SSL/TLS survey of 593851 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 525961 88.5678
3DES Only 605 0.1019
3DES Preferred 1797 0.3026
3DES forced in TLS1.1+ 978 0.1647
AES 589255 99.2261
AES Only 43606 7.3429
AES-CBC 588687 99.1304
AES-CBC Only 5565 0.9371
AES-GCM 490658 82.6231
AES-GCM Only 520 0.0876
CAMELLIA 261701 44.0685
CAMELLIA Only 2 0.0003
CHACHA20 81256 13.6829
Insecure 56141 9.4537
RC4 166167 27.9813
RC4 Only 158 0.0266
RC4 Preferred 13843 2.3311
RC4 forced in TLS1.1+ 7176 1.2084
x:FF 29 3DES Only 654 0.1101
x:FF 29 3DES Preferred 2164 0.3644
x:FF 29 RC4 Only 233 0.0392
x:FF 29 RC4 Preferred 16139 2.7177
x:FF 29 incompatible 518 0.0872
x:FF 35 3DES Only 662 0.1115
x:FF 35 3DES Preferred 2094 0.3526
x:FF 35 RC4 Only 273 0.046
x:FF 35 RC4 Preferred 16162 2.7216
x:FF 35 incompatible 522 0.0879
x:FF 44 3DES Only 4368 0.7355
x:FF 44 3DES Preferred 8162 1.3744
x:FF 44 incompatible 795 0.1339
y:DHE-RSA-SEED-SHA 79533 13.3928
y:IDEA-CBC-SHA 76113 12.8169
y:SEED-SHA 90128 15.1769
z:ADH-AES128-GCM-SHA256 430 0.0724
z:ADH-AES128-SHA 771 0.1298
z:ADH-AES128-SHA256 268 0.0451
z:ADH-AES256-GCM-SHA384 444 0.0748
z:ADH-AES256-SHA 809 0.1362
z:ADH-AES256-SHA256 269 0.0453
z:ADH-CAMELLIA128-SHA 401 0.0675
z:ADH-CAMELLIA128-SHA256 1 0.0002
z:ADH-CAMELLIA256-SHA 424 0.0714
z:ADH-CAMELLIA256-SHA256 1 0.0002
z:ADH-DES-CBC-SHA 326 0.0549
z:ADH-DES-CBC3-SHA 781 0.1315
z:ADH-RC4-MD5 571 0.0962
z:ADH-SEED-SHA 322 0.0542
z:AECDH-AES128-SHA 10202 1.7179
z:AECDH-AES256-SHA 10261 1.7279
z:AECDH-DES-CBC3-SHA 10168 1.7122
z:AECDH-NULL-SHA 94 0.0158
z:AECDH-RC4-SHA 9605 1.6174
z:DES-CBC-MD5 6658 1.1212
z:DES-CBC-SHA 35044 5.9011
z:DES-CBC3-MD5 17074 2.8751
z:ECDHE-RSA-NULL-SHA 100 0.0168
z:EDH-RSA-DES-CBC-SHA 29995 5.0509
z:EXP-ADH-DES-CBC-SHA 181 0.0305
z:EXP-ADH-RC4-MD5 180 0.0303
z:EXP-DES-CBC-SHA 10901 1.8356
z:EXP-EDH-RSA-DES-CBC-SHA 8667 1.4595
z:EXP-RC2-CBC-MD5 13108 2.2073
z:EXP-RC4-MD5 13716 2.3097
z:EXP1024-DES-CBC-SHA 3463 0.5831
z:EXP1024-RC4-SHA 3524 0.5934
z:IDEA-CBC-MD5 1453 0.2447
z:NULL-MD5 233 0.0392
z:NULL-SHA 238 0.0401
z:NULL-SHA256 36 0.0061
z:RC2-CBC-MD5 6966 1.173
z:RC4-64-MD5 757 0.1275
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 152565 25.6908
Server side 441286 74.3092
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 979 0.1649
AECDH 10271 1.7296
DHE 320930 54.0422
ECDH 2 0.0003
ECDHE 517887 87.2082
ECDHE and DHE 274945 46.2987
RSA 509769 85.8412
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 119481 20.1197 37.2296
DH,1028bits 1 0.0002 0.0003
DH,2048bits 188192 31.6901 58.6396
DH,2236bits 78 0.0131 0.0243
DH,2430bits 1 0.0002 0.0003
DH,2432bits 3 0.0005 0.0009
DH,2560bits 1 0.0002 0.0003
DH,3072bits 132 0.0222 0.0411
DH,3092bits 2 0.0003 0.0006
DH,3196bits 1 0.0002 0.0003
DH,4046bits 1 0.0002 0.0003
DH,4094bits 1 0.0002 0.0003
DH,4096bits 12637 2.128 3.9376
DH,512bits 108 0.0182 0.0337
DH,6144bits 1 0.0002 0.0003
DH,768bits 385 0.0648 0.12
DH,8192bits 8 0.0013 0.0025
ECDH,B-571,570bits 3072 0.5173 0.5932
ECDH,K-163,163bits 1 0.0002 0.0002
ECDH,P-192,192bits 60 0.0101 0.0116
ECDH,P-224,224bits 94 0.0158 0.0182
ECDH,P-256,256bits 490672 82.6254 94.745
ECDH,P-384,384bits 9474 1.5953 1.8294
ECDH,P-521,521bits 16461 2.7719 3.1785
ECDH,brainpoolP512r1,512bits 1 0.0002 0.0002
ECDH,secp256k1,256bits 1 0.0002 0.0002
Prefer DH,1024bits 45380 7.6416 14.1402
Prefer DH,2048bits 5635 0.9489 1.7558
Prefer DH,3072bits 8 0.0013 0.0025
Prefer DH,3092bits 2 0.0003 0.0006
Prefer DH,4096bits 398 0.067 0.124
Prefer DH,768bits 44 0.0074 0.0137
Prefer ECDH,B-571,570bits 2840 0.4782 0.5484
Prefer ECDH,K-163,163bits 1 0.0002 0.0002
Prefer ECDH,P-192,192bits 1 0.0002 0.0002
Prefer ECDH,P-224,224bits 92 0.0155 0.0178
Prefer ECDH,P-256,256bits 453139 76.3052 87.4977
Prefer ECDH,P-384,384bits 7350 1.2377 1.4192
Prefer ECDH,P-521,521bits 15215 2.5621 2.9379
Prefer ECDH,brainpoolP512r1,512bits 1 0.0002 0.0002
Prefer ECDH,secp256k1,256bits 1 0.0002 0.0002
Prefer PFS 530107 89.266 0
Support PFS 563872 94.9518 0
Supported ECC curves Count Percent
-------------------------+---------+--------
brainpoolP256r1 17814 2.9997
brainpoolP384r1 17827 3.0019
brainpoolP512r1 17836 3.0034
prime192v1 1799 0.3029
prime256v1 513258 86.4288
prime256v1 Only 427959 72.065
secp160k1 1678 0.2826
secp160r1 1688 0.2842
secp160r2 1678 0.2826
secp192k1 1693 0.2851
secp224k1 1780 0.2997
secp224r1 5748 0.9679
secp256k1 20085 3.3822
secp384r1 88954 14.9792
secp384r1 Only 3672 0.6183
secp521r1 50953 8.5801
secp521r1 Only 140 0.0236
sect163k1 1684 0.2836
sect163k1 Only 2 0.0003
sect163r1 1682 0.2832
sect163r2 1681 0.2831
sect193r1 1681 0.2831
sect193r2 1681 0.2831
sect233k1 1770 0.2981
sect233r1 1768 0.2977
sect239k1 1768 0.2977
sect283k1 19394 3.2658
sect283r1 19392 3.2655
sect409k1 19395 3.266
sect409r1 19391 3.2653
sect571k1 19395 3.266
sect571r1 19395 3.266
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 56371 9.4924
True 391090 65.8566
order-specific 45 0.0076
unknown 146345 24.6434
ECC curve ordering Count Percent
-------------------------+---------+--------
client 13249 2.231
inconclusive-noecc 8 0.0013
server 503853 84.845
unknown 76741 12.9226
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 53286 8.973
ECDSA-SHA1 Only 8 0.0013
ECDSA-SHA224 53248 8.9666
ECDSA-SHA256 71063 11.9665
ECDSA-SHA384 71064 11.9666
ECDSA-SHA512 71074 11.9683
ECDSA-SHA512 Only 16 0.0027
RSA-MD5 27142 4.5705
RSA-SHA1 447072 75.2835
RSA-SHA1 Only 34046 5.7331
RSA-SHA224 371135 62.4963
RSA-SHA256 422358 71.1219
RSA-SHA256 Only 8044 1.3545
RSA-SHA384 383992 64.6613
RSA-SHA384 Only 4 0.0007
RSA-SHA512 384022 64.6664
RSA-SHA512 Only 209 0.0352
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 280809 47.2861
indeterminate 54 0.0091
intolerant 6465 1.0887
order-fallback 8 0.0013
server 220388 37.1117
unsupported 15018 2.5289
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 53230 8.9635
ECDSA intolerant 189 0.0318
ECDSA pfs-rsa-SHA512 17719 2.9837
ECDSA soft-nopfs 7 0.0012
RSA False 26845 4.5205
RSA SHA1 386610 65.1022
RSA intolerant 43313 7.2936
RSA pfs-ecdsa-SHA512 27 0.0045
RSA soft-nopfs 474 0.0798
Renegotiation Count Percent
-------------------------+---------+--------
False 4962 0.8356
insecure 16550 2.7869
secure 572339 96.3775
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 7077 1.1917
False 4962 0.8356
NONE 581812 97.9727
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 2 0.0003
1 only 2 0.0003
2 1 0.0002
2 only 1 0.0002
5 5 0.0008
5 only 5 0.0008
10 8 0.0013
10 only 8 0.0013
15 8 0.0013
15 only 8 0.0013
30 25 0.0042
30 only 25 0.0042
60 166 0.028
60 only 161 0.0271
65 2 0.0003
65 only 2 0.0003
70 8 0.0013
70 only 8 0.0013
75 1 0.0002
75 only 1 0.0002
90 1 0.0002
90 only 1 0.0002
100 16 0.0027
100 only 16 0.0027
120 27 0.0045
120 only 27 0.0045
128 6 0.001
128 only 6 0.001
150 2 0.0003
180 78 0.0131
180 only 74 0.0125
240 14 0.0024
240 only 14 0.0024
244 2 0.0003
244 only 2 0.0003
300 298609 50.2835
300 only 295255 49.7187
302 2 0.0003
302 only 2 0.0003
360 3 0.0005
360 only 2 0.0003
400 6 0.001
400 only 6 0.001
420 129 0.0217
420 only 111 0.0187
450 1 0.0002
450 only 1 0.0002
480 11 0.0019
480 only 11 0.0019
500 3 0.0005
500 only 3 0.0005
540 4 0.0007
540 only 4 0.0007
600 28678 4.8292
600 only 28547 4.8071
660 1 0.0002
660 only 1 0.0002
700 1 0.0002
700 only 1 0.0002
720 3 0.0005
720 only 3 0.0005
840 2 0.0003
840 only 2 0.0003
900 1532 0.258
900 only 1515 0.2551
960 3 0.0005
960 only 3 0.0005
1000 1 0.0002
1000 only 1 0.0002
1200 3512 0.5914
1200 only 3508 0.5907
1210 2 0.0003
1210 only 2 0.0003
1320 1 0.0002
1320 only 1 0.0002
1380 1 0.0002
1380 only 1 0.0002
1440 1 0.0002
1440 only 1 0.0002
1500 6 0.001
1500 only 5 0.0008
1800 751 0.1265
1800 only 734 0.1236
1980 2 0.0003
1980 only 2 0.0003
2100 2 0.0003
2100 only 1 0.0002
2400 10 0.0017
2400 only 10 0.0017
2700 11 0.0019
2700 only 11 0.0019
3000 42 0.0071
3000 only 42 0.0071
3300 1 0.0002
3300 only 1 0.0002
3600 1079 0.1817
3600 only 1070 0.1802
3900 1 0.0002
3900 only 1 0.0002
4200 1 0.0002
4500 1 0.0002
4500 only 1 0.0002
5160 1 0.0002
5160 only 1 0.0002
5400 19 0.0032
5400 only 6 0.001
6000 352 0.0593
6000 only 352 0.0593
7200 15154 2.5518
7200 only 15130 2.5478
9000 2 0.0003
9000 only 2 0.0003
10800 5334 0.8982
10800 only 5324 0.8965
14400 116 0.0195
14400 only 116 0.0195
18000 9 0.0015
18000 only 9 0.0015
21600 4287 0.7219
21600 only 4286 0.7217
25200 1 0.0002
25200 only 1 0.0002
28800 2555 0.4302
28800 only 2555 0.4302
30000 3 0.0005
30000 only 1 0.0002
36000 1220 0.2054
36000 only 1209 0.2036
43200 65 0.0109
43200 only 65 0.0109
54000 1 0.0002
54000 only 1 0.0002
54647 1 0.0002
54660 1 0.0002
54674 1 0.0002
54690 1 0.0002
54703 1 0.0002
54722 1 0.0002
54737 1 0.0002
54751 1 0.0002
60000 2 0.0003
60000 only 2 0.0003
64800 70759 11.9153
64800 only 70736 11.9114
72000 12 0.002
72000 only 12 0.002
79200 1 0.0002
79200 only 1 0.0002
86400 2990 0.5035
86400 only 2984 0.5025
100800 9026 1.5199
100800 only 9015 1.5181
108000 1 0.0002
108000 only 1 0.0002
115200 1 0.0002
115200 only 1 0.0002
129600 6 0.001
129600 only 6 0.001
172800 47 0.0079
172800 only 47 0.0079
216000 4 0.0007
216000 only 3 0.0005
259200 2 0.0003
259200 only 2 0.0003
432000 1 0.0002
432000 only 1 0.0002
604800 1 0.0002
604800 only 1 0.0002
864000 2 0.0003
864000 only 2 0.0003
7776000 1 0.0002
7776000 only 1 0.0002
None 150742 25.3838
None only 147105 24.7714
Certificate sig alg Count Percent
-------------------------+---------+--------
None 10920 1.8388
ecdsa-with-SHA256 68463 11.5286
sha1WithRSAEncryption 21372 3.5989
sha256WithRSAEncryption 521742 87.8574
sha384WithRSAEncryption 8 0.0013
sha512WithRSAEncryption 69 0.0116
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 71108 11.974
ECDSA 384 38 0.0064
ECDSA 521 1 0.0002
RSA 1024 15 0.0025
RSA 2048 511834 86.189
RSA 2049 3 0.0005
RSA 2056 1 0.0002
RSA 2058 3 0.0005
RSA 2059 1 0.0002
RSA 2080 6 0.001
RSA 2084 2 0.0003
RSA 2086 1 0.0002
RSA 2096 3 0.0005
RSA 2408 1 0.0002
RSA 2432 3 0.0005
RSA 2560 1 0.0002
RSA 2948 1 0.0002
RSA 3072 163 0.0274
RSA 3073 1 0.0002
RSA 3096 2 0.0003
RSA 3248 3 0.0005
RSA 4048 4 0.0007
RSA 4056 18 0.003
RSA 4069 1 0.0002
RSA 4086 4 0.0007
RSA 4092 2 0.0003
RSA 4094 1 0.0002
RSA 4095 1 0.0002
RSA 4096 30991 5.2186
RSA 4196 1 0.0002
RSA 8192 10 0.0017
RSA 8392 1 0.0002
RSA/ECDSA Dual Stack 20358 3.4281
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 126688 21.3333
Unsupported 467163 78.6667
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 17236 2.9024
SSL2 Only 12 0.002
SSL3 99629 16.7768
SSL3 Only 497 0.0837
SSL3 or TLS1 Only 52946 8.9157
SSL3 or lower Only 505 0.085
TLS1 582034 98.0101
TLS1 Only 32797 5.5228
TLS1 or lower Only 68913 11.6044
TLS1.1 515189 86.7539
TLS1.1 Only 42 0.0071
TLS1.1 or up Only 11134 1.8749
TLS1.2 522729 88.0236
TLS1.2 Only 3290 0.554
TLS1.2, 1.0 but not 1.1 5865 0.9876
Statistics from 628845 chains provided by 728648 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 570337 78.2733
incomplete 21286 2.9213
untrusted 137025 18.8054
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 1 0.0002
3 625155 99.4132
4 3676 0.5846
5 13 0.0021
CA key size in chains Count
-------------------------+---------
ECDSA 256 68458
ECDSA 384 68457
RSA 1024 8
RSA 2045 2
RSA 2048 927971
RSA 4096 196495
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 68458 10.8863
ECDSA 384 68456 10.886
RSA 1024 6 0.001
RSA 2045 2 0.0003
RSA 2048 559959 89.0456
RSA 4096 195838 31.1425
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 68447
sha1WithRSAEncryption 24541
sha256WithRSAEncryption 363378
sha384WithRSAEncryption 176120
sha512WithRSAEncryption 60
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 24524 3.8998
112 535845 85.211
128 68476 10.8892
Most popular root CAs Count Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 158376 25.1852
(2c543cd1) GeoTrust Global CA 95542 15.1933
(eed8c118) COMODO ECC Certification Authority 68438 10.8831
(cbf06781) Go Daddy Root Certificate Authorit 49514 7.8738
(5ad8a5d6) GlobalSign Root CA 48382 7.6938
(b204d74a) VeriSign Class 3 Public Primary Ce 32086 5.1024
(2e5ac55d) DST Root CA X3 26043 4.1414
(244b5494) DigiCert High Assurance EV Root CA 20408 3.2453
(2e4eed3c) thawte Primary Root CA 19033 3.0267
(fc5a8f99) USERTrust RSA Certification Author 17598 2.7985
(653b494a) Baltimore CyberTrust Root 11671 1.8559
(3513523f) DigiCert Global Root CA 10585 1.6832
(ae8153b9) StartCom Certification Authority 9453 1.5032
(4bfab552) Starfield Root Certificate Authori 8502 1.352
Scan performed between 19th of June and 6th of July 2016
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web:
www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic