Have you learned from 350 million SSL connection datasets such as “30% of certificates in the net world are made by Let's Encrypt” and “more than 1000 certificates are valid until 3017”?



Lee Butterman (@leebutterman) said , “There was no existing dataset on how the SSL is used on the recent web, ” said 350 million SSL Analyzing the connection data set, it publishes information about 'Which certificate is used a lot' and what kind of cipher suite is popular.

Let's Encrypt makes certs for almost 30% of web domains! RC4 / 3DES / TLS 1.0 are still used! Certs for hundreds of years! Analyzing hundreds of millions of SSL handshakes | Little Short Bulletins

According to Lee, the top 12 results were as follows when the certificates were issued in descending order.

1st place: Let's Encrypt (47.2 million)
2nd place: DigiCert (28.9 million)
3rd place: Comodo (13.8 million cases)
4th place: Google (10.1 million)
5th place: GoDaddy (7.2 million)
6th place: Sectigo (7.1 million)
7th place: cPanel (7 million)
8th place: GlobalSign (6.1 million)
9th place: CloudFlare0 (3.4 million)
10th place: Amazon (2.5 million)
11th place: Anonymous personal certificate (2.1 million)
12th place: Plesk (1.1 million)

Let's Encrypt can issue SSL certificates free of charge, but because it is valid for 90 days, it contributes to the “metabolism” of certificates. On the other hand, 'ancient certificate' still survives and there are many things that have a validity period of more than 1000 years. For example, there are more than 100,000 items that will expire in 2117, and more than 1000 items that are valid until 3017.

In addition, a certificate that expired in July 2019 when Lee performed a scan to create a dataset was found in 1.6 million domains, and one that expired from January to June 2019 3.7 million domains, which expired in the 2010s, were found in over 9.6 million domains.

Have been used cipher suite is 100 million 50 million of the connection of 160 million reviews ECDH and AES . The next most popular was RC4 , which Microsoft recommended to disable and banned on all versions of TLS. In addition, there were very few cases of using DES , an encryption algorithm prior to 3DES, as “6 cases”.

in Security, Posted by logc_nt