Welcome to the Summary of the 2019 F5 Labs TLS Telemetry Report.
This year, we expanded the scope of our research to bring you deeper insights into how encryption on the web is constantly evolving. We look into which ciphers and SSL/TLS versions are being used to secure the Internet’s top websites and, for the first time, examine the use of digital certificates on the web and look at supporting protocols (such as DNS) and application layer headers.
A lot has happened in the world of encryption since we published the 2017 TLS Telemetry Report. Over the past two years, standards have been updated, browsers have evolved and a number of new protocols have been released that aim to secure all the remaining cleartext protocols still in wide use today.
Meanwhile, the global debate between technology providers and governments (also known as Crypto Wars 2.0) continues to rumble on. Governments are increasingly trying to control how encryption is used, and we frequently see poorly written (or purposefully vague) legislation introduced.
Chrome, the most widely used web browser, now fetches over 86% of web pages over secure HTTPS connections. That figure approaches 100% for Chrome OS-based devices when accessing Google properties like Gmail. For Firefox, HTTPS page loads are slightly lower but still at an impressive 80.5% average. Of the Alexa top 1 million sites, almost a third now accept TLS 1.3 connections.
In 2014, 98% of the web servers accepting HTTPS connections still allowed the use of SSL v3. This changed rapidly in October 2014 when the POODLE vulnerability was announced.