SSL Server Test

SSL Server Test

About This Project
Title:
SSL Pulse
Created by:
SSL Labs
Date Published:
April 25, 2012

Details:

SSL Pulse is a continuous and global dashboard for monitoring the quality of SSL support across the top one million web sites. SSL Pulse is powered by the assessment technology of SSL Labs, which is focused on auditing the SSL ecosystem, raising awareness, and providing tools and documentation to web site owners so they can improve their SSL implementations.


Read the blog post.


Trustworthy Internet Movement Picks SSL Implementation and Governance as First Initiative
April 26, 2012

Methodology

The goal of the SSL Labs surveys is to measure the effective security of SSL. After some experimentation with an assessment of substantially all public SSL sites (about 1.5 million of them), we settled on a smaller list of about 200,000 SSL-enabled web sites, based on Alexa’s list of most popular sites in the world. Working with a smaller list is more manageable and allows us to conduct the surveys more often. It also allows us to conduct more thorough analysis to look for application-layer issues that may subvert SSL security. In addition, focusing on popular sites – we believe – gives us more relevant results and also excludes abandoned sites.

 

Having worked with several data sets, each drawing from a different list of sites, we have come to understand that what we are presenting in our surveys is not a measurement, but a reasonable approximation of the state of SSL. More important than the results from any one round of tests is how the measurements change over time. The adoption of a single selection methodology and a switch to monthly testing should give us an indicator of where we’re heading, which is what we believe matters.

SSL Pulse
Survey of the SSL Implementation of the Most Popular Web Sites
Summary
Published Date: 
Comparisons are made against the previous month's data.
SSL Security Summary
SSL Security Summary:

This is the summary of the effective SSL security implemented by the most popular web sites. To be secure, a site has to be well configured, which means that it must have the A grade. In addition, it must not be vulnerable to any of the two currently known attacks against SSL (Insecure Renegotiation and the BEAST attack).

SSL Labs Grade Distribution
SSL Labs Grade Distribution:

The SSL Labs assessment grade reflects the quality of the configuration of an SSL web site. The assessment methodology is documented in the SSL Rating Guide.

Key Findings
Certificate Chain
Certificate Chain:

All SSL sites use certificates as their digital IDs. However, in many cases a chain of certificates is needed to create a trust link between the user and a trust anchor. A common mistake is that the certificate chain is incomplete, which often results with certificate warnings on sites that are otherwise well configured.

Key Strength
Key Strength:

Key strength is the foundation of SSL security. Sites with weak keys cannot provide robust security, even when everything else is well configured. Today, keys shorter than 1024 bits are considered insecure. Keys of 1024 bits are considered sufficient, but users should plan to migrate to 2048 bits within the next couple of years.

-
Sites with keys
below 1024 bits
since previous month
Strict Transport Security
Strict Transport Security:

HTTP Strict Transport Security (HSTS) is an SSL safety net: technology designed to ensure that security remains intact even in the case of configuration problems and implementation errors. To activate HSTS protection, you set a single response header in your websites. After that, browsers that support HSTS (at this time, Chrome and Firefox) will enforce the protection.

The goal of HSTS is simple: after activation, do not allow insecure communication with your website. It achieves this goal by automatically converting all plain-text links to secure ones. As a bonus, it will also disable click-through SSL certificate warnings.

-
Sites that support HTTP
Strict Transport Security
since previous month
Cipher Strength
Cipher Strength:

When it comes to data transfer, cipher strength is the measure of the security of the communication channel. Ciphers weaker than 128 bits are insecure and must not be used.

Protocol Support
Protocol Support:

There are five protocols in the SSL/TLS family, but not all of them are secure. The best practice is to use TLS v1.0 as your main protocol (making sure the BEAST attack is mitigated in configuration) and TLS v1.1 and v1.2 if they are supported by your server platform. That way, the clients that support newer protocols will select them, and those that don’t will fall back to TLS v1.0. You must not use SSL v2.0, because it is insecure.

Renegotiation Support
Renegotiation:

In 2009, the renegotiation feature of SSL was found to be insecure. A successful exploitation of this issue may allow the attacker to impersonate his victims and extract confidential data. Most vendors have issued patches by now or, at the very least, provided workarounds for the problem.

Extended Validation Certificates
Extended Validation Certificates:

Extended Validation (EV) certificates are high-assurance certificates that rely on manual identity validation to establish links between web sites and the organizations behind them.

SPDY
SPDY:

Sites that support the SPDY protocol.

Forward Secrecy
Forward Secrecy:

Forward Secrecy is a protocol feature that protects each connection individually. It is designed so that is is impossible to compromise connection security by compromising the server private key.

Key Strength Distribution
Key Strength:

Key strength is the foundation of SSL security. Sites with weak keys cannot provide robust security, even when everything else is well configured. Today, keys shorter than 1024 bits are considered insecure. Keys of 1024 bits are considered sufficient, but users should plan to migrate to 2048 bits within the next couple of years.

BEAST Attack
BEAST Attack:

The BEAST attack is a practical attack based on a protocol vulnerability that was discovered in 2004. A successful exploitation of this issue will result in a disclosure of victim's session cookies, allowing the attacker to completely hijack the application session. Despite having been addressed in TLS v1.1 in 2006, the problem is still relevant because most clients and servers do not support newer protocol versions. Practical mitigation requires that your servers speak only RC4 when using TLS v1.0 or SSL v3.0.

TLS Compression / CRIME
TLS Compression / CRIME:

Sites that support TLS compression. These sites are vulnerable to the CRIME attack.

RC4
RC4:

RC4 is a very widely used cipher suite. Before 2013, we knew of some RC4 weaknesses, but it was thought that they did not affect SSL. With new research published in early 2013, we now know that RC4 is weak and should not be used.