Re: Proposal to Remove legacy TLS Ciphersuits Offered by Firefox

2014-01-10 Thread Kurt Roeckx 
On Fri, Jan 10, 2014 at 08:11:02PM -0500, Julien Vehent wrote:
> >On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
> >>I started a scan of Alexa's top 1 million websites. It's going to
> >>take a few days to have all the results.
> >>So far, 21 out of 1396 websites scanned support neither AES or 3DES.
> 
> I'm about half way through the scan, but it's unlikely that the
> numbers will change from now. The raw results are below, and I
> posted an analysis on my blog:
> https://jve.linuxwall.info/blog/index.php?post/TLS_Survey

Thanks for doing this.  There are some pretty scary numbers in
there.


Kurt

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal to Remove legacy TLS Ciphersuits Offered by Firefox

2014-01-10 Thread Julien Vehent 

On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:

I started a scan of Alexa's top 1 million websites. It's going to
take a few days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES or 3DES.


I'm about half way through the scan, but it's unlikely that the numbers will 
change from now. The raw results are below, and I posted an analysis on my 
blog: https://jve.linuxwall.info/blog/index.php?post/TLS_Survey



SSL/TLS survey of 317270 websites from Alexa's top 1 million

Supported Ciphers Count Percent
-+-+---
3DES  29762593.8081
3DES Only 3952  1.2456
AES   29040991.5337
AES Only  298   0.0939
CAMELLIA  12030237.9179
CAMELLIA Only 1 0.0003
RC4   28213988.9271
RC4 Only  4838  1.5249
z:ADH-DES-CBC-SHA 651   0.2052
z:ADH-SEED-SHA418   0.1317
z:AECDH-NULL-SHA  1 0.0003
z:DES-CBC-MD5 38276 12.0642
z:DES-CBC-SHA 88306 27.8331
z:DHE-DSS-SEED-SHA1 0.0003
z:DHE-RSA-SEED-SHA55195 17.3969
z:ECDHE-RSA-NULL-SHA  1 0.0003
z:EDH-DSS-DES-CBC-SHA 6 0.0019
z:EDH-RSA-DES-CBC-SHA 82910 26.1323
z:EXP-ADH-DES-CBC-SHA 451   0.1422
z:EXP-DES-CBC-SHA 68527 21.599
z:EXP-EDH-DSS-DES-CBC-SHA 6 0.0019
z:EXP-EDH-RSA-DES-CBC-SHA 60199 18.9741
z:EXP-RC2-CBC-MD5 73301 23.1037
z:IDEA-CBC-MD55248  1.6541
z:IDEA-CBC-SHA37419 11.7941
z:NULL-MD5291   0.0917
z:NULL-SHA290   0.0914
z:NULL-SHA256 5 0.0016
z:RC2-CBC-MD5 43848 13.8204
z:SEED-SHA65974 20.7943

Supported Handshakes  Count Percent
-+-+---
DHE   18873959.4884
ECDHE 67560 21.2942

Supported PFS Count Percent  PFS Percent
-+-++---
DH,1024bits   18520058.373   98.1249
DH,1539bits   1 0.0003   0.0005
DH,2048bits   2751  0.8671   1.4576
DH,3072bits   2 0.0006   0.0011
DH,3248bits   2 0.0006   0.0011
DH,4096bits   990.0312   0.0525
DH,512bits580.0183   0.0307
DH,768bits628   0.1979   0.3327
ECDH,B-163,163bits240.0076   0.0355
ECDH,B-233,233bits236   0.0744   0.3493
ECDH,B-571,570bits249   0.0785   0.3686
ECDH,P-224,224bits3 0.0009   0.0044
ECDH,P-256,256bits66920 21.0924  99.0527
ECDH,P-384,384bits780.0246   0.1155
ECDH,P-521,521bits940.0296   0.1391
Prefer PFS19455461.3213  0
Support PFS   23999775.6444  0

Supported Protocols   Count Percent
-+-+---
SSL2  59615 18.79
SSL2 Only 280.0088
SSL3  31605299.6161
SSL3 Only 3539  1.1155
TLS1  31339998.7799
TLS1 Only 557   0.1756
TLS1.110042531.6529
TLS1.210361232.6574
TLS1.2 Only   3 0.0009
TLS1.2 but not 1.18338  2.628


---
Julien Vehent
http://jve.linuxwall.info
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto