We logged the TLS versions and cipher suites of recent client requests to see the share of different versions and cipher suites.
Always stay in the loop!
Subscribe to our RSS/Atom feed.
The share of TLS versions and cipher suites was:
|# of requests||TLS version||TLS cipher suite|
Some interesting numbers:
- Already 77% of all client requests used TLS 1.3.
- 98% of the client requests used AES instead of ChaCha20.
- 64% of the client requests used AES-256-GCM.
Our web server doesn’t enforce server-side cipher preference since we only allow a small set of strong TLS cipher suites that are considered secure. Client-side cipher preference is also recommended by Mozilla for modern TLS configuration: Mozilla Security/Server Side TLS: Modern compatibilityexternal link
Tip: If you log cipher suites and get one request per line, you can sort the output with sort [tls-logfile] | uniq -c | sort -bgr.