TLS usage of InfoSec Handbook readers

We logged the TLS versions and cipher suites of recent client requests to see the share of different versions and cipher suites.

Always stay in the loop!
Subscribe to our RSS/Atom feed.

The share of TLS versions and cipher suites was:

# of requestsTLS versionTLS cipher suite
129,258TLS 1.3TLS_AES_256_GCM_SHA384
74,328TLS 1.3TLS_AES_128_GCM_SHA256
4,870TLS 1.3TLS_CHACHA20_POLY1305_SHA256

Some interesting numbers:

  • Already 77% of all client requests used TLS 1.3.
  • 98% of the client requests used AES instead of ChaCha20.
  • 64% of the client requests used AES-256-GCM.

Our web server doesn’t enforce server-side cipher preference since we only allow a small set of strong TLS cipher suites that are considered secure. Client-side cipher preference is also recommended by Mozilla for modern TLS configuration: Mozilla Security/Server Side TLS: Modern compatibilityexternal link

An image showing a pie chart that shows the TLS usage of our readers.
TLS usage of our readers (🔍 Zoom in)

Tip: If you log cipher suites and get one request per line, you can sort the output with sort [tls-logfile] | uniq -c | sort -bgr.

Read also