Fedora crypto policy vs the real world Was: available crypto policies
Hubert Kario
hkario at redhat.com
Fri Apr 25 14:34:21 UTC 2014
Hi,
I went and extended the scanning script from
https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
and performed the same scan again.
The most important change is that I captured also the information
about the used certificate by server (both the key size, signature
and if it links to trust anchors we distribute in F19). That makes
the cohort significantly different (my 305280 valid servers vs
Julien Vehent's 451470 SSL-enabled servers).
The results are both good and bad.
The bad:
1. Over 10% of servers prefer RC4 with TLS1.1 or TLS1.2 (!!)
2. 1.77% of servers support only RC4 (which is an increase from
Julien scan result of 1.5%)
3. Nearly 20% of servers prefer RC4
4. There are still servers that support *only* SSLv2
5. Nearly 95% of servers have certificates signed with SHA-1
6. Over 30% of servers prefer PFS with 1024 bit DH params
7. 15% of servers enable export suites
8. 19% enable single DES suites
9. 3% of servers support only 3DES ciphers
The good:
1. There are no servers with valid certificates and <1024 bit RSA keys
2. While there are quite a few servers that use 768bit or 512bit DH
(about 0.2%) very few of them actually prefer them (0.023%)
3. There are no servers with certificates with md5 signatures
4. Nearly 50% of servers support TLS1.1 or greater
5. Over 99% of servers use at least 2047 bit RSA certificates
Note that the results do not include results from SNI-only servers.
Also, for some reason google servers like YouTube don't present ECDSA
certificates to the script.
SSL/TLS survey of 305280 websites from Alexa's top 0.97 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 274509 89.9204
3DES Only 9642 3.1584
AES 277201 90.8022
AES Only 523 0.1713
AES-CBC Only 267 0.0875
AES-GCM 100595 32.9517
AES-GCM Only 12 0.0039
CAMELLIA 112135 36.7319
CAMELLIA Only 1 0.0003
CHACHA20 19072 6.2474
RC4 268298 87.8859
RC4 Only 5418 1.7748
RC4 Preferred 59552 19.5073
RC4 forced in TLS1.1+ 31737 10.396
z:ADH-DES-CBC-SHA 1016 0.3328
z:ADH-SEED-SHA 795 0.2604
z:AECDH-NULL-SHA 8 0.0026
z:DES-CBC-MD5 279 0.0914
z:DES-CBC-SHA 60744 19.8978
z:DHE-RSA-SEED-SHA 46262 15.154
z:ECDHE-RSA-NULL-SHA 6 0.002
z:EDH-RSA-DES-CBC-SHA 49529 16.2241
z:EXP-ADH-DES-CBC-SHA 624 0.2044
z:EXP-DES-CBC-SHA 49850 16.3293
z:EXP-EDH-RSA-DES-CBC-SHA 36180 11.8514
z:EXP-RC2-CBC-MD5 47372 15.5176
z:IDEA-CBC-MD5 28 0.0092
z:IDEA-CBC-SHA 44932 14.7183
z:NULL-MD5 322 0.1055
z:NULL-SHA 317 0.1038
z:NULL-SHA256 11 0.0036
z:RC2-CBC-MD5 307 0.1006
z:SEED-SHA 59061 19.3465
Supported Handshakes Count Percent
-------------------------+---------+-------
DHE 144983 47.4918
DHE and ECDHE 33828 11.081
ECDHE 113831 37.2874
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 138534 45.3793 61.5745
DH,2048bits 5471 1.7921 2.4317
DH,3072bits 2 0.0007 0.0009
DH,3248bits 2 0.0007 0.0009
DH,4094bits 1 0.0003 0.0004
DH,4096bits 250 0.0819 0.1111
DH,512bits 78 0.0256 0.0347
DH,768bits 651 0.2132 0.2894
ECDH,B-163,163bits 1 0.0003 0.0004
ECDH,B-571,570bits 279 0.0914 0.124
ECDH,P-224,224bits 3 0.001 0.0013
ECDH,P-256,256bits 113201 37.081 50.3147
ECDH,P-384,384bits 138 0.0452 0.0613
ECDH,P-521,521bits 266 0.0871 0.1182
Prefer DH,1024bits 99280 32.521 44.1272
Prefer DH,2048bits 1848 0.6053 0.8214
Prefer DH,4096bits 12 0.0039 0.0053
Prefer DH,512bits 1 0.0003 0.0004
Prefer DH,768bits 72 0.0236 0.032
Prefer ECDH,B-163,163bits 1 0.0003 0.0004
Prefer ECDH,B-571,570bits 226 0.074 0.1005
Prefer ECDH,P-256,256bits 80220 26.2775 35.6556
Prefer ECDH,P-384,384bits 84 0.0275 0.0373
Prefer ECDH,P-521,521bits 246 0.0806 0.1093
Prefer PFS 181990 59.6141 80.8895
Support PFS 224986 73.6982 100.0
Certificate sig alg Count Percent
-------------------------+---------+--------
None 11870 3.8882
sha1WithRSAEncryption 289276 94.7576
sha256WithRSAEncryption 16033 5.2519
Certificate key size Count Percent
-------------------------+---------+--------
RSA 1024 2098 0.6872
RSA 2028 1 0.0003
RSA 2047 3 0.001
RSA 2048 295413 96.7679
RSA 2049 4 0.0013
RSA 2056 3 0.001
RSA 2058 1 0.0003
RSA 2060 1 0.0003
RSA 2064 1 0.0003
RSA 2080 3 0.001
RSA 2084 2 0.0007
RSA 2345 1 0.0003
RSA 2408 1 0.0003
RSA 2432 88 0.0288
RSA 2536 1 0.0003
RSA 2612 1 0.0003
RSA 3000 1 0.0003
RSA 3050 1 0.0003
RSA 3072 18 0.0059
RSA 3248 2 0.0007
RSA 3600 1 0.0003
RSA 4042 1 0.0003
RSA 4048 1 0.0003
RSA 4069 1 0.0003
RSA 4086 1 0.0003
RSA 4092 2 0.0007
RSA 4096 7634 2.5007
RSA 4098 1 0.0003
RSA 4192 2 0.0007
RSA 8192 4 0.0013
RSA/ECDSA Dual Stack 0 0.0
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 644 0.211
SSL2 Only 20 0.0066
SSL3 303052 99.2702
SSL3 Only 3706 1.214
SSL3 or TLS1 Only 155876 51.06
TLS1 301098 98.6301
TLS1 Only 673 0.2205
TLS1.1 136386 44.6757
TLS1.1 Only 4 0.0013
TLS1.1 or up Only 60 0.0197
TLS1.2 144857 47.4505
TLS1.2 Only 45 0.0147
TLS1.2, 1.0 but not 1.1 12292 4.0265
(the scan was performed between 5th and 17th of April 2014,
full results available on request - 34MiB xz tarball)
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario at redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the security
mailing list