no analysis for this month, sorry
SSL/TLS survey of 514491 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate
installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 441032 85.722
3DES Only 662 0.1287
AES 506240 98.3963
AES Only 20155 3.9175
AES-CBC 506132 98.3753
AES-CBC Only 9532 1.8527
AES-GCM 372880 72.4755
AES-GCM Only 53 0.0103
CAMELLIA 228600 44.4323
CAMELLIA Only 1 0.0002
CHACHA20 63632 12.368
CHACHA20 Only 1 0.0002
Insecure 64742 12.5837
RC4 231507 44.9973
RC4 Only 1252 0.2433
RC4 Preferred 27685 5.381
RC4 forced in TLS1.1+ 15710 3.0535
x:FF 29 RC4 Only 1532 0.2978
x:FF 29 RC4 Preferred 31430 6.109
x:FF 29 incompatible 137 0.0266
x:FF 35 RC4 Only 1845 0.3586
x:FF 35 RC4 Preferred 31550 6.1323
x:FF 35 incompatible 138 0.0268
y:DHE-RSA-SEED-SHA 86011 16.7177
y:IDEA-CBC-SHA 78923 15.34
y:SEED-SHA 96111 18.6808
z:ADH-AES128-GCM-SHA256 333 0.0647
z:ADH-AES128-SHA 745 0.1448
z:ADH-AES128-SHA256 236 0.0459
z:ADH-AES256-GCM-SHA384 343 0.0667
z:ADH-AES256-SHA 749 0.1456
z:ADH-AES256-SHA256 236 0.0459
z:ADH-CAMELLIA128-SHA 344 0.0669
z:ADH-CAMELLIA256-SHA 350 0.068
z:ADH-DES-CBC-SHA 321 0.0624
z:ADH-DES-CBC3-SHA 759 0.1475
z:ADH-RC4-MD5 621 0.1207
z:ADH-SEED-SHA 272 0.0529
z:AECDH-AES128-SHA 12374 2.4051
z:AECDH-AES256-SHA 12403 2.4107
z:AECDH-DES-CBC3-SHA 12331 2.3967
z:AECDH-NULL-SHA 55 0.0107
z:AECDH-RC4-SHA 11656 2.2655
z:DES-CBC-MD5 12201 2.3715
z:DES-CBC-SHA 37676 7.323
z:DES-CBC3-MD5 24906 4.8409
z:ECDHE-RSA-NULL-SHA 59 0.0115
z:EDH-RSA-DES-CBC-SHA 32341 6.286
z:EXP-ADH-DES-CBC-SHA 225 0.0437
z:EXP-ADH-RC4-MD5 222 0.0431
z:EXP-DES-CBC-SHA 16253 3.159
z:EXP-EDH-RSA-DES-CBC-SHA 13136 2.5532
z:EXP-RC2-CBC-MD5 19785 3.8455
z:EXP-RC4-MD5 20799 4.0426
z:EXP1024-DES-CBC-SHA 5124 0.9959
z:EXP1024-RC4-SHA 5211 1.0128
z:IDEA-CBC-MD5 2368 0.4603
z:NULL-MD5 228 0.0443
z:NULL-SHA 231 0.0449
z:NULL-SHA256 22 0.0043
z:RC2-CBC-MD5 12471 2.4239
z:RC4-64-MD5 1000 0.1944
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 131154 25.492
Server side 383337 74.508
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 872 0.1695
AECDH 12430 2.416
DHE 282349 54.8793
ECDH 3 0.0006
ECDHE 400761 77.8947
ECDHE and DHE 210872 40.9865
RSA 466026 90.58
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 176947 34.3926 62.6696
DH,1536bits 1 0.0002 0.0004
DH,2048bits 97579 18.9661 34.5597
DH,2236bits 10 0.0019 0.0035
DH,2560bits 1 0.0002 0.0004
DH,3072bits 1027 0.1996 0.3637
DH,3092bits 1 0.0002 0.0004
DH,4096bits 6303 1.2251 2.2323
DH,512bits 53 0.0103 0.0188
DH,768bits 502 0.0976 0.1778
DH,8192bits 1 0.0002 0.0004
ECDH,B-163,163bits 1 0.0002 0.0002
ECDH,B-571,570bits 1514 0.2943 0.3778
ECDH,K-163,163bits 1 0.0002 0.0002
ECDH,K-571,570bits 1 0.0002 0.0002
ECDH,P-192,192bits 2 0.0004 0.0005
ECDH,P-224,224bits 89 0.0173 0.0222
ECDH,P-256,256bits 389270 75.6612 97.1327
ECDH,P-384,384bits 2668 0.5186 0.6657
ECDH,P-521,521bits 8073 1.5691 2.0144
Prefer DH,1024bits 63712 12.3835 22.565
Prefer DH,1536bits 1 0.0002 0.0004
Prefer DH,2048bits 9342 1.8158 3.3087
Prefer DH,2236bits 1 0.0002 0.0004
Prefer DH,3072bits 14 0.0027 0.005
Prefer DH,4096bits 342 0.0665 0.1211
Prefer DH,768bits 102 0.0198 0.0361
Prefer ECDH,B-163,163bits 1 0.0002 0.0002
Prefer ECDH,B-571,570bits 1305 0.2536 0.3256
Prefer ECDH,K-163,163bits 1 0.0002 0.0002
Prefer ECDH,K-571,570bits 1 0.0002 0.0002
Prefer ECDH,P-224,224bits 55 0.0107 0.0137
Prefer ECDH,P-256,256bits 337269 65.5539 84.1571
Prefer ECDH,P-384,384bits 2525 0.4908 0.6301
Prefer ECDH,P-521,521bits 7266 1.4123 1.8131
Prefer PFS 421937 82.0106 0
Support PFS 472238 91.7874 0
Supported ECC curves Count Percent
-------------------------+---------+--------
brainpoolP256r1 1285 0.2498
brainpoolP384r1 1285 0.2498
brainpoolP512r1 1285 0.2498
prime192v1 1409 0.2739
prime256v1 399379 77.626
prime256v1 Only 346484 67.345
secp160k1 1372 0.2667
secp160r1 1376 0.2674
secp160r2 1372 0.2667
secp192k1 1393 0.2708
secp224k1 1466 0.2849
secp224r1 3478 0.676
secp224r1 Only 2 0.0004
secp256k1 2664 0.5178
secp384r1 53002 10.3018
secp384r1 Only 342 0.0665
secp521r1 22491 4.3715
secp521r1 Only 118 0.0229
sect163k1 1376 0.2674
sect163k1 Only 2 0.0004
sect163r1 1374 0.2671
sect163r2 1375 0.2673
sect163r2 Only 1 0.0002
sect193r1 1374 0.2671
sect193r2 1374 0.2671
sect233k1 1460 0.2838
sect233r1 1458 0.2834
sect239k1 1458 0.2834
sect283k1 2637 0.5125
sect283r1 2637 0.5125
sect409k1 2637 0.5125
sect409r1 2637 0.5125
sect571k1 2650 0.5151
sect571r1 2650 0.5151
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 69342 13.4778
True 279091 54.246
order-specific 247 0.048
unknown 165811 32.2282
ECC curve ordering Count Percent
-------------------------+---------+--------
client 4128 0.8023
inconclusive-noecc 10 0.0019
server 395723 76.9154
unknown 114630 22.2803
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 36846 7.1616
ECDSA-SHA1 Only 3 0.0006
ECDSA-SHA224 36847 7.1618
ECDSA-SHA256 36861 7.1646
ECDSA-SHA384 36862 7.1648
ECDSA-SHA512 36877 7.1677
ECDSA-SHA512 Only 15 0.0029
RSA-MD5 169404 32.9265
RSA-SHA1 349277 67.8879
RSA-SHA1 Only 46373 9.0134
RSA-SHA224 283789 55.1592
RSA-SHA256 309288 60.1153
RSA-SHA256 Only 5302 1.0305
RSA-SHA384 284974 55.3895
RSA-SHA384 Only 1 0.0002
RSA-SHA512 285175 55.4286
RSA-SHA512 Only 218 0.0424
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 247485 48.1029
indeterminate 113 0.022
intolerant 3917 0.7613
order-fallback 6 0.0012
server 141461 27.4953
unsupported 22160 4.3072
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 36832 7.1589
ECDSA intolerant 63 0.0122
ECDSA pfs-rsa-SHA512 1 0.0002
RSA False 168019 32.6573
RSA SHA1 154614 30.0518
RSA intolerant 32671 6.3502
RSA pfs-ecdsa-SHA512 1 0.0002
RSA soft-nopfs 1437 0.2793
Renegotiation Count Percent
-------------------------+---------+--------
False 6340 1.2323
insecure 19961 3.8798
secure 488190 94.888
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 10392 2.0199
False 6340 1.2323
NONE 497759 96.7479
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 4 0.0008
1 only 4 0.0008
2 2 0.0004
2 only 2 0.0004
5 1 0.0002
5 only 1 0.0002
10 7 0.0014
10 only 7 0.0014
15 8 0.0016
15 only 8 0.0016
30 11 0.0021
30 only 10 0.0019
60 93 0.0181
60 only 87 0.0169
65 1 0.0002
65 only 1 0.0002
70 7 0.0014
100 14 0.0027
100 only 14 0.0027
120 30 0.0058
120 only 30 0.0058
128 2 0.0004
128 only 2 0.0004
150 2 0.0004
180 39 0.0076
180 only 37 0.0072
240 14 0.0027
240 only 14 0.0027
300 232702 45.2296
300 only 227970 44.3098
302 2 0.0004
302 only 2 0.0004
360 2 0.0004
360 only 1 0.0002
400 7 0.0014
400 only 7 0.0014
420 113 0.022
420 only 87 0.0169
480 11 0.0021
480 only 11 0.0021
500 4 0.0008
500 only 4 0.0008
540 1 0.0002
540 only 1 0.0002
600 24187 4.7012
600 only 24031 4.6708
720 2 0.0004
720 only 2 0.0004
840 2 0.0004
840 only 2 0.0004
900 718 0.1396
900 only 702 0.1364
960 3 0.0006
960 only 3 0.0006
1200 2085 0.4053
1200 only 2080 0.4043
1320 1 0.0002
1320 only 1 0.0002
1500 11 0.0021
1500 only 10 0.0019
1800 473 0.0919
1800 only 468 0.091
2100 1 0.0002
2100 only 1 0.0002
2400 6 0.0012
2400 only 6 0.0012
2700 7 0.0014
2700 only 7 0.0014
3000 19 0.0037
3000 only 19 0.0037
3600 512 0.0995
3600 only 498 0.0968
3900 1 0.0002
3900 only 1 0.0002
4200 1 0.0002
5160 1 0.0002
5160 only 1 0.0002
5400 14 0.0027
5400 only 6 0.0012
6000 3 0.0006
6000 only 3 0.0006
7200 16177 3.1443
7200 only 16154 3.1398
10800 2416 0.4696
10800 only 2411 0.4686
14400 70 0.0136
14400 only 70 0.0136
18000 7 0.0014
18000 only 7 0.0014
21600 4966 0.9652
21600 only 4963 0.9646
28800 2049 0.3983
28800 only 637 0.1238
36000 1187 0.2307
36000 only 1176 0.2286
43200 35 0.0068
43200 only 35 0.0068
60000 1 0.0002
60000 only 1 0.0002
64800 51944 10.0962
64800 only 51911 10.0898
72000 13 0.0025
72000 only 13 0.0025
86000 31 0.006
86000 only 31 0.006
86400 3546 0.6892
86400 only 3543 0.6886
100800 11273 2.1911
100800 only 11263 2.1892
129600 9 0.0017
129600 only 9 0.0017
172800 7 0.0014
172800 only 7 0.0014
216000 1 0.0002
216000 only 1 0.0002
432000 2 0.0004
432000 only 2 0.0004
604800 1 0.0002
604800 only 1 0.0002
864000 3 0.0006
864000 only 3 0.0006
2592000 1 0.0002
2592000 only 1 0.0002
None 166108 32.2859
None only 159631 31.027
Certificate sig alg Count Percent
-------------------------+---------+--------
None 13099 2.546
ecdsa-with-SHA256 36858 7.164
sha1WithRSAEncryption 100797 19.5916
sha256WithRSAEncryption 377291 73.3329
sha384WithRSAEncryption 6 0.0012
sha512WithRSAEncryption 26 0.0051
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 36891 7.1704
ECDSA 384 8 0.0016
RSA 1024 68 0.0132
RSA 10240 5 0.001
RSA 2048 459006 89.2156
RSA 2049 3 0.0006
RSA 2056 2 0.0004
RSA 2058 2 0.0004
RSA 2064 1 0.0002
RSA 2078 1 0.0002
RSA 2080 2 0.0004
RSA 2084 6 0.0012
RSA 2096 2 0.0004
RSA 2408 1 0.0002
RSA 2432 2 0.0004
RSA 2480 1 0.0002
RSA 2890 1 0.0002
RSA 3024 1 0.0002
RSA 3071 1 0.0002
RSA 3072 119 0.0231
RSA 3248 3 0.0006
RSA 4042 1 0.0002
RSA 4048 1 0.0002
RSA 4056 26 0.0051
RSA 4069 2 0.0004
RSA 4092 6 0.0012
RSA 4094 1 0.0002
RSA 4096 18374 3.5713
RSA 8192 5 0.001
RSA/ECDSA Dual Stack 44 0.0086
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 110108 21.4013
Unsupported 404383 78.5987
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 25202 4.8984
SSL2 Only 15 0.0029
SSL3 126817 24.649
SSL3 Only 549 0.1067
SSL3 or TLS1 Only 72846 14.1588
SSL3 or lower Only 571 0.111
TLS1 510753 99.2735
TLS1 Only 43061 8.3696
TLS1 or lower Only 96394 18.7358
TLS1.1 405071 78.7324
TLS1.1 Only 30 0.0058
TLS1.1 or up Only 2939 0.5712
TLS1.2 415131 80.6877
TLS1.2 Only 1267 0.2463
TLS1.2, 1.0 but not 1.1 11078 2.1532
Statistics from 481615 chains provided by 696385 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 438491 62.9667
incomplete 20877 2.9979
untrusted 237017 34.0353
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 214 0.0444
3 479299 99.5191
4 2064 0.4286
5 38 0.0079
CA key size in chains Count
-------------------------+---------
ECDSA 256 21571
ECDSA 384 21574
RSA 1024 189
RSA 2045 3
RSA 2048 797792
RSA 4096 124027
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 21571 4.4789
ECDSA 384 21574 4.4795
RSA 1024 187 0.0388
RSA 2045 3 0.0006
RSA 2048 459556 95.4198
RSA 4096 123505 25.6439
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 21569
sha1WithRSAEncryption 87272
sha256WithRSAEncryption 264799
sha384WithRSAEncryption 109831
sha512WithRSAEncryption 70
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 87432 18.1539
112 372602 77.3651
128 21581 4.481
Root CAs Count Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA 102403 21.2624
(d6325660) COMODO RSA Certification Authority 101866 21.1509
(cbf06781) Go Daddy Root Certificate Authorit 47350 9.8315
(5ad8a5d6) GlobalSign Root CA 41408 8.5977
(b204d74a) VeriSign Class 3 Public Primary Ce 26837 5.5723
(244b5494) DigiCert High Assurance EV Root CA 25125 5.2168
(2e4eed3c) thawte Primary Root CA 22902 4.7553
(eed8c118) COMODO ECC Certification Authority 21557 4.476
(653b494a) Baltimore CyberTrust Root 11908 2.4725
(157753a5) AddTrust External CA Root 10009 2.0782
(ae8153b9) StartCom Certification Authority 8637 1.7933
(fc5a8f99) USERTrust RSA Certification Author 7875 1.6351
(3513523f) DigiCert Global Root CA 7502 1.5577
(4bfab552) Starfield Root Certificate Authori 6246 1.2969
(480720ec) GeoTrust Primary Certification Aut 5252 1.0905
(f387163d) Starfield Technologies, Inc. 4889 1.0151
Scan performed between 18th and 28th of September 2015.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web:
www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic