH-DES-CBC3-SHA 995 0.2123 z:ADH-RC4-MD5 771 0.1645 z:ADH-SEED-SHA 281 0.0599 z:AECDH-AES128-SHA 14166 3.0219 z:AECDH-AES256-SHA 14171 3.0229 z:AECDH-DES-CBC3-SHA 14128 3.0138 z:AECDH-NULL-SHA 30 0.0064 z:AECDH-RC4-SHA 13177 2.8109 z:DES-CBC-MD5 18509 3.9483 z:DES-CBC-SHA 50349 10.7404 z:DES-CBC3-MD5 33636 7.1752 z:ECDHE-RSA-NULL-SHA 36 0.0077 z:EDH-RSA-DES-CBC-SHA 42662 9.1006 z:EXP-ADH-DES-CBC-SHA 304 0.0648 z:EXP-ADH-RC4-MD5 307 0.0655 z:EXP-DES-CBC-SHA 35818 7.6407 z:EXP-EDH-RSA-DES-CBC-SHA 25232 5.3825 z:EXP-RC2-CBC-MD5 40481 8.6354 z:EXP-RC4-MD5 43298 9.2363 z:EXP1024-DES-CBC-SHA 9341 1.9926 z:EXP1024-RC4-SHA 9490 2.0244 z:NULL-MD5 272 0.058 z:NULL-SHA 271 0.0578 z:NULL-SHA256 10 0.0021 z:RC2-CBC-MD5 18871 4.0255 z:RC4-64-MD5 1585 0.3381 Cipher ordering Count Percent -------------------------+---------+------- Client side 140561 29.9843 Server side 328221 70.0157 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1076 0.2295 AECDH 14190 3.027 DHE 245202 52.3062 ECDHE 294046 62.7255 ECDHE and DHE 143454 30.6014 RSA 437715 93.3728 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 214522 45.7616 87.4879 DH,1536bits 1 0.0002 0.0004 DH,2048bits 28062 5.9862 11.4444 DH,2226bits 1 0.0002 0.0004 DH,2236bits 3 0.0006 0.0012 DH,3072bits 12 0.0026 0.0049 DH,3248bits 2 0.0004 0.0008 DH,4096bits 1773 0.3782 0.7231 DH,512bits 25325 5.4023 10.3282 DH,768bits 754 0.1608 0.3075 DH,8192bits 1 0.0002 0.0004 ECDH,B-163,163bits 7 0.0015 0.0024 ECDH,B-571,570bits 635 0.1355 0.216 ECDH,K-163,163bits 1 0.0002 0.0003 ECDH,P-224,224bits 47 0.01 0.016 ECDH,P-256,256bits 288396 61.5203 98.0785 ECDH,P-384,384bits 1689 0.3603 0.5744 ECDH,P-521,521bits 4134 0.8819 1.4059 Prefer DH,1024bits 97828 20.8685 39.8969 Prefer DH,2048bits 2713 0.5787 1.1064 Prefer DH,2236bits 2 0.0004 0.0008 Prefer DH,4096bits 92 0.0196 0.0375 Prefer DH,512bits 5 0.0011 0.002 Prefer DH,768bits 425 0.0907 0.1733 Prefer ECDH,B-163,163bits 7 0.0015 0.0024 Prefer ECDH,B-571,570bits 472 0.1007 0.1605 Prefer ECDH,P-224,224bits 18 0.0038 0.0061 Prefer ECDH,P-256,256bits 236264 50.3995 80.3493 Prefer ECDH,P-384,384bits 1629 0.3475 0.554 Prefer ECDH,P-521,521bits 3807 0.8121 1.2947 Prefer PFS 343262 73.2242 0 Support PFS 395794 84.4303 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 26 0.0055 brainpoolP384r1 26 0.0055 brainpoolP512r1 26 0.0055 prime192v1 651 0.1389 prime256v1 293388 62.5852 prime256v1 Only 255238 54.4471 secp160k1 620 0.1323 secp160r1 620 0.1323 secp160r2 620 0.1323 secp192k1 643 0.1372 secp224k1 674 0.1438 secp224r1 1052 0.2244 secp224r1 Only 1 0.0002 secp256k1 688 0.1468 secp384r1 38294 8.1688 secp384r1 Only 149 0.0318 secp521r1 9560 2.0393 secp521r1 Only 78 0.0166 sect163k1 619 0.132 sect163k1 Only 2 0.0004 sect163r1 617 0.1316 sect163r2 624 0.1331 sect163r2 Only 7 0.0015 sect193r1 617 0.1316 sect193r2 617 0.1316 sect233k1 663 0.1414 sect233r1 663 0.1414 sect239k1 663 0.1414 sect283k1 663 0.1414 sect283r1 663 0.1414 sect409k1 663 0.1414 sect409r1 663 0.1414 sect571k1 678 0.1446 sect571r1 678 0.1446 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 74840 15.9648 True 178977 38.1792 order-specific 4 0.0009 unknown 214961 45.8552 ECC curve ordering Count Percent -------------------------+---------+-------- client 1535 0.3274 inconclusive-noecc 10 0.0021 server 292089 62.3081 unknown 175148 37.3624 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 27584 5.8842 ECDSA-SHA224 27586 5.8846 ECDSA-SHA256 27589 5.8853 ECDSA-SHA384 27589 5.8853 ECDSA-SHA512 27592 5.8859 ECDSA-SHA512 Only 3 0.0006 RSA-MD5 129219 27.5648 RSA-MD5 Only 1 0.0002 RSA-SHA1 264047 56.3262 RSA-SHA1 Only 39893 8.5099 RSA-SHA224 218373 46.5831 RSA-SHA256 226747 48.3694 RSA-SHA256 Only 2201 0.4695 RSA-SHA384 218786 46.6712 RSA-SHA512 218825 46.6795 RSA-SHA512 Only 35 0.0075 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 200794 42.8331 indeterminate 7 0.0015 intolerant 1232 0.2628 order-fallback 4 0.0009 server 92359 19.7019 unsupported 38359 8.1827 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 27581 5.8835 ECDSA intolerant 18 0.0038 ECDSA pfs-rsa-SHA512 1 0.0002 RSA False 127614 27.2225 RSA SHA1 118594 25.2983 RSA intolerant 19071 4.0682 RSA pfs-ecdsa-SHA512 2 0.0004 RSA soft-nopfs 1735 0.3701 Renegotiation Count Percent -------------------------+---------+-------- False 10263 2.1893 insecure 26115 5.5708 secure 432404 92.2399 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 17088 3.6452 False 10263 2.1893 NONE 441431 94.1655 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 2 0.0004 1 only 2 0.0004 2 2 0.0004 2 only 2 0.0004 5 1 0.0002 5 only 1 0.0002 10 7 0.0015 10 only 7 0.0015 15 6 0.0013 15 only 6 0.0013 30 8 0.0017 30 only 7 0.0015 60 59 0.0126 60 only 54 0.0115 65 1 0.0002 65 only 1 0.0002 70 3 0.0006 100 14 0.003 100 only 14 0.003 120 20 0.0043 120 only 20 0.0043 128 3 0.0006 128 only 3 0.0006 180 37 0.0079 180 only 36 0.0077 240 3 0.0006 240 only 3 0.0006 256 1 0.0002 256 only 1 0.0002 300 197397 42.1085 300 only 187977 40.099 360 1 0.0002 360 only 1 0.0002 400 2 0.0004 400 only 2 0.0004 420 34 0.0073 420 only 28 0.006 480 11 0.0023 480 only 11 0.0023 600 14041 2.9952 600 only 13846 2.9536 720 1 0.0002 720 only 1 0.0002 900 517 0.1103 900 only 503 0.1073 960 2 0.0004 960 only 2 0.0004 1000 1 0.0002 1000 only 1 0.0002 1200 259 0.0552 1200 only 255 0.0544 1500 11 0.0023 1500 only 10 0.0021 1800 271 0.0578 1800 only 262 0.0559 2100 1 0.0002 2100 only 1 0.0002 2400 2 0.0004 2400 only 2 0.0004 2520 1 0.0002 2520 only 1 0.0002 2700 6 0.0013 2700 only 6 0.0013 3000 9 0.0019 3000 only 9 0.0019 3600 317 0.0676 3600 only 297 0.0634 5400 3 0.0006 6000 4 0.0009 6000 only 4 0.0009 7200 12206 2.6038 7200 only 9111 1.9435 10800 15 0.0032 10800 only 9 0.0019 14400 1229 0.2622 14400 only 1229 0.2622 18000 3 0.0006 18000 only 3 0.0006 21600 3169 0.676 21600 only 3169 0.676 28800 10 0.0021 28800 only 9 0.0019 36000 938 0.2001 36000 only 932 0.1988 43200 2190 0.4672 43200 only 2190 0.4672 60000 1 0.0002 60000 only 1 0.0002 64800 44686 9.5324 64800 only 44673 9.5296 72000 7 0.0015 72000 only 7 0.0015 84600 1 0.0002 84600 only 1 0.0002 86000 34 0.0073 86000 only 34 0.0073 86400 206 0.0439 86400 only 204 0.0435 93600 1 0.0002 93600 only 1 0.0002 100800 14125 3.0131 100800 only 14122 3.0125 129600 11 0.0023 129600 only 11 0.0023 172800 1 0.0002 172800 only 1 0.0002 600000 1 0.0002 600000 only 1 0.0002 604800 1 0.0002 604800 only 1 0.0002 864000 6 0.0013 864000 only 6 0.0013 None 189285 40.378 None only 177289 37.8191 Certificate sig alg Count Percent -------------------------+---------+-------- None 15085 3.2179 ecdsa-with-SHA256 27569 5.881 sha1WithRSAEncryption 260100 55.4842 sha256WithRSAEncryption 181166 38.6461 sha512WithRSAEncryption 8 0.0017 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 27597 5.887 ECDSA 384 3 0.0006 RSA 1024 1100 0.2347 RSA 10240 4 0.0009 RSA 2028 1 0.0002 RSA 2047 1 0.0002 RSA 2048 424764 90.6101 RSA 2049 3 0.0006 RSA 2056 5 0.0011 RSA 2058 2 0.0004 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 11 0.0023 RSA 2096 1 0.0002 RSA 2345 1 0.0002 RSA 2408 2 0.0004 RSA 2432 5 0.0011 RSA 2612 1 0.0002 RSA 3071 1 0.0002 RSA 3072 72 0.0154 RSA 3102 1 0.0002 RSA 3248 3 0.0006 RSA 3600 1 0.0002 RSA 4042 1 0.0002 RSA 4048 2 0.0004 RSA 4056 35 0.0075 RSA 4086 2 0.0004 RSA 4092 3 0.0006 RSA 4096 15196 3.2416 RSA 4098 2 0.0004 RSA 8192 4 0.0009 RSA/ECDSA Dual Stack 35 0.0075 OCSP stapling Count Percent -------------------------+---------+-------- Supported 79939 17.0525 Unsupported 388843 82.9475 Supported Protocols Count Percent -------------------------+---------+------- SSL2 33923 7.2364 SSL2 Only 81 0.0173 SSL3 165570 35.3192 SSL3 Only 1467 0.3129 SSL3 or TLS1 Only 100568 21.453 SSL3 or lower Only 1518 0.3238 TLS1 466356 99.4825 TLS1 Only 52609 11.2225 TLS1 or lower Only 131814 28.1184 TLS1.1 322576 68.8115 TLS1.1 Only 7 0.0015 TLS1.1 or up Only 613 0.1308 TLS1.2 332743 70.9803 TLS1.2 Only 464 0.099 TLS1.2, 1.0 but not 1.1 12283 2.6202 Statistics from 494138 chains provided by 657485 hosts Server provided chains Count Percent -------------------------+---------+------- complete 439749 66.8835 incomplete 25522 3.8818 untrusted 192214 29.2347 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 1550 0.3137 3 459587 93.0078 4 32976 6.6734 5 25 0.0051 CA key size in chains Count -------------------------+--------- ECDSA 256 27473 ECDSA 384 27471 RSA 1024 26220 RSA 2045 1 RSA 2048 866093 RSA 4096 72494 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 27473 5.5598 ECDSA 384 27471 5.5594 RSA 1024 26219 5.306 RSA 2045 1 0.0002 RSA 2048 465353 94.1747 RSA 4096 72026 14.5761 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 27473 sha1WithRSAEncryption 318089 sha256WithRSAEncryption 119575 sha384WithRSAEncryption 60453 sha512WithRSAEncryption 24 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 294492 59.5971 112 172174 34.8433 128 27472 5.5596 Scan performed between 17th and 30th of January 2015. -- Regards, Hubert Kario -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
