July 2015 - security - Fedora Mailing-Lists

TLS scan results for July 2015

by Hubert Kario

Mostly continuation of established trends. The number of TLS enabled websites has rebound since last month, going back above 50% level, but still below the May watermark. Detailed analysis on my blog: https://securitypitfalls.wordpress.com/2015/07/29/july-2015-scan-results/ SSL/TLS survey of 501992 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 424054 84.4743 3DES Only 812 0.1618 AES 492491 98.1073 AES Only 17862 3.5582 AES-CBC 492390 98.0872 AES-CBC Only 9258 1.8443 AES-GCM 347128 69.1501 AES-GCM Only 41 0.0082 CAMELLIA 223605 44.5435 CAMELLIA Only 1 0.0002 CHACHA20 60925 12.1366 Insecure 74098 14.7608 RC4 254399 50.6779 RC4 Only 1484 0.2956 RC4 Preferred 31098 6.1949 RC4 forced in TLS1.1+ 17264 3.4391 x:FF 29 RC4 Only 1823 0.3632 x:FF 29 RC4 Preferred 35210 7.0141 x:FF 29 incompatible 101 0.0201 x:FF 35 RC4 Only 2132 0.4247 x:FF 35 RC4 Preferred 35335 7.039 x:FF 35 incompatible 103 0.0205 y:DHE-RSA-SEED-SHA 90992 18.1262 y:IDEA-CBC-SHA 79674 15.8716 y:SEED-SHA 97028 19.3286 z:ADH-AES128-GCM-SHA256 289 0.0576 z:ADH-AES128-SHA 1315 0.262 z:ADH-AES128-SHA256 198 0.0394 z:ADH-AES256-GCM-SHA384 302 0.0602 z:ADH-AES256-SHA 1320 0.263 z:ADH-AES256-SHA256 200 0.0398 z:ADH-CAMELLIA128-SHA 897 0.1787 z:ADH-CAMELLIA256-SHA 902 0.1797 z:ADH-DES-CBC-SHA 338 0.0673 z:ADH-DES-CBC3-SHA 1333 0.2655 z:ADH-RC4-MD5 1206 0.2402 z:ADH-SEED-SHA 827 0.1647 z:AECDH-AES128-SHA 17845 3.5548 z:AECDH-AES256-SHA 17865 3.5588 z:AECDH-DES-CBC3-SHA 17799 3.5457 z:AECDH-NULL-SHA 50 0.01 z:AECDH-RC4-SHA 17077 3.4018 z:DES-CBC-MD5 13569 2.703 z:DES-CBC-SHA 40067 7.9816 z:DES-CBC3-MD5 26983 5.3752 z:ECDHE-RSA-NULL-SHA 61 0.0122 z:EDH-RSA-DES-CBC-SHA 34341 6.8409 z:EXP-ADH-DES-CBC-SHA 240 0.0478 z:EXP-ADH-RC4-MD5 240 0.0478 z:EXP-DES-CBC-SHA 18671 3.7194 z:EXP-EDH-RSA-DES-CBC-SHA 15391 3.066 z:EXP-RC2-CBC-MD5 22650 4.512 z:EXP-RC4-MD5 23797 4.7405 z:EXP1024-DES-CBC-SHA 5785 1.1524 z:EXP1024-RC4-SHA 5862 1.1677 z:IDEA-CBC-MD5 2484 0.4948 z:NULL-MD5 265 0.0528 z:NULL-SHA 267 0.0532 z:NULL-SHA256 19 0.0038 z:RC2-CBC-MD5 13857 2.7604 z:RC4-64-MD5 1138 0.2267 Cipher ordering Count Percent -------------------------+---------+------- Client side 130910 26.0781 Server side 371082 73.9219 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1436 0.2861 AECDH 17905 3.5668 DHE 283230 56.4212 ECDH 1 0.0002 ECDHE 373639 74.4313 ECDHE and DHE 201985 40.2367 RSA 459592 91.5537 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 204984 40.8341 72.3737 DH,1536bits 2 0.0004 0.0007 DH,2048bits 70215 13.9873 24.7908 DH,2236bits 3 0.0006 0.0011 DH,2430bits 1 0.0002 0.0004 DH,2432bits 1 0.0002 0.0004 DH,3072bits 2679 0.5337 0.9459 DH,4096bits 4693 0.9349 1.657 DH,512bits 76 0.0151 0.0268 DH,768bits 622 0.1239 0.2196 DH,8192bits 1 0.0002 0.0004 ECDH,B-163,163bits 1 0.0002 0.0003 ECDH,B-571,570bits 1404 0.2797 0.3758 ECDH,K-571,570bits 1 0.0002 0.0003 ECDH,P-192,192bits 2 0.0004 0.0005 ECDH,P-224,224bits 72 0.0143 0.0193 ECDH,P-256,256bits 363944 72.5 97.4052 ECDH,P-384,384bits 3765 0.75 1.0077 ECDH,P-521,521bits 6951 1.3847 1.8604 Prefer DH,1024bits 78380 15.6138 27.6736 Prefer DH,1536bits 1 0.0002 0.0004 Prefer DH,2048bits 3926 0.7821 1.3862 Prefer DH,2236bits 1 0.0002 0.0004 Prefer DH,3072bits 31 0.0062 0.0109 Prefer DH,4096bits 150 0.0299 0.053 Prefer DH,768bits 228 0.0454 0.0805 Prefer ECDH,B-163,163bits 1 0.0002 0.0003 Prefer ECDH,B-571,570bits 1210 0.241 0.3238 Prefer ECDH,K-571,570bits 1 0.0002 0.0003 Prefer ECDH,P-224,224bits 42 0.0084 0.0112 Prefer ECDH,P-256,256bits 308148 61.385 82.4721 Prefer ECDH,P-384,384bits 2291 0.4564 0.6132 Prefer ECDH,P-521,521bits 6402 1.2753 1.7134 Prefer PFS 400812 79.8443 0 Support PFS 454884 90.6158 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 405 0.0807 brainpoolP384r1 405 0.0807 brainpoolP512r1 405 0.0807 prime192v1 1373 0.2735 prime256v1 372791 74.2623 prime256v1 Only 323403 64.4239 secp160k1 1334 0.2657 secp160r1 1338 0.2665 secp160r2 1334 0.2657 secp192k1 1358 0.2705 secp224k1 1414 0.2817 secp224r1 2898 0.5773 secp224r1 Only 2 0.0004 secp256k1 1708 0.3402 secp384r1 49700 9.9006 secp384r1 Only 314 0.0626 secp521r1 17736 3.5331 secp521r1 Only 116 0.0231 sect163k1 1337 0.2663 sect163k1 Only 2 0.0004 sect163r1 1335 0.2659 sect163r2 1336 0.2661 sect163r2 Only 1 0.0002 sect193r1 1334 0.2657 sect193r2 1333 0.2655 sect233k1 1402 0.2793 sect233r1 1402 0.2793 sect239k1 1401 0.2791 sect283k1 1678 0.3343 sect283r1 1678 0.3343 sect409k1 1678 0.3343 sect409r1 1678 0.3343 sect571k1 1692 0.3371 sect571r1 1691 0.3369 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 83042 16.5425 True 242989 48.405 order-specific 27 0.0054 unknown 175934 35.0472 ECC curve ordering Count Percent -------------------------+---------+-------- client 3093 0.6161 inconclusive-noecc 24 0.0048 server 370124 73.7311 unknown 128751 25.648 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 33890 6.7511 ECDSA-SHA1 Only 2 0.0004 ECDSA-SHA224 33884 6.7499 ECDSA-SHA256 33890 6.7511 ECDSA-SHA384 33889 6.7509 ECDSA-SHA512 33893 6.7517 ECDSA-SHA512 Only 4 0.0008 RSA-MD5 157874 31.4495 RSA-SHA1 329494 65.6373 RSA-SHA1 Only 48447 9.651 RSA-SHA224 265179 52.8253 RSA-SHA256 286453 57.0633 RSA-SHA256 Only 4521 0.9006 RSA-SHA384 266091 53.007 RSA-SHA512 266166 53.022 RSA-SHA512 Only 71 0.0141 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 233019 46.4189 indeterminate 10 0.002 intolerant 3229 0.6432 order-fallback 23 0.0046 server 132720 26.4387 unsupported 23607 4.7027 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 33882 6.7495 ECDSA intolerant 21 0.0042 RSA False 153463 30.5708 RSA SHA1 148645 29.611 RSA intolerant 28673 5.7118 RSA pfs-ecdsa-SHA512 1 0.0002 RSA soft-nopfs 4517 0.8998 Renegotiation Count Percent -------------------------+---------+-------- False 7266 1.4474 insecure 21303 4.2437 secure 473423 94.3089 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 11567 2.3042 False 7266 1.4474 NONE 483159 96.2483 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 2 0.0004 1 only 2 0.0004 2 2 0.0004 2 only 2 0.0004 5 2 0.0004 5 only 2 0.0004 10 7 0.0014 10 only 7 0.0014 15 9 0.0018 15 only 9 0.0018 30 12 0.0024 30 only 12 0.0024 60 106 0.0211 60 only 99 0.0197 70 7 0.0014 100 12 0.0024 100 only 12 0.0024 120 28 0.0056 120 only 28 0.0056 128 3 0.0006 128 only 3 0.0006 150 2 0.0004 180 47 0.0094 180 only 45 0.009 240 10 0.002 240 only 10 0.002 300 220792 43.9832 300 only 215544 42.9377 400 8 0.0016 400 only 8 0.0016 420 117 0.0233 420 only 79 0.0157 480 13 0.0026 480 only 13 0.0026 500 5 0.001 500 only 5 0.001 540 1 0.0002 540 only 1 0.0002 600 22097 4.4019 600 only 21925 4.3676 720 3 0.0006 720 only 2 0.0004 900 597 0.1189 900 only 577 0.1149 960 2 0.0004 960 only 2 0.0004 1200 1891 0.3767 1200 only 1887 0.3759 1440 1 0.0002 1440 only 1 0.0002 1500 9 0.0018 1500 only 8 0.0016 1800 414 0.0825 1800 only 407 0.0811 2400 6 0.0012 2400 only 5 0.001 2700 6 0.0012 2700 only 6 0.0012 3000 21 0.0042 3000 only 21 0.0042 3300 1 0.0002 3300 only 1 0.0002 3600 428 0.0853 3600 only 415 0.0827 3900 2 0.0004 3900 only 2 0.0004 4200 1 0.0002 5400 18 0.0036 5400 only 3 0.0006 6000 4 0.0008 6000 only 4 0.0008 7200 15459 3.0795 7200 only 12872 2.5642 10800 2078 0.414 10800 only 2074 0.4132 14400 77 0.0153 14400 only 77 0.0153 18000 17 0.0034 18000 only 17 0.0034 21600 5026 1.0012 21600 only 5024 1.0008 28800 2346 0.4673 28800 only 1578 0.3143 36000 1236 0.2462 36000 only 1230 0.245 43200 26 0.0052 43200 only 26 0.0052 60000 1 0.0002 60000 only 1 0.0002 64800 47900 9.542 64800 only 47888 9.5396 72000 12 0.0024 72000 only 12 0.0024 86000 41 0.0082 86000 only 41 0.0082 86400 3432 0.6837 86400 only 3430 0.6833 100800 12605 2.511 100800 only 12595 2.509 115200 1 0.0002 115200 only 1 0.0002 129600 7 0.0014 129600 only 7 0.0014 172800 8 0.0016 172800 only 8 0.0016 604800 2 0.0004 604800 only 2 0.0004 864000 2 0.0004 864000 only 2 0.0004 None 173956 34.6531 None only 165035 32.876 Certificate sig alg Count Percent -------------------------+---------+-------- None 18593 3.7038 ecdsa-with-SHA256 33851 6.7433 sha1WithRSAEncryption 147349 29.3529 sha256WithRSAEncryption 320910 63.9273 sha384WithRSAEncryption 4 0.0008 sha512WithRSAEncryption 9 0.0018 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 33898 6.7527 ECDSA 384 7 0.0014 RSA 1024 106 0.0211 RSA 10240 5 0.001 RSA 2047 1 0.0002 RSA 2048 450327 89.708 RSA 2049 3 0.0006 RSA 2056 2 0.0004 RSA 2058 2 0.0004 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 6 0.0012 RSA 2096 1 0.0002 RSA 2408 1 0.0002 RSA 2432 4 0.0008 RSA 2612 2 0.0004 RSA 2848 1 0.0002 RSA 3024 1 0.0002 RSA 3071 1 0.0002 RSA 3072 118 0.0235 RSA 3096 1 0.0002 RSA 3102 1 0.0002 RSA 3248 3 0.0006 RSA 4042 1 0.0002 RSA 4048 1 0.0002 RSA 4056 22 0.0044 RSA 4069 1 0.0002 RSA 4086 1 0.0002 RSA 4092 6 0.0012 RSA 4094 1 0.0002 RSA 4096 17521 3.4903 RSA 8192 7 0.0014 RSA/ECDSA Dual Stack 56 0.0112 OCSP stapling Count Percent -------------------------+---------+-------- Supported 101152 20.1501 Unsupported 400840 79.8499 Supported Protocols Count Percent -------------------------+---------+------- SSL2 27268 5.432 SSL2 Only 24 0.0048 SSL3 136796 27.2506 SSL3 Only 707 0.1408 SSL3 or TLS1 Only 80735 16.0829 SSL3 or lower Only 735 0.1464 TLS1 498809 99.3659 TLS1 Only 47086 9.3798 TLS1 or lower Only 106223 21.1603 TLS1.1 382607 76.2177 TLS1.1 Only 28 0.0056 TLS1.1 or up Only 2220 0.4422 TLS1.2 392594 78.2072 TLS1.2 Only 994 0.198 TLS1.2, 1.0 but not 1.1 11334 2.2578 Statistics from 526034 chains provided by 685991 hosts Server provided chains Count Percent -------------------------+---------+------- complete 475051 69.2503 incomplete 24873 3.6258 untrusted 186067 27.1238 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 327 0.0622 3 523536 99.5251 4 2138 0.4064 5 33 0.0063 CA key size in chains Count -------------------------+--------- ECDSA 256 33853 ECDSA 384 33855 RSA 1024 308 RSA 2045 1 RSA 2048 866336 RSA 4096 119592 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 33853 6.4355 ECDSA 384 33855 6.4359 RSA 1024 306 0.0582 RSA 2045 1 0.0002 RSA 2048 491599 93.4538 RSA 4096 119050 22.6316 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 33853 sha1WithRSAEncryption 162869 sha256WithRSAEncryption 225699 sha384WithRSAEncryption 105464 sha512WithRSAEncryption 26 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 163116 31.0086 112 329059 62.5547 128 33859 6.4367 Root CAs Count Percent ---------------------------------------------+---------+------- (2c543cd1) GeoTrust Global CA 112037 21.2984 (d6325660) COMODO RSA Certification Authority 98541 18.7328 (5ad8a5d6) GlobalSign Root CA 51559 9.8015 (cbf06781) Go Daddy Root Certificate Authorit 47005 8.9357 (eed8c118) COMODO ECC Certification Authority 33844 6.4338 (b204d74a) VeriSign Class 3 Public Primary Ce 30749 5.8454 (2e4eed3c) thawte Primary Root CA 25383 4.8254 (244b5494) DigiCert High Assurance EV Root CA 25365 4.8219 (157753a5) AddTrust External CA Root 15024 2.8561 (653b494a) Baltimore CyberTrust Root 11832 2.2493 (ae8153b9) StartCom Certification Authority 9405 1.7879 (3513523f) DigiCert Global Root CA 6987 1.3282 (fc5a8f99) USERTrust RSA Certification Author 6820 1.2965 (f081611a) The Go Daddy Group, Inc. 6456 1.2273 (480720ec) GeoTrust Primary Certification Aut 5857 1.1134 (f387163d) Starfield Technologies, Inc. 5842 1.1106 (4bfab552) Starfield Root Certificate Authori 5499 1.0454 Scan performed between 14th and 24th of July 2015. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

7 years, 10 months

1
0
0 / 0

Suspicious behavior of packagekit

by S.Mohammad Emami Razavi

I run $ [root@localhost rooster]# journalctl -u packagekit -f -n 5000 in fedora [root@localhost rooster]# cat /etc/redhat-release Fedora release 22 (Twenty Two) and it results something like below lines: Jul 21 06:54:28 localhost.localdomain PackageKit[18871]: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0) Jul 21 06:54:28 localhost.localdomain PackageKit[18871]: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh Jul 21 07:36:45 localhost.localdomain PackageKit[18871]: refresh-cache transaction /345_edadcabc from uid 1000 finished with success after 2536929ms Jul 21 07:36:45 localhost.localdomain PackageKit[18871]: get-updates transaction /346_aaeccddc from uid 1000 finished with success after 555ms Jul 21 07:36:45 localhost.localdomain PackageKit[18871]: new update-packages transaction /347_eacacecc scheduled from uid 1000 Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: update-packages transaction /347_eacacecc from uid 1000 finished with cancelled-priority after 2594ms Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: resolve transaction /348_caabddad from uid 1000 finished with success after 143ms Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: resolve transaction /349_aabcaabc from uid 1000 finished with success after 83ms Jul 21 07:36:48 localhost.localdomain PackageKit[18871]: resolve transaction /350_dbadaaeb from uid 1000 finished with success after 31ms Jul 21 07:36:50 localhost.localdomain PackageKit[18871]: new update-packages transaction /351_bebbaccb scheduled from uid 1000 Jul 21 09:27:31 localhost.localdomain PackageKit[18871]: update-packages transaction /351_bebbaccb from uid 1000 finished with success after 6640574ms Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve transaction /352_cababcaa from uid 1000 finished with success after 30ms Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve transaction /353_ccabcecc from uid 1000 finished with success after 81ms Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve transaction /354_caddccdb from uid 1000 finished with success after 30ms Jul 21 09:27:35 localhost.localdomain PackageKit[18871]: resolve transaction /355_ddaacaea from uid 1000 finished with success after 278ms Jul 21 09:27:37 localhost.localdomain PackageKit[18871]: get-update-detail transaction /356_dabbaeed from uid 1000 finished with success after 1611ms It has very suspicious and unusual behavior to use network bandwidth. For example in 10 days it downloads over 2GB from net!!! regardless of dnf or yum updates...

7 years, 10 months

3
2
0 / 0

TLS scan results for June 2015

by Hubert Kario

Just continuation of established trends, most website administrators vulnerable to Logjam haven't taken any action to fix it on their side. As always, detailed analysis on my blog: https://securitypitfalls.wordpress.com/2015/07/14/june-2015-scan-results/ SSL/TLS survey of 496355 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 414245 83.4574 3DES Only 840 0.1692 AES 485964 97.9065 AES Only 17816 3.5894 AES-CBC 485837 97.881 AES-CBC Only 9490 1.9119 AES-GCM 331682 66.8235 AES-GCM Only 32 0.0064 CAMELLIA 216922 43.703 CAMELLIA Only 4 0.0008 CHACHA20 58723 11.8308 CHACHA20 Only 22 0.0044 Insecure 75670 15.2451 RC4 263495 53.086 RC4 Only 1710 0.3445 RC4 Preferred 33485 6.7462 RC4 forced in TLS1.1+ 18129 3.6524 x:FF 29 RC4 Only 2047 0.4124 x:FF 29 RC4 Preferred 37569 7.569 x:FF 29 incompatible 124 0.025 x:FF 35 RC4 Only 2377 0.4789 x:FF 35 RC4 Preferred 37715 7.5984 x:FF 35 incompatible 128 0.0258 y:DHE-RSA-SEED-SHA 101229 20.3945 y:IDEA-CBC-SHA 85830 17.2921 y:SEED-SHA 103066 20.7646 z:ADH-AES128-GCM-SHA256 311 0.0627 z:ADH-AES128-SHA 1107 0.223 z:ADH-AES128-SHA256 213 0.0429 z:ADH-AES256-GCM-SHA384 318 0.0641 z:ADH-AES256-SHA 1115 0.2246 z:ADH-AES256-SHA256 215 0.0433 z:ADH-CAMELLIA128-SHA 669 0.1348 z:ADH-CAMELLIA256-SHA 677 0.1364 z:ADH-DES-CBC-SHA 349 0.0703 z:ADH-DES-CBC3-SHA 1128 0.2273 z:ADH-RC4-MD5 1007 0.2029 z:ADH-SEED-SHA 605 0.1219 z:AECDH-AES128-SHA 17615 3.5489 z:AECDH-AES256-SHA 17629 3.5517 z:AECDH-DES-CBC3-SHA 17568 3.5394 z:AECDH-NULL-SHA 41 0.0083 z:AECDH-RC4-SHA 16900 3.4048 z:DES-CBC-MD5 14286 2.8782 z:DES-CBC-SHA 40810 8.2219 z:DES-CBC3-MD5 28088 5.6589 z:ECDHE-RSA-NULL-SHA 53 0.0107 z:EDH-RSA-DES-CBC-SHA 34934 7.0381 z:EXP-ADH-DES-CBC-SHA 252 0.0508 z:EXP-ADH-RC4-MD5 252 0.0508 z:EXP-DES-CBC-SHA 19650 3.9589 z:EXP-EDH-RSA-DES-CBC-SHA 16259 3.2757 z:EXP-RC2-CBC-MD5 23866 4.8083 z:EXP-RC4-MD5 25158 5.0685 z:EXP1024-DES-CBC-SHA 6288 1.2668 z:EXP1024-RC4-SHA 6374 1.2842 z:IDEA-CBC-MD5 2558 0.5154 z:NULL-MD5 259 0.0522 z:NULL-SHA 261 0.0526 z:NULL-SHA256 20 0.004 z:RC2-CBC-MD5 14614 2.9443 z:RC4-64-MD5 1161 0.2339 Cipher ordering Count Percent -------------------------+---------+------- Client side 132994 26.7941 Server side 363361 73.2059 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1238 0.2494 AECDH 17668 3.5595 DHE 280798 56.572 ECDH 1 0.0002 ECDHE 358229 72.1719 ECDHE and DHE 196228 39.5338 RSA 455866 91.8427 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 210208 42.3503 74.8609 DH,1536bits 2 0.0004 0.0007 DH,2048bits 62891 12.6706 22.3972 DH,2236bits 3 0.0006 0.0011 DH,3072bits 2689 0.5417 0.9576 DH,4096bits 4249 0.856 1.5132 DH,512bits 73 0.0147 0.026 DH,6144bits 1 0.0002 0.0004 DH,768bits 729 0.1469 0.2596 ECDH,B-163,163bits 1 0.0002 0.0003 ECDH,B-571,570bits 1330 0.268 0.3713 ECDH,K-571,570bits 1 0.0002 0.0003 ECDH,P-192,192bits 2 0.0004 0.0006 ECDH,P-224,224bits 67 0.0135 0.0187 ECDH,P-256,256bits 349478 70.4089 97.5571 ECDH,P-384,384bits 3644 0.7342 1.0172 ECDH,P-521,521bits 6198 1.2487 1.7302 Prefer DH,1024bits 81235 16.3663 28.93 Prefer DH,1536bits 1 0.0002 0.0004 Prefer DH,2048bits 3908 0.7873 1.3917 Prefer DH,2236bits 1 0.0002 0.0004 Prefer DH,3072bits 27 0.0054 0.0096 Prefer DH,4096bits 120 0.0242 0.0427 Prefer DH,512bits 2 0.0004 0.0007 Prefer DH,768bits 347 0.0699 0.1236 Prefer ECDH,B-163,163bits 1 0.0002 0.0003 Prefer ECDH,B-571,570bits 1124 0.2265 0.3138 Prefer ECDH,K-571,570bits 1 0.0002 0.0003 Prefer ECDH,P-224,224bits 40 0.0081 0.0112 Prefer ECDH,P-256,256bits 293410 59.1129 81.9057 Prefer ECDH,P-384,384bits 2068 0.4166 0.5773 Prefer ECDH,P-521,521bits 5823 1.1732 1.6255 Prefer PFS 388108 78.1916 0 Support PFS 442799 89.2101 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 364 0.0733 brainpoolP384r1 364 0.0733 brainpoolP512r1 364 0.0733 prime192v1 1331 0.2682 prime256v1 357188 71.9622 prime256v1 Only 311537 62.765 secp160k1 1298 0.2615 secp160r1 1303 0.2625 secp160r2 1298 0.2615 secp192k1 1315 0.2649 secp224k1 1370 0.276 secp224r1 2711 0.5462 secp224r1 Only 2 0.0004 secp256k1 1587 0.3197 secp384r1 45900 9.2474 secp384r1 Only 249 0.0502 secp521r1 13918 2.804 secp521r1 Only 115 0.0232 sect163k1 1300 0.2619 sect163k1 Only 3 0.0006 sect163r1 1297 0.2613 sect163r2 1298 0.2615 sect163r2 Only 1 0.0002 sect193r1 1297 0.2613 sect193r2 1297 0.2613 sect233k1 1362 0.2744 sect233r1 1361 0.2742 sect239k1 1360 0.274 sect283k1 1566 0.3155 sect283r1 1566 0.3155 sect409k1 1566 0.3155 sect409r1 1565 0.3153 sect571k1 1575 0.3173 sect571r1 1574 0.3171 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 80483 16.2148 True 231859 46.7123 order-specific 16 0.0032 unknown 183997 37.0696 ECC curve ordering Count Percent -------------------------+---------+-------- client 2665 0.5369 inconclusive-noecc 16 0.0032 server 354894 71.5 unknown 138780 27.9598 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 31932 6.4333 ECDSA-SHA1 Only 1 0.0002 ECDSA-SHA224 31953 6.4375 ECDSA-SHA256 31989 6.4448 ECDSA-SHA384 32035 6.4541 ECDSA-SHA512 32097 6.4665 ECDSA-SHA512 Only 62 0.0125 RSA-MD5 151912 30.6055 RSA-SHA1 316124 63.6891 RSA-SHA1 Only 44717 9.0091 RSA-SHA224 256857 51.7486 RSA-SHA256 276593 55.7248 RSA-SHA256 Only 4237 0.8536 RSA-SHA384 257841 51.9469 RSA-SHA512 258008 51.9805 RSA-SHA512 Only 160 0.0322 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 237214 47.7912 indeterminate 8 0.0016 intolerant 3109 0.6264 order-fallback 18 0.0036 server 113482 22.8631 unsupported 28681 5.7783 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 31910 6.4289 ECDSA intolerant 295 0.0594 ECDSA soft-nopfs 1 0.0002 RSA False 147535 29.7237 RSA SHA1 141919 28.5922 RSA intolerant 28072 5.6556 RSA soft-nopfs 4494 0.9054 Renegotiation Count Percent -------------------------+---------+-------- False 7988 1.6093 insecure 22086 4.4496 secure 466281 93.941 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 12174 2.4527 False 7988 1.6093 NONE 476193 95.938 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 3 0.0006 1 only 3 0.0006 2 2 0.0004 2 only 2 0.0004 5 2 0.0004 5 only 2 0.0004 10 7 0.0014 10 only 7 0.0014 15 10 0.002 15 only 10 0.002 30 11 0.0022 30 only 11 0.0022 60 95 0.0191 60 only 90 0.0181 70 6 0.0012 100 15 0.003 100 only 15 0.003 120 31 0.0062 120 only 31 0.0062 128 2 0.0004 128 only 2 0.0004 150 2 0.0004 180 52 0.0105 180 only 50 0.0101 240 9 0.0018 240 only 9 0.0018 300 215043 43.3244 300 only 209657 42.2393 400 7 0.0014 400 only 7 0.0014 420 112 0.0226 420 only 68 0.0137 480 12 0.0024 480 only 12 0.0024 500 3 0.0006 500 only 3 0.0006 540 1 0.0002 540 only 1 0.0002 600 21511 4.3338 600 only 21353 4.302 720 2 0.0004 720 only 1 0.0002 900 604 0.1217 900 only 585 0.1179 960 2 0.0004 960 only 2 0.0004 1200 1894 0.3816 1200 only 1888 0.3804 1440 1 0.0002 1440 only 1 0.0002 1500 11 0.0022 1500 only 10 0.002 1800 411 0.0828 1800 only 405 0.0816 2400 6 0.0012 2400 only 6 0.0012 2700 8 0.0016 2700 only 8 0.0016 3000 14 0.0028 3000 only 13 0.0026 3300 1 0.0002 3300 only 1 0.0002 3600 424 0.0854 3600 only 409 0.0824 3900 2 0.0004 3900 only 2 0.0004 4200 1 0.0002 5400 15 0.003 5400 only 3 0.0006 6000 4 0.0008 6000 only 4 0.0008 7200 15262 3.0748 7200 only 10520 2.1195 10800 1975 0.3979 10800 only 1968 0.3965 14400 74 0.0149 14400 only 73 0.0147 18000 11 0.0022 18000 only 11 0.0022 21600 4863 0.9797 21600 only 4863 0.9797 28800 2439 0.4914 28800 only 2009 0.4048 36000 1142 0.2301 36000 only 1136 0.2289 43200 28 0.0056 43200 only 26 0.0052 60000 1 0.0002 60000 only 1 0.0002 64800 45917 9.2508 64800 only 45644 9.1958 72000 10 0.002 72000 only 10 0.002 86000 43 0.0087 86000 only 43 0.0087 86400 3392 0.6834 86400 only 3391 0.6832 100800 12408 2.4998 100800 only 12385 2.4952 129600 7 0.0014 129600 only 7 0.0014 172800 5 0.001 172800 only 5 0.001 216000 1 0.0002 216000 only 1 0.0002 432000 1 0.0002 432000 only 1 0.0002 604800 2 0.0004 604800 only 2 0.0004 864000 1 0.0002 864000 only 1 0.0002 None 179585 36.1808 None only 168439 33.9352 Certificate sig alg Count Percent -------------------------+---------+-------- None 18390 3.705 ecdsa-with-SHA256 32196 6.4865 sha1WithRSAEncryption 162789 32.7969 sha256WithRSAEncryption 301606 60.7642 sha384WithRSAEncryption 3 0.0006 sha512WithRSAEncryption 7 0.0014 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 32226 6.4925 ECDSA 384 7 0.0014 ECDSA 521 1 0.0002 RSA 1024 139 0.028 RSA 10240 4 0.0008 RSA 2047 1 0.0002 RSA 2048 446454 89.9465 RSA 2049 3 0.0006 RSA 2056 3 0.0006 RSA 2058 2 0.0004 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 9 0.0018 RSA 2096 1 0.0002 RSA 2345 1 0.0002 RSA 2408 3 0.0006 RSA 2432 5 0.001 RSA 2612 2 0.0004 RSA 3071 1 0.0002 RSA 3072 96 0.0193 RSA 3096 1 0.0002 RSA 3102 1 0.0002 RSA 3248 2 0.0004 RSA 4042 1 0.0002 RSA 4048 2 0.0004 RSA 4056 26 0.0052 RSA 4069 1 0.0002 RSA 4086 2 0.0004 RSA 4092 7 0.0014 RSA 4096 17401 3.5058 RSA 8192 5 0.001 RSA/ECDSA Dual Stack 45 0.0091 OCSP stapling Count Percent -------------------------+---------+-------- Supported 97129 19.5685 Unsupported 399226 80.4315 Supported Protocols Count Percent -------------------------+---------+------- SSL2 28373 5.7163 SSL2 Only 30 0.006 SSL3 139997 28.205 SSL3 Only 891 0.1795 SSL3 or TLS1 Only 84026 16.9286 SSL3 or lower Only 919 0.1851 TLS1 493251 99.3746 TLS1 Only 48794 9.8305 TLS1 or lower Only 110400 22.2421 TLS1.1 372212 74.9891 TLS1.1 Only 33 0.0066 TLS1.1 or up Only 1982 0.3993 TLS1.2 382499 77.0616 TLS1.2 Only 916 0.1845 TLS1.2, 1.0 but not 1.1 11830 2.3834 Statistics from 517131 chains provided by 680456 hosts Server provided chains Count Percent -------------------------+---------+------- complete 470323 69.1188 incomplete 19965 2.9341 untrusted 190168 27.9471 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 328 0.0634 3 262695 50.7985 4 249615 48.2692 5 4493 0.8688 CA key size in chains Count -------------------------+--------- ECDSA 256 32189 ECDSA 384 32184 RSA 1024 65659 RSA 2045 1 RSA 2048 1046763 RSA 4096 115739 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 32189 6.2245 ECDSA 384 32184 6.2236 RSA 1024 65657 12.6964 RSA 2045 1 0.0002 RSA 2048 484420 93.6745 RSA 4096 114849 22.2089 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 32189 sha1WithRSAEncryption 287125 sha256WithRSAEncryption 256796 sha384WithRSAEncryption 199294 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 236752 45.7818 112 248197 47.995 128 32182 6.2232 Root CAs Count Percent ---------------------------------------------+---------+------- (861a399d) AddTrust Class 1 CA Root 126586 24.4785 (2c543cd1) GeoTrust Global CA 111618 21.5841 (f081611a) The Go Daddy Group, Inc. 52765 10.2034 (5ad8a5d6) GlobalSign Root CA 52501 10.1524 (eed8c118) COMODO ECC Certification Authority 32182 6.2232 (415660c1) VeriSign, Inc. 30856 5.9668 (aee5f10d) Entrust.net Certification Authorit 28570 5.5247 (6cc3c4c3) Thawte Server CA 25221 4.8771 (f387163d) Starfield Technologies, Inc. 11117 2.1497 (ae8153b9) StartCom Certification Authority 9414 1.8204 (653b494a) Baltimore CyberTrust Root 8928 1.7264 (578d5c04) Equifax 6563 1.2691 (244b5494) DigiCert High Assurance EV Root CA 6432 1.2438 Scan performed between 18th and 28th of June 2015. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

7 years, 10 months

1
0
0 / 0

TLS scan results for May 2015

by Hubert Kario

Sorry for posting the results so late. Overall, nothing surprising, many servers haven't fixed the Logjam vulnerability. We have reached over half a million servers supporting TLS in Alexa top 1 million. As always, detailed analysis on my blog: https://securitypitfalls.wordpress.com/2015/06/20/may-2015-scan-results/ SSL/TLS survey of 504133 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 422205 83.7487 3DES Only 902 0.1789 AES 492766 97.7452 AES Only 15398 3.0544 AES-CBC 492668 97.7258 AES-CBC Only 8199 1.6264 AES-GCM 328750 65.211 AES-GCM Only 32 0.0063 CAMELLIA 216646 42.974 CAMELLIA Only 2 0.0004 CHACHA20 63418 12.5796 Insecure 78500 15.5713 RC4 277296 55.0045 RC4 Only 2038 0.4043 RC4 Preferred 39565 7.8481 RC4 forced in TLS1.1+ 22536 4.4702 x:FF 29 RC4 Only 2395 0.4751 x:FF 29 RC4 Preferred 44134 8.7544 x:FF 29 incompatible 105 0.0208 x:FF 35 RC4 Only 2735 0.5425 x:FF 35 RC4 Preferred 44278 8.783 x:FF 35 incompatible 108 0.0214 y:DHE-RSA-SEED-SHA 105410 20.9092 y:IDEA-CBC-SHA 86047 17.0683 y:SEED-SHA 103682 20.5664 z:ADH-AES128-GCM-SHA256 332 0.0659 z:ADH-AES128-SHA 1298 0.2575 z:ADH-AES128-SHA256 242 0.048 z:ADH-AES256-GCM-SHA384 344 0.0682 z:ADH-AES256-SHA 1307 0.2593 z:ADH-AES256-SHA256 244 0.0484 z:ADH-CAMELLIA128-SHA 803 0.1593 z:ADH-CAMELLIA256-SHA 814 0.1615 z:ADH-DES-CBC-SHA 368 0.073 z:ADH-DES-CBC3-SHA 1324 0.2626 z:ADH-RC4-MD5 1177 0.2335 z:ADH-SEED-SHA 719 0.1426 z:AECDH-AES128-SHA 17948 3.5602 z:AECDH-AES256-SHA 17959 3.5624 z:AECDH-DES-CBC3-SHA 17905 3.5516 z:AECDH-NULL-SHA 43 0.0085 z:AECDH-RC4-SHA 17242 3.4201 z:DES-CBC-MD5 15026 2.9806 z:DES-CBC-SHA 42323 8.3952 z:DES-CBC3-MD5 29340 5.8199 z:ECDHE-RSA-NULL-SHA 56 0.0111 z:EDH-RSA-DES-CBC-SHA 36108 7.1624 z:EXP-ADH-DES-CBC-SHA 279 0.0553 z:EXP-ADH-RC4-MD5 280 0.0555 z:EXP-DES-CBC-SHA 21187 4.2027 z:EXP-EDH-RSA-DES-CBC-SHA 17630 3.4971 z:EXP-RC2-CBC-MD5 25641 5.0862 z:EXP-RC4-MD5 27062 5.368 z:EXP1024-DES-CBC-SHA 6792 1.3473 z:EXP1024-RC4-SHA 6883 1.3653 z:IDEA-CBC-MD5 2594 0.5145 z:NULL-MD5 281 0.0557 z:NULL-SHA 286 0.0567 z:NULL-SHA256 23 0.0046 z:RC2-CBC-MD5 15367 3.0482 z:RC4-64-MD5 1245 0.247 Cipher ordering Count Percent -------------------------+---------+------- Client side 135237 26.8257 Server side 368896 73.1743 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1435 0.2846 AECDH 17990 3.5685 DHE 286817 56.8931 ECDH 1 0.0002 ECDHE 352323 69.8869 ECDHE and DHE 195467 38.7729 RSA 459524 91.1513 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 229119 45.4481 79.8833 DH,1536bits 1 0.0002 0.0003 DH,2048bits 50894 10.0954 17.7444 DH,2236bits 3 0.0006 0.001 DH,3072bits 2379 0.4719 0.8294 DH,4094bits 1 0.0002 0.0003 DH,4096bits 3569 0.7079 1.2443 DH,512bits 81 0.0161 0.0282 DH,768bits 805 0.1597 0.2807 DH,8192bits 1 0.0002 0.0003 ECDH,B-163,163bits 1 0.0002 0.0003 ECDH,B-571,570bits 1580 0.3134 0.4485 ECDH,K-571,570bits 1 0.0002 0.0003 ECDH,P-224,224bits 63 0.0125 0.0179 ECDH,P-256,256bits 344044 68.2447 97.6502 ECDH,P-384,384bits 3587 0.7115 1.0181 ECDH,P-521,521bits 5548 1.1005 1.5747 Prefer DH,1024bits 87818 17.4196 30.6181 Prefer DH,2048bits 3211 0.6369 1.1195 Prefer DH,2236bits 1 0.0002 0.0003 Prefer DH,3072bits 30 0.006 0.0105 Prefer DH,4096bits 105 0.0208 0.0366 Prefer DH,512bits 4 0.0008 0.0014 Prefer DH,768bits 404 0.0801 0.1409 Prefer ECDH,B-163,163bits 1 0.0002 0.0003 Prefer ECDH,B-571,570bits 1365 0.2708 0.3874 Prefer ECDH,K-571,570bits 1 0.0002 0.0003 Prefer ECDH,P-224,224bits 36 0.0071 0.0102 Prefer ECDH,P-256,256bits 286974 56.9243 81.452 Prefer ECDH,P-384,384bits 2591 0.514 0.7354 Prefer ECDH,P-521,521bits 5220 1.0354 1.4816 Prefer PFS 387761 76.9164 0 Support PFS 443673 88.0071 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 294 0.0583 brainpoolP384r1 294 0.0583 brainpoolP512r1 294 0.0583 prime192v1 1589 0.3152 prime256v1 351551 69.7338 prime256v1 Only 305875 60.6735 secp160k1 1561 0.3096 secp160r1 1566 0.3106 secp160r2 1561 0.3096 secp192k1 1580 0.3134 secp224k1 1628 0.3229 secp224r1 2813 0.558 secp224r1 Only 3 0.0006 secp256k1 1637 0.3247 secp384r1 45923 9.1093 secp384r1 Only 242 0.048 secp521r1 13392 2.6564 secp521r1 Only 97 0.0192 sect163k1 1569 0.3112 sect163k1 Only 1 0.0002 sect163r1 1568 0.311 sect163r2 1568 0.311 sect163r2 Only 1 0.0002 sect193r1 1566 0.3106 sect193r2 1566 0.3106 sect233k1 1625 0.3223 sect233r1 1624 0.3221 sect239k1 1624 0.3221 sect283k1 1623 0.3219 sect283r1 1621 0.3215 sect409k1 1620 0.3213 sect409r1 1617 0.3207 sect571k1 1627 0.3227 sect571r1 1627 0.3227 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 80726 16.0128 True 223171 44.2683 order-specific 14 0.0028 unknown 200222 39.7161 ECC curve ordering Count Percent -------------------------+---------+-------- client 2652 0.5261 inconclusive-noecc 26 0.0052 server 349247 69.2768 unknown 152208 30.192 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 34911 6.925 ECDSA-SHA1 Only 1 0.0002 ECDSA-SHA224 34925 6.9277 ECDSA-SHA256 34948 6.9323 ECDSA-SHA384 34966 6.9359 ECDSA-SHA512 34985 6.9396 ECDSA-SHA512 Only 19 0.0038 RSA-MD5 147472 29.2526 RSA-SHA1 310804 61.6512 RSA-SHA1 Only 46467 9.2172 RSA-SHA224 250624 49.7139 RSA-SHA256 269299 53.4182 RSA-SHA256 Only 4125 0.8182 RSA-SHA384 251575 49.9025 RSA-SHA512 251692 49.9257 RSA-SHA512 Only 54 0.0107 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 228686 45.3622 indeterminate 15 0.003 intolerant 2751 0.5457 order-fallback 23 0.0046 server 119546 23.7132 unsupported 33304 6.6062 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 34893 6.9214 ECDSA intolerant 113 0.0224 RSA False 143034 28.3723 RSA SHA1 141505 28.069 RSA intolerant 27098 5.3752 RSA soft-nopfs 4560 0.9045 Renegotiation Count Percent -------------------------+---------+-------- False 8495 1.6851 insecure 24563 4.8723 secure 471075 93.4426 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 12816 2.5422 False 8495 1.6851 NONE 482822 95.7727 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 3 0.0006 1 only 3 0.0006 2 3 0.0006 2 only 3 0.0006 5 2 0.0004 5 only 2 0.0004 10 7 0.0014 10 only 7 0.0014 15 10 0.002 15 only 10 0.002 30 10 0.002 30 only 9 0.0018 60 98 0.0194 60 only 93 0.0184 70 7 0.0014 100 21 0.0042 100 only 21 0.0042 120 27 0.0054 120 only 27 0.0054 128 2 0.0004 128 only 2 0.0004 150 2 0.0004 180 48 0.0095 180 only 46 0.0091 240 10 0.002 240 only 10 0.002 300 219015 43.4439 300 only 213209 42.2922 360 1 0.0002 400 8 0.0016 400 only 8 0.0016 420 108 0.0214 420 only 66 0.0131 480 12 0.0024 480 only 12 0.0024 500 4 0.0008 500 only 4 0.0008 600 16066 3.1869 600 only 15898 3.1535 720 2 0.0004 720 only 2 0.0004 900 742 0.1472 900 only 707 0.1402 960 2 0.0004 960 only 2 0.0004 1200 2024 0.4015 1200 only 2018 0.4003 1320 1 0.0002 1320 only 1 0.0002 1440 1 0.0002 1440 only 1 0.0002 1500 10 0.002 1500 only 9 0.0018 1800 406 0.0805 1800 only 397 0.0787 2400 6 0.0012 2400 only 6 0.0012 2700 11 0.0022 2700 only 11 0.0022 3000 14 0.0028 3000 only 14 0.0028 3600 442 0.0877 3600 only 422 0.0837 3900 1 0.0002 3900 only 1 0.0002 4100 2 0.0004 4100 only 2 0.0004 4200 1 0.0002 5400 20 0.004 5400 only 3 0.0006 6000 5 0.001 6000 only 5 0.001 7200 16629 3.2985 7200 only 13329 2.6439 10800 2315 0.4592 10800 only 2310 0.4582 14400 73 0.0145 14400 only 72 0.0143 18000 13 0.0026 18000 only 13 0.0026 21600 4826 0.9573 21600 only 4825 0.9571 28800 13 0.0026 28800 only 13 0.0026 36000 1108 0.2198 36000 only 1103 0.2188 43200 28 0.0056 43200 only 25 0.005 60000 1 0.0002 60000 only 1 0.0002 64800 50705 10.0579 64800 only 50654 10.0477 72000 17 0.0034 72000 only 17 0.0034 84600 1 0.0002 84600 only 1 0.0002 86000 45 0.0089 86000 only 45 0.0089 86400 3437 0.6818 86400 only 3436 0.6816 100800 12226 2.4252 100800 only 12226 2.4252 129600 8 0.0016 129600 only 8 0.0016 172800 2 0.0004 172800 only 2 0.0004 216000 1 0.0002 216000 only 1 0.0002 432000 1 0.0002 432000 only 1 0.0002 604800 1 0.0002 604800 only 1 0.0002 864000 3 0.0006 864000 only 3 0.0006 None 183010 36.3019 None only 173532 34.4219 Certificate sig alg Count Percent -------------------------+---------+-------- None 18818 3.7327 ecdsa-with-SHA256 34966 6.9359 sha1WithRSAEncryption 191053 37.8973 sha256WithRSAEncryption 278185 55.1809 sha384WithRSAEncryption 2 0.0004 sha512WithRSAEncryption 7 0.0014 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 35000 6.9426 ECDSA 384 6 0.0012 ECDSA 521 2 0.0004 RSA 1024 194 0.0385 RSA 10240 7 0.0014 RSA 2028 1 0.0002 RSA 2047 1 0.0002 RSA 2048 451485 89.5567 RSA 2049 3 0.0006 RSA 2056 2 0.0004 RSA 2058 2 0.0004 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 9 0.0018 RSA 2096 1 0.0002 RSA 2408 2 0.0004 RSA 2432 4 0.0008 RSA 2480 1 0.0002 RSA 2612 2 0.0004 RSA 3050 1 0.0002 RSA 3071 1 0.0002 RSA 3072 104 0.0206 RSA 3096 1 0.0002 RSA 3248 2 0.0004 RSA 4042 1 0.0002 RSA 4048 2 0.0004 RSA 4056 24 0.0048 RSA 4069 1 0.0002 RSA 4086 4 0.0008 RSA 4092 8 0.0016 RSA 4096 17305 3.4326 RSA 8192 6 0.0012 RSA/ECDSA Dual Stack 45 0.0089 OCSP stapling Count Percent -------------------------+---------+-------- Supported 94341 18.7135 Unsupported 409792 81.2865 Supported Protocols Count Percent -------------------------+---------+------- SSL2 29625 5.8764 SSL2 Only 35 0.0069 SSL3 142402 28.2469 SSL3 Only 936 0.1857 SSL3 or TLS1 Only 88722 17.5989 SSL3 or lower Only 968 0.192 TLS1 501347 99.4474 TLS1 Only 51184 10.1529 TLS1 or lower Only 116300 23.0693 TLS1.1 373523 74.0922 TLS1.1 Only 25 0.005 TLS1.1 or up Only 1606 0.3186 TLS1.2 384312 76.2323 TLS1.2 Only 845 0.1676 TLS1.2, 1.0 but not 1.1 12411 2.4619 Statistics from 515219 chains provided by 689528 hosts Server provided chains Count Percent -------------------------+---------+------- complete 449551 65.1969 incomplete 37540 5.4443 untrusted 202437 29.3588 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 345 0.067 3 295875 57.427 4 213966 41.5291 5 5031 0.9765 6 2 0.0004 CA key size in chains Count -------------------------+--------- ECDSA 256 34881 ECDSA 384 60711 RSA 1024 39543 RSA 2045 1 RSA 2048 1016373 RSA 4096 102618 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 34881 6.7701 ECDSA 384 60711 11.7835 RSA 1024 39539 7.6742 RSA 2045 1 0.0002 RSA 2048 479801 93.1256 RSA 4096 102053 19.8077 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 34881 sha1WithRSAEncryption 285370 sha256WithRSAEncryption 244990 sha384WithRSAEncryption 173666 sha512WithRSAEncryption 1 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 240612 46.7009 112 239734 46.5305 128 34873 6.7686 Root CAs Count Percent ---------------------------------------------+---------+------- (861a399d) AddTrust Class 1 CA Root 126924 24.635 (2c543cd1) GeoTrust Global CA 111533 21.6477 (f081611a) The Go Daddy Group, Inc. 54113 10.5029 (5ad8a5d6) GlobalSign Root CA 52056 10.1037 (eed8c118) COMODO ECC Certification Authority 34873 6.7686 (415660c1) VeriSign, Inc. 29756 5.7754 (aee5f10d) Entrust.net Certification Authorit 29671 5.7589 (c089bbbd) thawte Primary Root CA - G2 25836 5.0146 (f387163d) Starfield Technologies, Inc. 11081 2.1507 (ae8153b9) StartCom Certification Authority 9729 1.8883 (578d5c04) Equifax 6768 1.3136 (244b5494) DigiCert High Assurance EV Root CA 6686 1.2977 Scan performed between 24th of May and 3rd of June 2015. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

7 years, 10 months

1
0
0 / 0

Ruxcon 2015 Final Call For Presentations

by cfp＠ruxcon.org.au

Ruxcon 2015 Final Call For Presentations Melbourne, Australia, October 24-25 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015. This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre, Melbourne, Australia. The deadline for submissions is the 15th of September, 2015. .[x]. About Ruxcon .[x]. Ruxcon is ia premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security. Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community. .[x]. Important Dates .[x]. September 30 - Final Call For Presentations Close October 22-23 - Breakpoint Conference October 24-25 - Ruxcon Conference .[x]. Topic Scope .[x]. o Topics of interest include, but are not limited to: o Mobile Device Security o Virtualization, Hypervisor, and Cloud Security o Malware Analysis o Reverse Engineering o Exploitation Techniques o Rootkit Development o Code Analysis o Forensics and Anti-Forensics o Embedded Device Security o Web Application Security o Network Traffic Analysis o Wireless Network Security o Cryptography and Cryptanalysis o Social Engineering o Law Enforcement Activities o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc) .[x]. Submission Guidelines .[x]. In order for us to process your submission we require the following information: 1. Presentation title 2. Detailed summary of your presentation material 3. Name/Nickname 4. Mobile phone number 5. Brief personal biography 6. Description of any demonstrations involved in the presentation 7. Information on where the presentation material has or will be presented before Ruxcon To submit a presentation please use our submission form: http://goo.gl/WXNBvr * As a general guideline, Ruxcon presentations are between 45 and 60 minutes, including question time. .[x]. Contact .[x]. o Email: presentations(a)ruxcon.org.au o Twitter: @ruxcon

7 years, 11 months

1
0
0 / 0

rngd read errors at boot time

by Chris Murphy

https://bugzilla.redhat.com/show_bug.cgi?id=1197419#c3 Comment 3 questions whether this problem might have security implications. Any ideas? -- Chris Murphy

7 years, 11 months

4
6
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security July 2015