Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: TLS 1.3 and SSL - the current state of affairs SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TLS 1.3 and SSL - the current state of affairs

It has been over 3 years since the specification for TLS 1.3 was published[1], and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0).

If we go by the numbers gathered from Shodan over the last 12 months, it seems that we are indeed moving in the right direction, as the following charts show.

Overall, there currently seem to be approximately 15.8 million web servers accessible on the internet that support TLS 1.3, and their number is steadily rising, while only about 3.5 million such servers still support SSL 3.0 and about 780 thousand support SSL 2.0.

While the “global” charts paint an interesting picture, the sharp dip in relative values at the end of July that may be seen in all of the charts seems to be strange to say the least. My assumption is that this did not reflect the real state of affairs and was caused by some detection issue on the part of Shodan, though I might be wrong.

In any case, the same dip is not visible if we only look at the numbers related to web servers located within the borders of the European Union.

As we may see, about one third of all web servers in the EU currently seem to support TLS 1.3, while SSL 3.0 is supported by less than 5% and SSL 2.0 by less than 0.75% of such servers.

While on the topic of SSL 2.0 and 3.0, one further point deserves a short mention.

One might expect that the old cryptographic protocols would be mostly used by older devices (IoT, routers, etc.) and that their support would be more or less the same - i.e. it would be uniformly distributed - across the world. Although the first assumption might be correct to some degree, the second one does not seem to be, if one looks at the numbers…

In general, situation in most countries does seem to be similar to the global state of affairs or EU state of affairs, i.e., a large percentage of web servers supports TLS 1.2, a non-insignificant percentage supports TLS 1.3 and the deprecated TLS 1.1 and 1.0, and only very few web servers still support either version of SSL.

As it turns out, this is however not true for all countries around the world, as the following chart, which shows the situation in the 20 countries with largest relative support for SSL 2.0 demostrates.

It seems that although overall, the “disposal” of SSL 2.0 and 3.0 is going fairly well, and support of TLS 1.3 is increasing, there are still parts of the world where SSL still remains the undisputed king, or at least a strong contender…

[1] https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3

-----------
Jan Kopriva
@jk0pr
Alef Nula

Jan

64 Posts
ISC Handler
Sep 28th 2021

Sign Up for Free or Log In to start participating in the conversation!