[SANS ISC] TLS 1.3 and SSL – the current state of affairs, (Tue, Sep 28th)

It has been over 3 years since the specification for TLS 1.3 was published[1], and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over time (ideally hand in hand with a slow disappearance of older cryptographic protocols, especially the historic SSL 2.0 and SSL 3.0).

If we go by the numbers gathered from Shodan over the last 12 months, it seems that we are indeed moving in the right direction, as the following charts show.

Overall, there currently seem to be approximately 15.8 million web servers accessible on the internet that support TLS 1.3, and their number is steadily rising, while only about 3.5 million such servers still support SSL 3.0 and about 780 thousand support SSL 2.0.

While the “global” charts paint an interesting picture, the sharp dip in relative values at the end of July that may be seen in all of the charts seems to be strange to say the least. My assumption is that this did not reflect the real state of affairs and was caused by some detection issue on the part of Shodan, though I might be wrong.

In any case, the same dip is not visible if we only look at the numbers related to web servers located within the borders of the European Union.

As we may see, about one third of all web servers in the EU currently seem to support TLS 1.3, while SSL 3.0 is supported by less than 5% and SSL 2.0 by less than 0.75% of such servers.

While on the topic of SSL 2.0 and 3.0, one further point deserves a short mention.

One might expect that the old cryptographic protocols would be mostly used by older devices (IoT, routers, etc.) and that their support would be more or less the same – i.e. it would be uniformly distributed – across the world. Although the first assumption might be correct to some degree, the second one does not seem to be, if one looks at the numbers…

In general, situation in most countries does seem to be similar to the global state of affairs or EU state of affairs, i.e., a large percentage of web servers supports TLS 1.2, a non-insignificant percentage supports TLS 1.3 and the deprecated TLS 1.1 and 1.0, and only very few web servers still support either version of SSL.

As it turns out, this is however not true for all countries around the world, as the following chart, which shows the situation in the 20 countries with largest relative support for SSL 2.0 demostrates.

It seems that although overall, the “disposal” of SSL 2.0 and 3.0 is going fairly well, and support of TLS 1.3 is increasing, there are still parts of the world where SSL still remains the undisputed king, or at least a strong contender…

[1] https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3

Jan Kopriva
Alef Nula

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[SANS ISC] RedLine Stealer Delivered Through FTP, (Thu, Jan 20th)

All posts, Sans-ISC

Here is a piece of malicious Python script that injects a RedLine[1] stealer into its own process. Process injection is a common attacker’s technique these days (for a long time already). The difference, in this case, is that the payload is delivered through FTP! It’s pretty unusual because FTP is today less and less used […]

Read More

[SANS ISC] ISC Stormcast For Wednesday, November 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7770, (Wed, Nov 24th)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

[ZDNet] Hit by ransomware? Make sure you don’t make this first obvious mistake

All posts, ZDNet

Cybersecurity researchers have analysed 700 ransomware negotiations between victims and crooks. Here’s what they found. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.