Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: SANS Internet Storm Center SANS Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

TLS 1.3 and SSL - the current state of affairs

Published: 2021-09-28
Last Updated: 2021-09-28 09:26:10 UTC
by Jan Kopriva (Version: 1)
0 comment(s)

It has been over 3 years since the specification for TLS 1.3 was published[1], and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0).

If we go by the numbers gathered from Shodan over the last 12 months, it seems that we are indeed moving in the right direction, as the following charts show.

Overall, there currently seem to be approximately 15.8 million web servers accessible on the internet that support TLS 1.3, and their number is steadily rising, while only about 3.5 million such servers still support SSL 3.0 and about 780 thousand support SSL 2.0.

While the “global” charts paint an interesting picture, the sharp dip in relative values at the end of July that may be seen in all of the charts seems to be strange to say the least. My assumption is that this did not reflect the real state of affairs and was caused by some detection issue on the part of Shodan, though I might be wrong.

In any case, the same dip is not visible if we only look at the numbers related to web servers located within the borders of the European Union.

As we may see, about one third of all web servers in the EU currently seem to support TLS 1.3, while SSL 3.0 is supported by less than 5% and SSL 2.0 by less than 0.75% of such servers.

While on the topic of SSL 2.0 and 3.0, one further point deserves a short mention.

One might expect that the old cryptographic protocols would be mostly used by older devices (IoT, routers, etc.) and that their support would be more or less the same - i.e. it would be uniformly distributed - across the world. Although the first assumption might be correct to some degree, the second one does not seem to be, if one looks at the numbers…

In general, situation in most countries does seem to be similar to the global state of affairs or EU state of affairs, i.e., a large percentage of web servers supports TLS 1.2, a non-insignificant percentage supports TLS 1.3 and the deprecated TLS 1.1 and 1.0, and only very few web servers still support either version of SSL.

As it turns out, this is however not true for all countries around the world, as the following chart, which shows the situation in the 20 countries with largest relative support for SSL 2.0 demostrates.

It seems that although overall, the “disposal” of SSL 2.0 and 3.0 is going fairly well, and support of TLS 1.3 is increasing, there are still parts of the world where SSL still remains the undisputed king, or at least a strong contender…

[1] https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3

-----------
Jan Kopriva
@jk0pr
Alef Nula

Keywords: HTTPS Shodan SSL TLS
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Video: Strings Analysis: VBA & Excel4 Maldoc
Sep 25th 2021
3 days ago by DidierStevens (0 comments)

Strings Analysis: VBA & Excel4 Maldoc
Sep 25th 2021
3 days ago by DidierStevens (0 comments)

Keep an Eye on Your Users Mobile Devices (Simple Inventory)
Sep 24th 2021
4 days ago by Xme (0 comments)

Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
Sep 23rd 2021
5 days ago by Xme (0 comments)

An XML-Obfuscated Office Document (CVE-2021-40444)
Sep 22nd 2021
6 days ago by DidierStevens (0 comments)

A First Look at Apple's iOS 15 "Private Relay" feature.
Sep 21st 2021
1 week ago by Johannes (0 comments)

View All Diaries →

Latest Discussions

Dshield Sensor
created Jun 8th 2021
3 months ago by Rick (0 replies)

API port data
created Apr 25th 2021
5 months ago by JJ (1 reply)

RSS feed containing non-XML compatible characters
created Apr 14th 2021
5 months ago by Anonymous (1 reply)

Handler's Diary (Full text) RSS Feeds stopt working due to a typo
created Mar 5th 2021
6 months ago by bas.auer@auerplace.nl (0 replies)

port_scan issue in Snort3
created Feb 23rd 2021
7 months ago by astraea (0 replies)

View All Forums →

Latest News

Top Diaries

"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
Jul 22nd 2021
2 months ago by Johannes (0 comments)

Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
Jul 12th 2021
2 months ago by Johannes (0 comments)

DIY CD/DVD Destruction - Follow Up
Jul 4th 2021
2 months ago by DidierStevens (0 comments)

Maldocs: Protection Passwords
Feb 28th 2021
6 months ago by DidierStevens (0 comments)

An infection from Rig exploit kit
Jun 17th 2019
2 years ago by Brad (0 comments)