Fedora crypto policy vs the real world Was: available crypto policies
Nikos Mavrogiannopoulos
nmav at redhat.com
Mon May 5 09:50:48 UTC 2014
On Fri, 2014-04-25 at 10:34 -0400, Hubert Kario wrote:
> Hi,
>
> I went and extended the scanning script from
> https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
> and performed the same scan again.
>
> The most important change is that I captured also the information
> about the used certificate by server (both the key size, signature
> and if it links to trust anchors we distribute in F19). That makes
> the cohort significantly different (my 305280 valid servers vs
> Julien Vehent's 451470 SSL-enabled servers).
>
> The results are both good and bad.
>
> The bad:
> 1. Over 10% of servers prefer RC4 with TLS1.1 or TLS1.2 (!!)
> 2. 1.77% of servers support only RC4 (which is an increase from
> Julien scan result of 1.5%)
> 3. Nearly 20% of servers prefer RC4
> 4. There are still servers that support *only* SSLv2
> 5. Nearly 95% of servers have certificates signed with SHA-1
> 6. Over 30% of servers prefer PFS with 1024 bit DH params
> 7. 15% of servers enable export suites
> 8. 19% enable single DES suites
> 9. 3% of servers support only 3DES ciphers
>
> The good:
> 1. There are no servers with valid certificates and <1024 bit RSA keys
> 2. While there are quite a few servers that use 768bit or 512bit DH
> (about 0.2%) very few of them actually prefer them (0.023%)
> 3. There are no servers with certificates with md5 signatures
> 4. Nearly 50% of servers support TLS1.1 or greater
> 5. Over 99% of servers use at least 2047 bit RSA certificates
>
> Note that the results do not include results from SNI-only servers.
> Also, for some reason google servers like YouTube don't present ECDSA
> certificates to the script.
Very nice work.
> SSL/TLS survey of 305280 websites from Alexa's top 0.97 million
> Stats only from connections that did provide valid certificates
> (or anonymous DH from servers that do also have valid certificate installed)
> RC4 Only 5418 1.7748
That's pretty interesting. The question is now how important is that RC4
only segment. Is that percentage significant enough to revise having RC4
in the "default" crypto profile set?
btw. I've put the policy generation code in:
https://git.fedorahosted.org/git/crypto-profiles.git
It currently generates policies for gnutls (in rawhide) and for openssl
(which will support that in rawhide). NSS should follow, hopefully,
before the F21 release (patches are available but are not upstream yet).
regards,
Nikos
More information about the security
mailing list