raw statistics only, sorry
SSL/TLS survey of 541489 websites from Alexa's top 1 million
Stats only from connections that did provide valid certificates
(or anonymous DH from servers that do also have valid certificate installed)
Supported Ciphers Count Percent
-------------------------+---------+-------
3DES 477135 88.1154
3DES Only 523 0.0966
3DES Preferred 1744 0.3221
3DES forced in TLS1.1+ 945 0.1745
AES 535585 98.9097
AES Only 34994 6.4626
AES-CBC 534935 98.7896
AES-CBC Only 9110 1.6824
AES-GCM 422759 78.0734
AES-GCM Only 589 0.1088
CAMELLIA 228296 42.1608
CAMELLIA Only 2 0.0004
CHACHA20 72561 13.4003
CHACHA20 Only 1 0.0002
Insecure 56630 10.4582
RC4 178913 33.0409
RC4 Only 577 0.1066
RC4 Preferred 18219 3.3646
RC4 forced in TLS1.1+ 9446 1.7444
x:FF 29 3DES Only 574 0.106
x:FF 29 3DES Preferred 2103 0.3884
x:FF 29 RC4 Only 771 0.1424
x:FF 29 RC4 Preferred 20172 3.7253
x:FF 29 incompatible 395 0.0729
x:FF 35 3DES Only 582 0.1075
x:FF 35 3DES Preferred 2009 0.371
x:FF 35 RC4 Only 937 0.173
x:FF 35 RC4 Preferred 20230 3.736
x:FF 35 incompatible 398 0.0735
y:DHE-RSA-SEED-SHA 66504 12.2817
y:IDEA-CBC-SHA 63061 11.6459
y:SEED-SHA 78410 14.4804
z:ADH-AES128-GCM-SHA256 397 0.0733
z:ADH-AES128-SHA 714 0.1319
z:ADH-AES128-SHA256 269 0.0497
z:ADH-AES256-GCM-SHA384 413 0.0763
z:ADH-AES256-SHA 723 0.1335
z:ADH-AES256-SHA256 271 0.05
z:ADH-CAMELLIA128-SHA 358 0.0661
z:ADH-CAMELLIA256-SHA 366 0.0676
z:ADH-DES-CBC-SHA 298 0.055
z:ADH-DES-CBC3-SHA 722 0.1333
z:ADH-RC4-MD5 560 0.1034
z:ADH-SEED-SHA 286 0.0528
z:AECDH-AES128-SHA 9282 1.7142
z:AECDH-AES256-SHA 9332 1.7234
z:AECDH-DES-CBC3-SHA 9248 1.7079
z:AECDH-NULL-SHA 61 0.0113
z:AECDH-RC4-SHA 8710 1.6085
z:DES-CBC-MD5 10050 1.856
z:DES-CBC-SHA 35379 6.5337
z:DES-CBC3-MD5 21189 3.9131
z:ECDHE-RSA-NULL-SHA 67 0.0124
z:EDH-RSA-DES-CBC-SHA 30295 5.5948
z:EXP-ADH-DES-CBC-SHA 192 0.0355
z:EXP-ADH-RC4-MD5 189 0.0349
z:EXP-DES-CBC-SHA 13046 2.4093
z:EXP-EDH-RSA-DES-CBC-SHA 10364 1.914
z:EXP-RC2-CBC-MD5 15781 2.9144
z:EXP-RC4-MD5 16506 3.0483
z:EXP1024-DES-CBC-SHA 4104 0.7579
z:EXP1024-RC4-SHA 4194 0.7745
z:IDEA-CBC-MD5 2095 0.3869
z:NULL-MD5 211 0.039
z:NULL-SHA 210 0.0388
z:NULL-SHA256 30 0.0055
z:RC2-CBC-MD5 10224 1.8881
z:RC4-64-MD5 892 0.1647
Cipher ordering Count Percent
-------------------------+---------+-------
Client side 133145 24.5887
Server side 408344 75.4113
Supported Handshakes Count Percent
-------------------------+---------+-------
ADH 874 0.1614
AECDH 9353 1.7273
DHE 292291 53.9791
ECDH 2 0.0004
ECDHE 448914 82.9036
ECDHE and DHE 235557 43.5017
RSA 475602 87.8323
Supported PFS Count Percent PFS Percent
-------------------------+---------+--------+-----------
DH,1024bits 152465 28.1566 52.1621
DH,1338bits 1 0.0002 0.0003
DH,1536bits 1 0.0002 0.0003
DH,2048bits 131006 24.1937 44.8204
DH,2236bits 13 0.0024 0.0044
DH,2432bits 2 0.0004 0.0007
DH,2560bits 1 0.0002 0.0003
DH,3072bits 93 0.0172 0.0318
DH,3092bits 1 0.0002 0.0003
DH,4096bits 8605 1.5891 2.944
DH,4098bits 1 0.0002 0.0003
DH,512bits 50 0.0092 0.0171
DH,768bits 395 0.0729 0.1351
DH,8192bits 2 0.0004 0.0007
ECDH,B-571,570bits 1771 0.3271 0.3945
ECDH,K-163,163bits 1 0.0002 0.0002
ECDH,P-192,192bits 15 0.0028 0.0033
ECDH,P-224,224bits 84 0.0155 0.0187
ECDH,P-256,256bits 433613 80.0779 96.5916
ECDH,P-384,384bits 4499 0.8309 1.0022
ECDH,P-521,521bits 10705 1.977 2.3846
Prefer DH,1024bits 53883 9.9509 18.4347
Prefer DH,1536bits 1 0.0002 0.0003
Prefer DH,2048bits 6107 1.1278 2.0894
Prefer DH,3072bits 9 0.0017 0.0031
Prefer DH,4096bits 375 0.0693 0.1283
Prefer DH,768bits 52 0.0096 0.0178
Prefer ECDH,B-571,570bits 1556 0.2874 0.3466
Prefer ECDH,K-163,163bits 1 0.0002 0.0002
Prefer ECDH,P-224,224bits 81 0.015 0.018
Prefer ECDH,P-256,256bits 396887 73.2955 88.4105
Prefer ECDH,P-384,384bits 3290 0.6076 0.7329
Prefer ECDH,P-521,521bits 9642 1.7806 2.1479
Prefer PFS 471884 87.1456 0
Support PFS 505648 93.381 0
Supported ECC curves Count Percent
-------------------------+---------+--------
brainpoolP256r1 2578 0.4761
brainpoolP384r1 2579 0.4763
brainpoolP512r1 2580 0.4765
prime192v1 1446 0.267
prime256v1 445477 82.2689
prime256v1 Only 388604 71.7658
secp160k1 1397 0.258
secp160r1 1402 0.2589
secp160r2 1396 0.2578
secp192k1 1410 0.2604
secp224k1 1487 0.2746
secp224r1 4270 0.7886
secp224r1 Only 1 0.0002
secp256k1 4033 0.7448
secp384r1 57392 10.5989
secp384r1 Only 554 0.1023
secp521r1 26343 4.8649
secp521r1 Only 142 0.0262
sect163k1 1402 0.2589
sect163k1 Only 2 0.0004
sect163r1 1400 0.2585
sect163r2 1400 0.2585
sect193r1 1399 0.2584
sect193r2 1399 0.2584
sect233k1 1480 0.2733
sect233r1 1480 0.2733
sect239k1 1480 0.2733
sect283k1 3926 0.725
sect283k1 Only 1 0.0002
sect283r1 3925 0.7249
sect409k1 3924 0.7247
sect409r1 3923 0.7245
sect571k1 3928 0.7254
sect571r1 3929 0.7256
Unsupported curve fallback Count Percent
------------------------------+---------+--------
False 55946 10.3319
True 332237 61.3562
order-specific 60 0.0111
unknown 153246 28.3009
ECC curve ordering Count Percent
-------------------------+---------+--------
client 6546 1.2089
inconclusive-noecc 10 0.0018
server 439646 81.192
unknown 95287 17.5972
TLSv1.2 PFS supported sigalgs Count Percent
------------------------------+---------+--------
ECDSA-SHA1 43763 8.082
ECDSA-SHA1 Only 3 0.0006
ECDSA-SHA224 43755 8.0805
ECDSA-SHA256 58463 10.7967
ECDSA-SHA384 58458 10.7958
ECDSA-SHA512 58458 10.7958
RSA-MD5 93307 17.2316
RSA-SHA1 386583 71.3926
RSA-SHA1 Only 41287 7.6247
RSA-SHA224 320766 59.2378
RSA-SHA256 353383 65.2613
RSA-SHA256 Only 6919 1.2778
RSA-SHA384 322845 59.6217
RSA-SHA384 Only 1 0.0002
RSA-SHA512 322938 59.6389
RSA-SHA512 Only 199 0.0368
TLSv1.2 PFS ordering Count Percent
------------------------------+---------+--------
client 245811 45.3954
indeterminate 42 0.0078
intolerant 5114 0.9444
order-fallback 9 0.0017
server 187931 34.7063
unsupported 19787 3.6542
TLSv1.2 PFS sigalg fallback Count Percent
------------------------------+---------+--------
ECDSA SHA1 43750 8.0796
ECDSA intolerant 30 0.0055
ECDSA pfs-rsa-SHA512 14685 2.712
ECDSA soft-nopfs 1 0.0002
RSA False 92525 17.0871
RSA SHA1 265644 49.0581
RSA intolerant 37307 6.8897
RSA pfs-ecdsa-SHA512 1 0.0002
RSA soft-nopfs 863 0.1594
Renegotiation Count Percent
-------------------------+---------+--------
False 6052 1.1177
insecure 17380 3.2097
secure 518057 95.6727
Compression Count Percent
-------------------------+---------+--------
1 (zlib compression) 8694 1.6056
False 6052 1.1177
NONE 526743 97.2768
TLS session ticket hint Count Percent
-------------------------+---------+--------
1 5 0.0009
1 only 5 0.0009
2 1 0.0002
2 only 1 0.0002
5 1 0.0002
5 only 1 0.0002
10 11 0.002
10 only 11 0.002
15 9 0.0017
15 only 9 0.0017
30 14 0.0026
30 only 12 0.0022
60 158 0.0292
60 only 152 0.0281
65 1 0.0002
65 only 1 0.0002
70 7 0.0013
75 1 0.0002
75 only 1 0.0002
100 13 0.0024
100 only 13 0.0024
120 25 0.0046
120 only 25 0.0046
128 3 0.0006
128 only 3 0.0006
150 2 0.0004
180 59 0.0109
180 only 56 0.0103
240 6 0.0011
240 only 6 0.0011
244 1 0.0002
244 only 1 0.0002
300 257671 47.5856
300 only 253451 46.8063
302 3 0.0006
302 only 3 0.0006
360 2 0.0004
360 only 1 0.0002
400 6 0.0011
400 only 6 0.0011
420 114 0.0211
420 only 91 0.0168
450 1 0.0002
450 only 1 0.0002
480 13 0.0024
480 only 13 0.0024
500 4 0.0007
500 only 4 0.0007
540 1 0.0002
540 only 1 0.0002
600 27406 5.0612
600 only 27252 5.0328
720 2 0.0004
720 only 2 0.0004
840 2 0.0004
840 only 2 0.0004
900 989 0.1826
900 only 972 0.1795
960 3 0.0006
960 only 3 0.0006
1200 2741 0.5062
1200 only 2735 0.5051
1500 6 0.0011
1500 only 5 0.0009
1800 555 0.1025
1800 only 545 0.1006
1980 2 0.0004
1980 only 2 0.0004
2100 2 0.0004
2100 only 1 0.0002
2400 9 0.0017
2400 only 9 0.0017
2700 11 0.002
2700 only 11 0.002
3000 29 0.0054
3000 only 29 0.0054
3300 1 0.0002
3300 only 1 0.0002
3600 688 0.1271
3600 only 679 0.1254
3900 1 0.0002
3900 only 1 0.0002
5160 1 0.0002
5160 only 1 0.0002
5400 13 0.0024
5400 only 7 0.0013
6000 235 0.0434
6000 only 235 0.0434
7200 15880 2.9327
7200 only 15854 2.9279
10800 3309 0.6111
10800 only 3300 0.6094
14400 100 0.0185
14400 only 100 0.0185
18000 8 0.0015
18000 only 8 0.0015
21600 4676 0.8635
21600 only 4676 0.8635
25200 1 0.0002
25200 only 1 0.0002
28800 2453 0.453
28800 only 2450 0.4525
36000 1094 0.202
36000 only 1083 0.2
43200 41 0.0076
43200 only 41 0.0076
60000 2 0.0004
60000 only 2 0.0004
64800 4295 0.7932
64800 only 4295 0.7932
72000 28 0.0052
72000 only 28 0.0052
79200 1 0.0002
79200 only 1 0.0002
86000 48 0.0089
86000 only 48 0.0089
86400 3671 0.6779
86400 only 3666 0.677
100800 10910 2.0148
100800 only 10897 2.0124
115200 1 0.0002
115200 only 1 0.0002
129600 8 0.0015
129600 only 8 0.0015
172800 10 0.0018
172800 only 10 0.0018
216000 2 0.0004
216000 only 2 0.0004
259200 2 0.0004
259200 only 2 0.0004
432000 1 0.0002
432000 only 1 0.0002
604800 1 0.0002
864000 3 0.0006
864000 only 3 0.0006
None 208648 38.5323
None only 204120 37.6961
Certificate sig alg Count Percent
-------------------------+---------+--------
None 9968 1.8408
ecdsa-with-SHA256 58398 10.7847
sha1WithRSAEncryption 51637 9.5361
sha256WithRSAEncryption 446192 82.4009
sha384WithRSAEncryption 5 0.0009
sha512WithRSAEncryption 43 0.0079
Certificate key size Count Percent
-------------------------+---------+--------
ECDSA 256 58449 10.7941
ECDSA 384 17 0.0031
ECDSA 521 1 0.0002
RSA 1024 20 0.0037
RSA 2047 1 0.0002
RSA 2048 473537 87.4509
RSA 2049 2 0.0004
RSA 2056 1 0.0002
RSA 2058 2 0.0004
RSA 2064 2 0.0004
RSA 2084 5 0.0009
RSA 2096 2 0.0004
RSA 2408 1 0.0002
RSA 2432 1 0.0002
RSA 2480 1 0.0002
RSA 3071 1 0.0002
RSA 3072 119 0.022
RSA 3073 1 0.0002
RSA 3096 2 0.0004
RSA 3248 2 0.0004
RSA 4048 1 0.0002
RSA 4056 18 0.0033
RSA 4092 6 0.0011
RSA 4094 1 0.0002
RSA 4095 1 0.0002
RSA 4096 24063 4.4439
RSA 4098 1 0.0002
RSA 8192 3 0.0006
RSA/ECDSA Dual Stack 14756 2.7251
OCSP stapling Count Percent
-------------------------+---------+--------
Supported 125414 23.161
Unsupported 416075 76.839
Supported Protocols Count Percent
-------------------------+---------+-------
SSL2 21373 3.9471
SSL2 Only 15 0.0028
SSL3 111129 20.5229
SSL3 Only 1140 0.2105
SSL3 or TLS1 Only 59881 11.0586
SSL3 or lower Only 1155 0.2133
TLS1 534137 98.6423
TLS1 Only 37819 6.9843
TLS1 or lower Only 79028 14.5946
TLS1.1 449426 82.9982
TLS1.1 Only 331 0.0611
TLS1.1 or up Only 5997 1.1075
TLS1.2 458682 84.7075
TLS1.2 Only 2265 0.4183
TLS1.2, 1.0 but not 1.1 9518 1.7577
Statistics from 575515 chains provided by 712157 hosts
Server provided chains Count Percent
-------------------------+---------+-------
complete 510961 71.7484
incomplete 28667 4.0254
untrusted 172529 24.2263
Trusted chain statistics
========================
Chain length Count Percent
-------------------------+---------+-------
2 26 0.0045
3 573525 99.6542
4 1952 0.3392
5 12 0.0021
CA key size in chains Count
-------------------------+---------
ECDSA 256 58397
ECDSA 384 58400
RSA 1024 25
RSA 2045 2
RSA 2048 878262
RSA 4096 157894
Chains with CA key Count Percent
-------------------------+---------+-------
ECDSA 256 58397 10.1469
ECDSA 384 58400 10.1474
RSA 1024 23 0.004
RSA 2045 2 0.0003
RSA 2048 516745 89.7883
RSA 4096 157333 27.3378
Signature algorithm (ex. root) Count
------------------------------+---------
ecdsa-with-SHA384 58394
sha1WithRSAEncryption 58209
sha256WithRSAEncryption 319412
sha384WithRSAEncryption 141372
sha512WithRSAEncryption 78
Eff. host cert chain LoS Count Percent
-------------------------+---------+-------
80 58271 10.125
112 458828 79.7248
128.0 58416 10.1502
Most Popular Root CAs Count Percent
---------------------------------------------+---------+-------
(d6325660) COMODO RSA Certification Authority 126106 21.9119
(2c543cd1) GeoTrust Global CA 102943 17.8871
(eed8c118) COMODO ECC Certification Authority 58387 10.1452
(5ad8a5d6) GlobalSign Root CA 50714 8.8119
(cbf06781) Go Daddy Root Certificate Authorit 50524 8.7789
(b204d74a) VeriSign Class 3 Public Primary Ce 32049 5.5688
(244b5494) DigiCert High Assurance EV Root CA 21377 3.7144
(2e4eed3c) thawte Primary Root CA 20668 3.5912
(fc5a8f99) USERTrust RSA Certification Author 15152 2.6328
(157753a5) AddTrust External CA Root 14593 2.5356
(653b494a) Baltimore CyberTrust Root 11373 1.9761
(ae8153b9) StartCom Certification Authority 9025 1.5682
(3513523f) DigiCert Global Root CA 8982 1.5607
(4bfab552) Starfield Root Certificate Authori 8553 1.4861
Scan performed between 18th of January and 3rd of February 2016
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web:
www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic