TLS scan results for December 2014

Not much changes since previous month, just continuation of established trends (migration towards TLSv1.2, AES-GCM, SHA-256 signatures, depreciation of RC4) Detailed analysis on my blog: https://securitypitfalls.wordpress.com/2015/01/19/december-2014-scan-resu... SSL/TLS survey of 447186 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 378348 84.6064 3DES Only 409 0.0915 AES 419934 93.9059 AES Only 6307 1.4104 AES-CBC Only 4535 1.0141 AES-GCM 237571 53.1258 AES-GCM Only 11 0.0025 CAMELLIA 173896 38.8867 CAMELLIA Only 2 0.0004 CHACHA20 13870 3.1016 Insecure 93150 20.8303 RC4 366313 81.9151 RC4 Only 3873 0.8661 RC4 Preferred 67762 15.153 RC4 forced in TLS1.1+ 42015 9.3954 x:FF 29 RC4 Only 527 0.1178 x:FF 29 RC4 Preferred 73724 16.4862 x:FF 29 incompatible 139 0.0311 y:DHE-RSA-SEED-SHA 83551 18.6837 y:IDEA-CBC-MD5 3036 0.6789 y:IDEA-CBC-SHA 67508 15.0962 y:SEED-SHA 84973 19.0017 z:ADH-AES128-GCM-SHA256 293 0.0655 z:ADH-AES128-SHA 992 0.2218 z:ADH-AES128-SHA256 241 0.0539 z:ADH-AES256-GCM-SHA384 300 0.0671 z:ADH-AES256-SHA 1007 0.2252 z:ADH-AES256-SHA256 241 0.0539 z:ADH-CAMELLIA128-SHA 420 0.0939 z:ADH-CAMELLIA256-SHA 430 0.0962 z:ADH-DES-CBC-SHA 407 0.091 z:ADH-DES-CBC3-SHA 1034 0.2312 z:ADH-RC4-MD5 826 0.1847 z:ADH-SEED-SHA 294 0.0657 z:AECDH-AES128-SHA 13690 3.0614 z:AECDH-AES256-SHA 13690 3.0614 z:AECDH-DES-CBC3-SHA 13651 3.0526 z:AECDH-NULL-SHA 27 0.006 z:AECDH-RC4-SHA 12738 2.8485 z:DES-CBC-MD5 19967 4.465 z:DES-CBC-SHA 54475 12.1817 z:DES-CBC3-MD5 35969 8.0434 z:ECDHE-RSA-NULL-SHA 32 0.0072 z:EDH-RSA-DES-CBC-SHA 46870 10.4811 z:EXP-ADH-DES-CBC-SHA 330 0.0738 z:EXP-ADH-RC4-MD5 334 0.0747 z:EXP-DES-CBC-SHA 40137 8.9755 z:EXP-EDH-RSA-DES-CBC-SHA 29161 6.521 z:EXP-RC2-CBC-MD5 45160 10.0987 z:EXP-RC4-MD5 48009 10.7358 z:EXP1024-DES-CBC-SHA 9943 2.2235 z:EXP1024-RC4-SHA 10098 2.2581 z:NULL-MD5 292 0.0653 z:NULL-SHA 296 0.0662 z:NULL-SHA256 9 0.002 z:RC2-CBC-MD5 20356 4.552 z:RC4-64-MD5 1712 0.3828 Cipher ordering Count Percent -------------------------+---------+------- Client side 145491 32.5348 Server side 301695 67.4652 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1117 0.2498 AECDH 13714 3.0667 DHE 223710 50.0262 ECDHE 262693 58.7436 ECDHE and DHE 116323 26.0122 RSA 420069 93.9361 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,1024bits 195986 43.8265 87.6072 DH,1536bits 1 0.0002 0.0004 DH,2048bits 25243 5.6449 11.2838 DH,2226bits 1 0.0002 0.0004 DH,2236bits 2 0.0004 0.0009 DH,2430bits 1 0.0002 0.0004 DH,3072bits 13 0.0029 0.0058 DH,3248bits 2 0.0004 0.0009 DH,4094bits 1 0.0002 0.0004 DH,4096bits 1546 0.3457 0.6911 DH,512bits 127 0.0284 0.0568 DH,768bits 818 0.1829 0.3657 DH,8192bits 1 0.0002 0.0004 ECDH,B-163,163bits 11 0.0025 0.0042 ECDH,B-571,570bits 627 0.1402 0.2387 ECDH,K-163,163bits 1 0.0002 0.0004 ECDH,P-224,224bits 49 0.011 0.0187 ECDH,P-256,256bits 257780 57.6449 98.1298 ECDH,P-384,384bits 759 0.1697 0.2889 ECDH,P-521,521bits 4352 0.9732 1.6567 Prefer DH,1024bits 101308 22.6546 45.2854 Prefer DH,1536bits 1 0.0002 0.0004 Prefer DH,2048bits 2733 0.6112 1.2217 Prefer DH,2236bits 1 0.0002 0.0004 Prefer DH,4096bits 102 0.0228 0.0456 Prefer DH,512bits 8 0.0018 0.0036 Prefer DH,768bits 455 0.1017 0.2034 Prefer ECDH,B-163,163bits 11 0.0025 0.0042 Prefer ECDH,B-571,570bits 441 0.0986 0.1679 Prefer ECDH,P-224,224bits 18 0.004 0.0069 Prefer ECDH,P-256,256bits 206995 46.2883 78.7973 Prefer ECDH,P-384,384bits 701 0.1568 0.2669 Prefer ECDH,P-521,521bits 3970 0.8878 1.5113 Prefer PFS 316744 70.8305 0 Support PFS 370080 82.7575 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 21 0.0047 brainpoolP384r1 21 0.0047 brainpoolP512r1 21 0.0047 prime192v1 638 0.1427 prime256v1 262107 58.6125 prime256v1 Only 224888 50.2896 secp160k1 612 0.1369 secp160r1 612 0.1369 secp160r2 611 0.1366 secp192k1 633 0.1416 secp224k1 670 0.1498 secp224r1 913 0.2042 secp224r1 Only 1 0.0002 secp256k1 681 0.1523 secp384r1 37358 8.354 secp384r1 Only 140 0.0313 secp521r1 9820 2.196 secp521r1 Only 76 0.017 sect163k1 615 0.1375 sect163k1 Only 2 0.0004 sect163r1 613 0.1371 sect163r2 623 0.1393 sect163r2 Only 11 0.0025 sect193r1 612 0.1369 sect193r2 612 0.1369 sect233k1 660 0.1476 sect233r1 660 0.1476 sect239k1 660 0.1476 sect283k1 659 0.1474 sect283r1 659 0.1474 sect409k1 658 0.1471 sect409r1 658 0.1471 sect571k1 669 0.1496 sect571r1 669 0.1496 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 53728 12.0147 True 172271 38.5233 order-specific 18 0.004 unknown 221169 49.4579 ECC curve ordering Count Percent -------------------------+---------+-------- client 651 0.1456 inconclusive-noecc 11 0.0025 server 261689 58.5191 unknown 184835 41.3329 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 25418 5.684 ECDSA-SHA224 25440 5.6889 ECDSA-SHA256 25455 5.6923 ECDSA-SHA384 25468 5.6952 ECDSA-SHA512 25495 5.7012 ECDSA-SHA512 Only 27 0.006 RSA-MD5 109093 24.3954 RSA-MD5 Only 4 0.0009 RSA-SHA1 235950 52.7633 RSA-SHA1 Only 37466 8.3782 RSA-SHA224 193902 43.3605 RSA-SHA256 200147 44.757 RSA-SHA256 Only 1249 0.2793 RSA-SHA384 194348 43.4602 RSA-SHA512 194433 43.4792 RSA-SHA512 Only 76 0.017 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 177369 39.6634 indeterminate 7 0.0016 intolerant 984 0.22 order-fallback 7 0.0016 server 84987 19.0048 unsupported 40384 9.0307 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 25401 5.6802 ECDSA intolerant 119 0.0266 ECDSA pfs-rsa-SHA512 1 0.0002 RSA False 107562 24.0531 RSA SHA1 111710 24.9807 RSA intolerant 17117 3.8277 RSA pfs-ecdsa-SHA512 2 0.0004 RSA soft-nopfs 1576 0.3524 Renegotiation Count Percent -------------------------+---------+-------- False 10805 2.4162 insecure 27291 6.1028 secure 409090 91.4809 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 18282 4.0882 False 10805 2.4162 NONE 418099 93.4955 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 2 0.0004 1 only 2 0.0004 3 2 0.0004 3 only 2 0.0004 5 1 0.0002 5 only 1 0.0002 10 5 0.0011 10 only 5 0.0011 15 8 0.0018 15 only 8 0.0018 30 7 0.0016 30 only 6 0.0013 60 65 0.0145 60 only 62 0.0139 70 1 0.0002 75 1 0.0002 75 only 1 0.0002 100 16 0.0036 100 only 16 0.0036 120 20 0.0045 120 only 20 0.0045 128 1 0.0002 128 only 1 0.0002 180 33 0.0074 180 only 33 0.0074 240 2 0.0004 240 only 2 0.0004 256 1 0.0002 256 only 1 0.0002 300 175517 39.2492 300 only 163896 36.6505 400 1 0.0002 400 only 1 0.0002 420 33 0.0074 420 only 27 0.006 480 10 0.0022 480 only 10 0.0022 600 14086 3.1499 600 only 13798 3.0855 720 1 0.0002 720 only 1 0.0002 900 496 0.1109 900 only 480 0.1073 960 3 0.0007 960 only 3 0.0007 1000 1 0.0002 1000 only 1 0.0002 1200 254 0.0568 1200 only 253 0.0566 1500 10 0.0022 1500 only 8 0.0018 1800 265 0.0593 1800 only 261 0.0584 2100 1 0.0002 2100 only 1 0.0002 2400 2 0.0004 2400 only 2 0.0004 2520 1 0.0002 2520 only 1 0.0002 2700 5 0.0011 2700 only 5 0.0011 3000 9 0.002 3000 only 9 0.002 3600 336 0.0751 3600 only 313 0.07 4800 1 0.0002 4800 only 1 0.0002 5400 2 0.0004 6000 3 0.0007 6000 only 3 0.0007 7200 11839 2.6474 7200 only 9113 2.0379 10800 17 0.0038 10800 only 8 0.0018 14400 1145 0.256 14400 only 1145 0.256 18000 2 0.0004 18000 only 2 0.0004 21600 2996 0.67 21600 only 2995 0.6697 28800 9 0.002 28800 only 8 0.0018 30000 1 0.0002 30000 only 1 0.0002 36000 394 0.0881 36000 only 389 0.087 43200 2088 0.4669 43200 only 2088 0.4669 60000 1 0.0002 60000 only 1 0.0002 64800 41860 9.3608 64800 only 41586 9.2995 72000 8 0.0018 72000 only 8 0.0018 86000 36 0.0081 86000 only 36 0.0081 86400 218 0.0487 86400 only 218 0.0487 100800 13600 3.0412 100800 only 13599 3.041 129600 13 0.0029 129600 only 13 0.0029 216000 1 0.0002 216000 only 1 0.0002 604800 1 0.0002 604800 only 1 0.0002 864000 4 0.0009 864000 only 4 0.0009 2592000 3 0.0007 2592000 only 3 0.0007 None 196733 43.9936 None only 181749 40.6428 Certificate sig alg Count Percent -------------------------+---------+-------- None 14674 3.2814 ecdsa-with-SHA256 25488 5.6996 sha1WithRSAEncryption 280609 62.75 sha256WithRSAEncryption 141161 31.5665 sha512WithRSAEncryption 6 0.0013 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 25516 5.7059 ECDSA 384 4 0.0009 ECDSA 521 1 0.0002 RSA 1024 1164 0.2603 RSA 10240 6 0.0013 RSA 2028 1 0.0002 RSA 2047 1 0.0002 RSA 2048 405216 90.6146 RSA 2049 3 0.0007 RSA 2056 6 0.0013 RSA 2058 2 0.0004 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 11 0.0025 RSA 2096 1 0.0002 RSA 2345 1 0.0002 RSA 2408 2 0.0004 RSA 2432 7 0.0016 RSA 2536 1 0.0002 RSA 2612 1 0.0002 RSA 3071 1 0.0002 RSA 3072 67 0.015 RSA 3102 1 0.0002 RSA 3248 3 0.0007 RSA 3600 1 0.0002 RSA 4048 2 0.0004 RSA 4056 31 0.0069 RSA 4086 3 0.0007 RSA 4092 1 0.0002 RSA 4096 15176 3.3937 RSA 4098 1 0.0002 RSA 8192 3 0.0007 RSA/ECDSA Dual Stack 38 0.0085 OCSP stapling Count Percent -------------------------+---------+-------- Supported 77324 17.2912 Unsupported 369862 82.7088 Supported Protocols Count Percent -------------------------+---------+------- SSL2 36284 8.1138 SSL2 Only 91 0.0203 SSL3 179062 40.042 SSL3 Only 1745 0.3902 SSL3 or TLS1 Only 105359 23.5604 SSL3 or lower Only 1809 0.4045 TLS1 444489 99.3969 TLS1 Only 52837 11.8154 TLS1 or lower Only 138580 30.9893 TLS1.1 293865 65.7143 TLS1.1 Only 27 0.006 TLS1.1 or up Only 523 0.117 TLS1.2 303723 67.9187 TLS1.2 Only 390 0.0872 TLS1.2, 1.0 but not 1.1 12385 2.7695 Statistics from 470946 chains provided by 638990 hosts Server provided chains Count Percent -------------------------+---------+------- complete 410153 64.1877 incomplete 27383 4.2854 untrusted 201454 31.5269 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 1649 0.3501 3 431002 91.5183 4 38270 8.1262 5 25 0.0053 CA key size in chains Count -------------------------+--------- ECDSA 256 25501 ECDSA 384 25501 RSA 1024 1364 RSA 2045 1 RSA 2048 879560 RSA 4096 46636 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 25501 5.4148 ECDSA 384 25501 5.4148 RSA 1024 1360 0.2888 RSA 2045 1 0.0002 RSA 2048 444009 94.2802 RSA 4096 46099 9.7886 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 25501 sha1WithRSAEncryption 305263 sha256WithRSAEncryption 107270 sha384WithRSAEncryption 69568 sha512WithRSAEncryption 15 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 305164 64.7981 112 140279 29.7866 128 25503 5.4153 Most popular root CAs Count Percent ---------------------------------------------+---------+------- (2c543cd1) GeoTrust Global CA 110291 23.419 (157753a5) AddTrust External CA Root 77350 16.4244 (5ad8a5d6) GlobalSign Root CA 47688 10.126 (b204d74a) VeriSign Class 3 Public Primary Ce 29428 6.2487 (cbf06781) Go Daddy Root Certificate Authorit 38568 8.1895 (2e4eed3c) thawte Primary Root CA 26893 5.7104 (eed8c118) COMODO ECC Certification Authority 25498 5.4142 (244b5494) DigiCert High Assurance EV Root CA 23587 5.0084 (f081611a) The Go Daddy Group, Inc. 13909 2.9534 (b13cc6df) UTN-USERFirst-Hardware 11545 2.4514 (653b494a) Baltimore CyberTrust Root 11478 2.4372 (ae8153b9) StartCom Certification Authority 9006 1.9123 (40547a79) COMODO Certification Authority 8167 1.7342 (f387163d) Starfield Technologies, Inc. 7454 1.5828 (3513523f) DigiCert Global Root CA 5105 1.084 (480720ec) GeoTrust Primary Certification Aut 4748 1.0082 Scan performed between 11th and 20th of December 2014. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic