TLS scan results for December 2014
Hubert Kario
hkario at redhat.com
Mon Jan 19 12:28:00 UTC 2015
Not much changes since previous month, just continuation of established trends
(migration towards TLSv1.2, AES-GCM, SHA-256 signatures, depreciation of RC4)
Detailed analysis on my blog:
https://securitypitfalls.wordpress.com/2015/01/19/december-2014-scan-results/
SSL/TLS survey of 447186 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 378348 84.6064
3DES Only 409 0.0915
AES 419934 93.9059
AES Only 6307 1.4104
AES-CBC Only 4535 1.0141
AES-GCM 237571 53.1258
AES-GCM Only 11 0.0025
CAMELLIA 173896 38.8867
CAMELLIA Only 2 0.0004
CHACHA20 13870 3.1016
Insecure 93150 20.8303
RC4 366313 81.9151
RC4 Only 3873 0.8661
RC4 Preferred 67762 15.153
RC4 forced in TLS1.1+ 42015 9.3954
x:FF 29 RC4 Only 527 0.1178
x:FF 29 RC4 Preferred 73724 16.4862
x:FF 29 incompatible 139 0.0311
y:DHE-RSA-SEED-SHA 83551 18.6837
y:IDEA-CBC-MD5 3036 0.6789
y:IDEA-CBC-SHA 67508 15.0962
y:SEED-SHA 84973 19.0017
z:ADH-AES128-GCM-SHA256 293 0.0655
z:ADH-AES128-SHA 992 0.2218
z:ADH-AES128-SHA256 241 0.0539
z:ADH-AES256-GCM-SHA384 300 0.0671
z:ADH-AES256-SHA 1007 0.2252
z:ADH-AES256-SHA256 241 0.0539
z:ADH-CAMELLIA128-SHA 420 0.0939
z:ADH-CAMELLIA256-SHA 430 0.0962
z:ADH-DES-CBC-SHA 407 0.091
z:ADH-DES-CBC3-SHA 1034 0.2312
z:ADH-RC4-MD5 826 0.1847
z:ADH-SEED-SHA 294 0.0657
z:AECDH-AES128-SHA 13690 3.0614
z:AECDH-AES256-SHA 13690 3.0614
z:AECDH-DES-CBC3-SHA 13651 3.0526
z:AECDH-NULL-SHA 27 0.006
z:AECDH-RC4-SHA 12738 2.8485
z:DES-CBC-MD5 19967 4.465
z:DES-CBC-SHA 54475 12.1817
z:DES-CBC3-MD5 35969 8.0434
z:ECDHE-RSA-NULL-SHA 32 0.0072
z:EDH-RSA-DES-CBC-SHA 46870 10.4811
z:EXP-ADH-DES-CBC-SHA 330 0.0738
z:EXP-ADH-RC4-MD5 334 0.0747
z:EXP-DES-CBC-SHA 40137 8.9755
z:EXP-EDH-RSA-DES-CBC-SHA 29161 6.521
z:EXP-RC2-CBC-MD5 45160 10.0987
z:EXP-RC4-MD5 48009 10.7358
z:EXP1024-DES-CBC-SHA 9943 2.2235
z:EXP1024-RC4-SHA 10098 2.2581
z:NULL-MD5 292 0.0653
z:NULL-SHA 296 0.0662
z:NULL-SHA256 9 0.002
z:RC2-CBC-MD5 20356 4.552
z:RC4-64-MD5 1712 0.3828
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 145491 32.5348
Server side 301695 67.4652
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 1117 0.2498
AECDH 13714 3.0667
DHE 223710 50.0262
ECDHE 262693 58.7436
ECDHE and DHE 116323 26.0122
RSA 420069 93.9361
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 195986 43.8265 87.6072
DH,1536bits 1 0.0002 0.0004
DH,2048bits 25243 5.6449 11.2838
DH,2226bits 1 0.0002 0.0004
DH,2236bits 2 0.0004 0.0009
DH,2430bits 1 0.0002 0.0004
DH,3072bits 13 0.0029 0.0058
DH,3248bits 2 0.0004 0.0009
DH,4094bits 1 0.0002 0.0004
DH,4096bits 1546 0.3457 0.6911
DH,512bits 127 0.0284 0.0568
DH,768bits 818 0.1829 0.3657
DH,8192bits 1 0.0002 0.0004
ECDH,B-163,163bits 11 0.0025 0.0042
ECDH,B-571,570bits 627 0.1402 0.2387
ECDH,K-163,163bits 1 0.0002 0.0004
ECDH,P-224,224bits 49 0.011 0.0187
ECDH,P-256,256bits 257780 57.6449 98.1298
ECDH,P-384,384bits 759 0.1697 0.2889
ECDH,P-521,521bits 4352 0.9732 1.6567
Prefer DH,1024bits 101308 22.6546 45.2854
Prefer DH,1536bits 1 0.0002 0.0004
Prefer DH,2048bits 2733 0.6112 1.2217
Prefer DH,2236bits 1 0.0002 0.0004
Prefer DH,4096bits 102 0.0228 0.0456
Prefer DH,512bits 8 0.0018 0.0036
Prefer DH,768bits 455 0.1017 0.2034
Prefer ECDH,B-163,163bits 11 0.0025 0.0042
Prefer ECDH,B-571,570bits 441 0.0986 0.1679
Prefer ECDH,P-224,224bits 18 0.004 0.0069
Prefer ECDH,P-256,256bits 206995 46.2883 78.7973
Prefer ECDH,P-384,384bits 701 0.1568 0.2669
Prefer ECDH,P-521,521bits 3970 0.8878 1.5113
Prefer PFS 316744 70.8305 0
Support PFS 370080 82.7575 0
Supported ECC curves Count Percent
-------------------------+---------+--------
brainpoolP256r1 21 0.0047
brainpoolP384r1 21 0.0047
brainpoolP512r1 21 0.0047
prime192v1 638 0.1427
prime256v1 262107 58.6125
prime256v1 Only 224888 50.2896
secp160k1 612 0.1369
secp160r1 612 0.1369
secp160r2 611 0.1366
secp192k1 633 0.1416
secp224k1 670 0.1498
secp224r1 913 0.2042
secp224r1 Only 1 0.0002
secp256k1 681 0.1523
secp384r1 37358 8.354
secp384r1 Only 140 0.0313
secp521r1 9820 2.196
secp521r1 Only 76 0.017
sect163k1 615 0.1375
sect163k1 Only 2 0.0004
sect163r1 613 0.1371
sect163r2 623 0.1393
sect163r2 Only 11 0.0025
sect193r1 612 0.1369
sect193r2 612 0.1369
sect233k1 660 0.1476
sect233r1 660 0.1476
sect239k1 660 0.1476
sect283k1 659 0.1474
sect283r1 659 0.1474
sect409k1 658 0.1471
sect409r1 658 0.1471
sect571k1 669 0.1496
sect571r1 669 0.1496
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 53728 12.0147
True 172271 38.5233
order-specific 18 0.004
unknown 221169 49.4579
ECC curve ordering Count Percent
-------------------------+---------+--------
client 651 0.1456
inconclusive-noecc 11 0.0025
server 261689 58.5191
unknown 184835 41.3329
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 25418 5.684
ECDSA-SHA224 25440 5.6889
ECDSA-SHA256 25455 5.6923
ECDSA-SHA384 25468 5.6952
ECDSA-SHA512 25495 5.7012
ECDSA-SHA512 Only 27 0.006
RSA-MD5 109093 24.3954
RSA-MD5 Only 4 0.0009
RSA-SHA1 235950 52.7633
RSA-SHA1 Only 37466 8.3782
RSA-SHA224 193902 43.3605
RSA-SHA256 200147 44.757
RSA-SHA256 Only 1249 0.2793
RSA-SHA384 194348 43.4602
RSA-SHA512 194433 43.4792
RSA-SHA512 Only 76 0.017
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 177369 39.6634
indeterminate 7 0.0016
intolerant 984 0.22
order-fallback 7 0.0016
server 84987 19.0048
unsupported 40384 9.0307
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 25401 5.6802
ECDSA intolerant 119 0.0266
ECDSA pfs-rsa-SHA512 1 0.0002
RSA False 107562 24.0531
RSA SHA1 111710 24.9807
RSA intolerant 17117 3.8277
RSA pfs-ecdsa-SHA512 2 0.0004
RSA soft-nopfs 1576 0.3524
Renegotiation Count Percent
-------------------------+---------+--------
False 10805 2.4162
insecure 27291 6.1028
secure 409090 91.4809
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 18282 4.0882
False 10805 2.4162
NONE 418099 93.4955
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 2 0.0004
1 only 2 0.0004
3 2 0.0004
3 only 2 0.0004
5 1 0.0002
5 only 1 0.0002
10 5 0.0011
10 only 5 0.0011
15 8 0.0018
15 only 8 0.0018
30 7 0.0016
30 only 6 0.0013
60 65 0.0145
60 only 62 0.0139
70 1 0.0002
75 1 0.0002
75 only 1 0.0002
100 16 0.0036
100 only 16 0.0036
120 20 0.0045
120 only 20 0.0045
128 1 0.0002
128 only 1 0.0002
180 33 0.0074
180 only 33 0.0074
240 2 0.0004
240 only 2 0.0004
256 1 0.0002
256 only 1 0.0002
300 175517 39.2492
300 only 163896 36.6505
400 1 0.0002
400 only 1 0.0002
420 33 0.0074
420 only 27 0.006
480 10 0.0022
480 only 10 0.0022
600 14086 3.1499
600 only 13798 3.0855
720 1 0.0002
720 only 1 0.0002
900 496 0.1109
900 only 480 0.1073
960 3 0.0007
960 only 3 0.0007
1000 1 0.0002
1000 only 1 0.0002
1200 254 0.0568
1200 only 253 0.0566
1500 10 0.0022
1500 only 8 0.0018
1800 265 0.0593
1800 only 261 0.0584
2100 1 0.0002
2100 only 1 0.0002
2400 2 0.0004
2400 only 2 0.0004
2520 1 0.0002
2520 only 1 0.0002
2700 5 0.0011
2700 only 5 0.0011
3000 9 0.002
3000 only 9 0.002
3600 336 0.0751
3600 only 313 0.07
4800 1 0.0002
4800 only 1 0.0002
5400 2 0.0004
6000 3 0.0007
6000 only 3 0.0007
7200 11839 2.6474
7200 only 9113 2.0379
10800 17 0.0038
10800 only 8 0.0018
14400 1145 0.256
14400 only 1145 0.256
18000 2 0.0004
18000 only 2 0.0004
21600 2996 0.67
21600 only 2995 0.6697
28800 9 0.002
28800 only 8 0.0018
30000 1 0.0002
30000 only 1 0.0002
36000 394 0.0881
36000 only 389 0.087
43200 2088 0.4669
43200 only 2088 0.4669
60000 1 0.0002
60000 only 1 0.0002
64800 41860 9.3608
64800 only 41586 9.2995
72000 8 0.0018
72000 only 8 0.0018
86000 36 0.0081
86000 only 36 0.0081
86400 218 0.0487
86400 only 218 0.0487
100800 13600 3.0412
100800 only 13599 3.041
129600 13 0.0029
129600 only 13 0.0029
216000 1 0.0002
216000 only 1 0.0002
604800 1 0.0002
604800 only 1 0.0002
864000 4 0.0009
864000 only 4 0.0009
2592000 3 0.0007
2592000 only 3 0.0007
None 196733 43.9936
None only 181749 40.6428
Certificate sig alg Count Percent
-------------------------+---------+--------
None 14674 3.2814
ecdsa-with-SHA256 25488 5.6996
sha1WithRSAEncryption 280609 62.75
sha256WithRSAEncryption 141161 31.5665
sha512WithRSAEncryption 6 0.0013
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 25516 5.7059
ECDSA 384 4 0.0009
ECDSA 521 1 0.0002
RSA 1024 1164 0.2603
RSA 10240 6 0.0013
RSA 2028 1 0.0002
RSA 2047 1 0.0002
RSA 2048 405216 90.6146
RSA 2049 3 0.0007
RSA 2056 6 0.0013
RSA 2058 2 0.0004
RSA 2064 1 0.0002
RSA 2080 2 0.0004
RSA 2084 11 0.0025
RSA 2096 1 0.0002
RSA 2345 1 0.0002
RSA 2408 2 0.0004
RSA 2432 7 0.0016
RSA 2536 1 0.0002
RSA 2612 1 0.0002
RSA 3071 1 0.0002
RSA 3072 67 0.015
RSA 3102 1 0.0002
RSA 3248 3 0.0007
RSA 3600 1 0.0002
RSA 4048 2 0.0004
RSA 4056 31 0.0069
RSA 4086 3 0.0007
RSA 4092 1 0.0002
RSA 4096 15176 3.3937
RSA 4098 1 0.0002
RSA 8192 3 0.0007
RSA/ECDSA Dual Stack 38 0.0085
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 77324 17.2912
Unsupported 369862 82.7088
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 36284 8.1138
SSL2 Only 91 0.0203
SSL3 179062 40.042
SSL3 Only 1745 0.3902
SSL3 or TLS1 Only 105359 23.5604
SSL3 or lower Only 1809 0.4045
TLS1 444489 99.3969
TLS1 Only 52837 11.8154
TLS1 or lower Only 138580 30.9893
TLS1.1 293865 65.7143
TLS1.1 Only 27 0.006
TLS1.1 or up Only 523 0.117
TLS1.2 303723 67.9187
TLS1.2 Only 390 0.0872
TLS1.2, 1.0 but not 1.1 12385 2.7695
Statistics from 470946 chains provided by 638990 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 410153 64.1877
incomplete 27383 4.2854
untrusted 201454 31.5269
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 1649 0.3501
3 431002 91.5183
4 38270 8.1262
5 25 0.0053
CA key size in chains Count
-------------------------+---------
ECDSA 256 25501
ECDSA 384 25501
RSA 1024 1364
RSA 2045 1
RSA 2048 879560
RSA 4096 46636
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 25501 5.4148
ECDSA 384 25501 5.4148
RSA 1024 1360 0.2888
RSA 2045 1 0.0002
RSA 2048 444009 94.2802
RSA 4096 46099 9.7886
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 25501
sha1WithRSAEncryption 305263
sha256WithRSAEncryption 107270
sha384WithRSAEncryption 69568
sha512WithRSAEncryption 15
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 305164 64.7981
112 140279 29.7866
128 25503 5.4153
Most popular root CAs Count Percent
---------------------------------------------+---------+-------
(2c543cd1) GeoTrust Global CA 110291 23.419
(157753a5) AddTrust External CA Root 77350 16.4244
(5ad8a5d6) GlobalSign Root CA 47688 10.126
(b204d74a) VeriSign Class 3 Public Primary Ce 29428 6.2487
(cbf06781) Go Daddy Root Certificate Authorit 38568 8.1895
(2e4eed3c) thawte Primary Root CA 26893 5.7104
(eed8c118) COMODO ECC Certification Authority 25498 5.4142
(244b5494) DigiCert High Assurance EV Root CA 23587 5.0084
(f081611a) The Go Daddy Group, Inc. 13909 2.9534
(b13cc6df) UTN-USERFirst-Hardware 11545 2.4514
(653b494a) Baltimore CyberTrust Root 11478 2.4372
(ae8153b9) StartCom Certification Authority 9006 1.9123
(40547a79) COMODO Certification Authority 8167 1.7342
(f387163d) Starfield Technologies, Inc. 7454 1.5828
(3513523f) DigiCert Global Root CA 5105 1.084
(480720ec) GeoTrust Primary Certification Aut 4748 1.0082
Scan performed between 11th and 20th of December 2014.
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the security
mailing list