Update 2015-04-05: previous version of scan results was done using old version of script and as such had few insignificant errors, most importantly, the amount of servers which support DH,512bits was reported incorrectly
The population of TLS enabled servers have grown again, this time
by 2.5%.
Cipher suites
Among cipher suites supported by servers there are small changes. 3DES grew by 1.6%, AES in general by 2% while AES-GCM by 2.9%! Camellia remained unchanged. Chacha20 continues its ups and downs, this time registered at 12.3% (compared to last month’s 5.7%).
Finally RC4 usage has fallen significantly, by over 10%, to about 65%. As has number of servers which support just RC4, though just by 0.15% to 2912 servers. Servers which prefer RC4 over other ciphers have also fallen, by 2.3%, as did servers which prefer RC4 with TLSv1.1 and later (where it never was necessary), by 1.95%.
Servers which use insecure ciphers in general have also fallen, though only by one percent. Looks like most server admins still didn’t get the memo about FREAK…
Server side ordering of ciphersuites has grown by about 1%.
Key exchange
Support for insecure ADH and AECDH remains static, as does support for RSA key exchange.
Support for both key exchanges which provide forward secrecy, i.e. DHE and ECDHE, is still growing, by 1.2% and 1.4% respectively.
While more and more servers support DHE the preferred key exchange is ECDHE, causing the overall use of DHE to fall by 1.2%. At the same time ECDHE has grown by 1.9%.
Or in other words, while number of servers that support forward secrecy has grown by just 0.66%, the amount of servers which prefer to use ciphersuites with forward secrecy has grown by 0.73%.
ECC curves
NIST P-256 remains the curve of choice for most of the Internet, growing by 1.35% to 65%. The second most popular, NIST P-384 has grown by 0.18% to 8.5%. Rest of curves have experienced even smaller changes.
Basically all servers which support ECDHE cipher suites still use their own curve ordering.
Hash and signature algorithms
While support for ECDSA signatures has remained relatively unchanged, the RSA side of things shows a bit more changes.
Support for MD-5 signatures remains high, at 27.7%, without changes. SHA-1 hash has grown by just over 1.3%. Support for SHA-224 and SHA-256 has grown by a bit too – 0.84% and 1.21% respectively. At the same time, support for the most secure SHA-384 and SHA-512 grown by 0.84%.
Vulnerabilities
Support for insecure renegotiation remains strong at 5.1%, a fall by just 0.23%.
Similarly, support for compression has shown little change, falling by just 0.14%.
Certificates
Signatures on certificates used by servers have changed again, this time SHA-1 has lost another 3.4% placing it for the first time below the 50% mark at 48.2%! At the same time SHA-256 has grown by 3.5%, reaching 46%.
I expect the next month scan to show SHA-256 finally overtaking SHA-1 in at least end entity certficiates.
Key size and algorithm remains relatively unchanged, with 2048 bit RSA still dominating the market with 90.8% share.
Protocols
Despite SSLv2 and SSLv3 being insecure, their adoption rate hasn’t fallen significantly. SSLv2 is still at 6.7%, having lost just 0.4%. SSLv3 also remains at a relatively high 31.5%, having lost just 1.9%.
TLSv1.0 dominates the market with support at the level of 99.5%.
Support for TLSv1.1 and TLSv1.2 keeps growing, both gaining about 1%, reaching 70.5% and 72.8% respectively.
Results
SSL/TLS survey of 490866 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers Count Percent -------------------------+---------+------- 3DES 407148 82.9448 3DES Only 780 0.1589 AES 473985 96.561 AES Only 10460 2.1309 AES-CBC 473911 96.5459 AES-CBC Only 4648 0.9469 AES-GCM 296424 60.388 AES-GCM Only 18 0.0037 CAMELLIA 207419 42.2557 CAMELLIA Only 1 0.0002 CHACHA20 60469 12.3188 CHACHA20 Only 1 0.0002 Insecure 85185 17.354 RC4 320737 65.3411 RC4 Only 2912 0.5932 RC4 Preferred 53442 10.8873 RC4 forced in TLS1.1+ 32201 6.56 x:FF 29 RC4 Only 3384 0.6894 x:FF 29 RC4 Preferred 58166 11.8497 x:FF 29 incompatible 132 0.0269 x:FF 35 RC4 Only 7394 1.5063 x:FF 35 RC4 Preferred 58284 11.8737 x:FF 35 incompatible 133 0.0271 y:DHE-RSA-SEED-SHA 108308 22.0647 y:IDEA-CBC-MD5 2768 0.5639 y:IDEA-CBC-SHA 87595 17.845 y:SEED-SHA 105451 21.4826 z:ADH-AES128-GCM-SHA256 422 0.086 z:ADH-AES128-SHA 1103 0.2247 z:ADH-AES128-SHA256 311 0.0634 z:ADH-AES256-GCM-SHA384 433 0.0882 z:ADH-AES256-SHA 1109 0.2259 z:ADH-AES256-SHA256 314 0.064 z:ADH-CAMELLIA128-SHA 560 0.1141 z:ADH-CAMELLIA256-SHA 569 0.1159 z:ADH-DES-CBC-SHA 379 0.0772 z:ADH-DES-CBC3-SHA 1130 0.2302 z:ADH-RC4-MD5 884 0.1801 z:ADH-SEED-SHA 394 0.0803 z:AECDH-AES128-SHA 14471 2.9481 z:AECDH-AES256-SHA 14474 2.9487 z:AECDH-DES-CBC3-SHA 14430 2.9397 z:AECDH-NULL-SHA 29 0.0059 z:AECDH-RC4-SHA 13672 2.7853 z:DES-CBC-MD5 17518 3.5688 z:DES-CBC-SHA 47111 9.5975 z:DES-CBC3-MD5 32625 6.6464 z:ECDHE-RSA-NULL-SHA 35 0.0071 z:EDH-RSA-DES-CBC-SHA 40234 8.1965 z:EXP-ADH-DES-CBC-SHA 303 0.0617 z:EXP-ADH-RC4-MD5 305 0.0621 z:EXP-DES-CBC-SHA 29855 6.0821 z:EXP-EDH-RSA-DES-CBC-SHA 22110 4.5043 z:EXP-RC2-CBC-MD5 34449 7.018 z:EXP-RC4-MD5 37185 7.5754 z:EXP1024-DES-CBC-SHA 8663 1.7648 z:EXP1024-RC4-SHA 8830 1.7989 z:IDEA-CBC-MD5 2768 0.5639 z:NULL-MD5 278 0.0566 z:NULL-SHA 280 0.057 z:NULL-SHA256 11 0.0022 z:RC2-CBC-MD5 17890 3.6446 z:RC4-64-MD5 1436 0.2925 Cipher ordering Count Percent -------------------------+---------+------- Client side 139786 28.4774 Server side 351080 71.5226 Supported Handshakes Count Percent -------------------------+---------+------- ADH 1266 0.2579 AECDH 14497 2.9534 DHE 268820 54.7644 ECDHE 320467 65.286 ECDHE and DHE 168192 34.2643 RSA 456968 93.0942 Supported PFS Count Percent PFS Percent -------------------------+---------+--------+----------- DH,512bits 84 0.0171 0.0312 DH,768bits 763 0.1554 0.2838 DH,1024bits 223064 45.443 82.9786 DH,1536bits 1 0.0002 0.0004 DH,2048bits 42555 8.6694 15.8302 DH,2226bits 1 0.0002 0.0004 DH,2236bits 2 0.0004 0.0007 DH,3072bits 19 0.0039 0.0071 DH,3248bits 2 0.0004 0.0007 DH,4096bits 2364 0.4816 0.8794 DH,8192bits 1 0.0002 0.0004 ECDH,B-163,163bits 7 0.0014 0.0022 ECDH,K-163,163bits 1 0.0002 0.0003 ECDH,P-224,224bits 50 0.0102 0.0156 ECDH,P-256,256bits 313819 63.9317 97.9255 ECDH,P-384,384bits 3463 0.7055 1.0806 ECDH,B-409,409bits 1 0.0002 0.0003 ECDH,P-521,521bits 4730 0.9636 1.476 ECDH,B-571,570bits 750 0.1528 0.234 Prefer DH,512bits 3 0.0006 0.0011 Prefer DH,768bits 432 0.088 0.1607 Prefer DH,1024bits 95849 19.5265 35.6553 Prefer DH,2048bits 3048 0.6209 1.1338 Prefer DH,2236bits 1 0.0002 0.0004 Prefer DH,3072bits 1 0.0002 0.0004 Prefer DH,4096bits 92 0.0187 0.0342 Prefer ECDH,B-163,163bits 7 0.0014 0.0022 Prefer ECDH,K-163,163bits 1 0.0002 0.0003 Prefer ECDH,P-224,224bits 17 0.0035 0.0053 Prefer ECDH,P-256,256bits 259052 52.7745 80.8358 Prefer ECDH,P-384,384bits 2751 0.5604 0.8584 Prefer ECDH,P-521,521bits 4403 0.897 1.3739 Prefer ECDH,B-571,570bits 550 0.112 0.1716 Prefer PFS 366207 74.6043 0 Support PFS 421095 85.7861 0 Supported ECC curves Count Percent -------------------------+---------+-------- brainpoolP256r1 106 0.0216 brainpoolP384r1 106 0.0216 brainpoolP512r1 106 0.0216 prime192v1 762 0.1552 prime256v1 319803 65.1508 prime256v1 Only 277852 56.6045 secp160k1 729 0.1485 secp160r1 730 0.1487 secp160r2 728 0.1483 secp192k1 751 0.153 secp224k1 785 0.1599 secp224r1 1393 0.2838 secp224r1 Only 1 0.0002 secp256k1 799 0.1628 secp384r1 42156 8.5881 secp384r1 Only 204 0.0416 secp521r1 10564 2.1521 secp521r1 Only 85 0.0173 sect163k1 734 0.1495 sect163k1 Only 1 0.0002 sect163r1 733 0.1493 sect163r2 740 0.1508 sect163r2 Only 7 0.0014 sect193r1 732 0.1491 sect193r2 732 0.1491 sect233k1 780 0.1589 sect233r1 780 0.1589 sect239k1 779 0.1587 sect283k1 779 0.1587 sect283r1 778 0.1585 sect409k1 777 0.1583 sect409r1 777 0.1583 sect571k1 791 0.1611 sect571r1 791 0.1611 Unsupported curve fallback Count Percent ------------------------------+---------+-------- False 79157 16.126 True 201745 41.0998 order-specific 13 0.0026 unknown 209951 42.7716 ECC curve ordering Count Percent -------------------------+---------+-------- client 1847 0.3763 inconclusive-noecc 28 0.0057 server 318249 64.8342 unknown 170742 34.7838 TLSv1.2 PFS supported sigalgs Count Percent ------------------------------+---------+-------- ECDSA-SHA1 27988 5.7018 ECDSA-SHA1 Only 1 0.0002 ECDSA-SHA224 27987 5.7016 ECDSA-SHA256 27989 5.702 ECDSA-SHA384 27991 5.7024 ECDSA-SHA512 27993 5.7028 ECDSA-SHA512 Only 2 0.0004 RSA-MD5 136241 27.7552 RSA-SHA1 288779 58.8305 RSA-SHA1 Only 44445 9.0544 RSA-SHA224 234597 47.7925 RSA-SHA256 247885 50.4995 RSA-SHA256 Only 3147 0.6411 RSA-SHA384 235034 47.8815 RSA-SHA512 235096 47.8941 RSA-SHA512 Only 58 0.0118 TLSv1.2 PFS ordering Count Percent ------------------------------+---------+-------- client 213446 43.4836 indeterminate 11 0.0022 intolerant 1648 0.3357 order-fallback 40 0.0081 server 105410 21.4743 unsupported 36763 7.4894 TLSv1.2 PFS sigalg fallback Count Percent ------------------------------+---------+-------- ECDSA SHA1 27982 5.7005 ECDSA intolerant 14 0.0029 ECDSA pfs-rsa-SHA512 1 0.0002 RSA False 134610 27.423 RSA SHA1 133281 27.1522 RSA intolerant 23009 4.6874 RSA pfs-ecdsa-SHA512 2 0.0004 RSA soft-nopfs 1784 0.3634 Renegotiation Count Percent -------------------------+---------+-------- False 9310 1.8966 insecure 25318 5.1578 secure 456238 92.9455 Compression Count Percent -------------------------+---------+-------- 1 (zlib compression) 14829 3.021 False 9310 1.8966 NONE 466727 95.0824 TLS session ticket hint Count Percent -------------------------+---------+-------- 1 2 0.0004 1 only 2 0.0004 2 2 0.0004 2 only 2 0.0004 5 1 0.0002 5 only 1 0.0002 10 6 0.0012 10 only 6 0.0012 15 5 0.001 15 only 5 0.001 30 6 0.0012 30 only 6 0.0012 60 80 0.0163 60 only 76 0.0155 65 1 0.0002 65 only 1 0.0002 70 6 0.0012 75 1 0.0002 75 only 1 0.0002 100 13 0.0026 100 only 13 0.0026 120 28 0.0057 120 only 28 0.0057 128 2 0.0004 128 only 2 0.0004 180 47 0.0096 180 only 45 0.0092 240 8 0.0016 240 only 8 0.0016 256 1 0.0002 256 only 1 0.0002 300 208001 42.3743 300 only 200049 40.7543 360 1 0.0002 400 5 0.001 400 only 5 0.001 420 109 0.0222 420 only 55 0.0112 480 13 0.0026 480 only 13 0.0026 500 4 0.0008 500 only 4 0.0008 600 14341 2.9216 600 only 14057 2.8637 660 1 0.0002 660 only 1 0.0002 720 1 0.0002 720 only 1 0.0002 900 521 0.1061 900 only 504 0.1027 960 2 0.0004 960 only 2 0.0004 1200 322 0.0656 1200 only 318 0.0648 1440 1 0.0002 1440 only 1 0.0002 1500 12 0.0024 1500 only 11 0.0022 1800 349 0.0711 1800 only 339 0.0691 2400 7 0.0014 2400 only 7 0.0014 2700 7 0.0014 2700 only 7 0.0014 3000 12 0.0024 3000 only 12 0.0024 3600 397 0.0809 3600 only 377 0.0768 4200 1 0.0002 5400 14 0.0029 5400 only 2 0.0004 6000 3 0.0006 6000 only 3 0.0006 7200 14219 2.8967 7200 only 13909 2.8336 10800 2158 0.4396 10800 only 2153 0.4386 14400 1534 0.3125 14400 only 1529 0.3115 18000 2 0.0004 18000 only 2 0.0004 21600 5398 1.0997 21600 only 5398 1.0997 28800 13 0.0026 28800 only 12 0.0024 36000 1015 0.2068 36000 only 1008 0.2054 43200 25 0.0051 43200 only 21 0.0043 60000 1 0.0002 60000 only 1 0.0002 64800 46186 9.4091 64800 only 46179 9.4077 72000 6 0.0012 72000 only 6 0.0012 84600 1 0.0002 84600 only 1 0.0002 86000 29 0.0059 86000 only 29 0.0059 86400 271 0.0552 86400 only 270 0.055 100800 13929 2.8376 100800 only 13929 2.8376 129600 10 0.002 129600 only 10 0.002 172800 1 0.0002 172800 only 1 0.0002 216000 1 0.0002 216000 only 1 0.0002 432000 1 0.0002 432000 only 1 0.0002 604800 1 0.0002 604800 only 1 0.0002 864000 5 0.001 864000 only 5 0.001 None 190434 38.7955 None only 181732 37.0227 Certificate sig alg Count Percent -------------------------+---------+-------- None 15465 3.1506 ecdsa-with-SHA256 27974 5.6989 sha1WithRSAEncryption 236900 48.2616 sha256WithRSAEncryption 226070 46.0553 sha512WithRSAEncryption 10 0.002 Certificate key size Count Percent -------------------------+---------+-------- ECDSA 256 27993 5.7028 ECDSA 384 6 0.0012 RSA 1024 369 0.0752 RSA 2028 1 0.0002 RSA 2047 1 0.0002 RSA 2048 445922 90.8439 RSA 2049 3 0.0006 RSA 2056 3 0.0006 RSA 2058 3 0.0006 RSA 2064 1 0.0002 RSA 2080 2 0.0004 RSA 2084 13 0.0026 RSA 2096 1 0.0002 RSA 2345 1 0.0002 RSA 2408 2 0.0004 RSA 2432 7 0.0014 RSA 2612 2 0.0004 RSA 3024 1 0.0002 RSA 3072 88 0.0179 RSA 3102 1 0.0002 RSA 3248 3 0.0006 RSA 3600 1 0.0002 RSA 4042 1 0.0002 RSA 4048 2 0.0004 RSA 4056 23 0.0047 RSA 4069 1 0.0002 RSA 4086 2 0.0004 RSA 4092 9 0.0018 RSA 4096 16428 3.3467 RSA 4098 1 0.0002 RSA 8192 4 0.0008 RSA 10240 7 0.0014 RSA/ECDSA Dual Stack 30 0.0061 OCSP stapling Count Percent -------------------------+---------+-------- Supported 84875 17.2909 Unsupported 405991 82.7091 Supported Protocols Count Percent -------------------------+---------+------- SSL2 32906 6.7037 SSL2 Only 70 0.0143 SSL3 154674 31.5104 SSL3 Only 1232 0.251 SSL3 or TLS1 Only 99145 20.198 SSL3 or lower Only 1271 0.2589 TLS1 488375 99.4925 TLS1 Only 56239 11.4571 TLS1 or lower Only 129642 26.4109 TLS1.1 346511 70.5918 TLS1.1 Only 7 0.0014 TLS1.1 or up Only 883 0.1799 TLS1.2 357304 72.7905 TLS1.2 Only 578 0.1178 TLS1.2, 1.0 but not 1.1 12762 2.5999 Statistics from 520507 chains provided by 672015 hosts Server provided chains Count Percent -------------------------+---------+------- complete 460603 68.5406 incomplete 28832 4.2904 untrusted 182580 27.169 Trusted chain statistics ======================== Chain length Count Percent -------------------------+---------+------- 2 1205 0.2315 3 443210 85.1497 4 76056 14.6119 5 36 0.0069 CA key size in chains Count -------------------------+--------- ECDSA 256 27857 ECDSA 384 27857 RSA 1024 1171 RSA 2045 1 RSA 2048 973503 RSA 4096 85548 Chains with CA key Count Percent -------------------------+---------+------- ECDSA 256 27857 5.3519 ECDSA 384 27857 5.3519 RSA 1024 1167 0.2242 RSA 2045 1 0.0002 RSA 2048 491325 94.3935 RSA 4096 84807 16.2932 Signature algorithm (ex. root) Count ------------------------------+--------- ecdsa-with-SHA384 27857 sha1WithRSAEncryption 262841 sha256WithRSAEncryption 159502 sha384WithRSAEncryption 145194 sha512WithRSAEncryption 36 Eff. host cert chain LoS Count Percent -------------------------+---------+------- 80 262927 50.5136 112 229721 44.1341 128 27859 5.3523 Root CAs Count Percent ---------------------------------------------+---------+------- (2c543cd1) GeoTrust Global CA 115769 22.2416 (157753a5) AddTrust External CA Root 107315 20.6174 (5ad8a5d6) GlobalSign Root CA 53007 10.1837 (cbf06781) Go Daddy Root Certificate Authorit 45510 8.7434 (b204d74a) VeriSign Class 3 Public Primary Ce 29396 5.6476 (eed8c118) COMODO ECC Certification Authority 27851 5.3507 (2e4eed3c) thawte Primary Root CA 26160 5.0259 (244b5494) DigiCert High Assurance EV Root CA 25614 4.921 (653b494a) Baltimore CyberTrust Root 11786 2.2643 (f081611a) The Go Daddy Group, Inc. 10796 2.0741 (b13cc6df) UTN-USERFirst-Hardware 9685 1.8607 (ae8153b9) StartCom Certification Authority 9557 1.8361 (f387163d) Starfield Technologies, Inc. 7849 1.508 (40547a79) COMODO Certification Authority 6860 1.3179 (3513523f) DigiCert Global Root CA 6032 1.1589 (480720ec) GeoTrust Primary Certification Aut 5231 1.005 Scan performed between 16th and 27th of March 2015.
securitypitfalls 
