Updated July 06, 2017 (originally published January 19, 2017) Updated July 06, 2017

The 2016 TLS Telemetry Report

34 min. read

In just four short years, a healthy dose of paranoia about individual privacy as well as emerging support for encryption by browsers, social media sites, webmail, and SaaS applications have pushed encryption estimates from almost non-existent (in the low single digits before 2013) to just over 50% by the end of 2016.

That’s quite a victory for data privacy, but just how much of a victory?

F5 Labs explores that question in the first of our annual TLS Telemetry reports. Our goal is not just to report raw data, but to make that data actionable by describing the who, what, when, how, and why of cryptography, and provide guidance on what’s next for your organization. This being our initial report, we’ve taken care to explain our motivations—crazy though they may seem—for scanning the entire TLS Internet, describe our research methodology, and recap the recent history of and summarize the current cryptographic landscape.



Specifically, we look at:

  • Usage and preferences for current (and aging) cryptographic protocols such as TLS and SSL
  • The implications of self-signed certificates
  • Trends that are driving the adoption of Forward Secrecy
  • Reasons why HTTP Strict Transport Security adoption is sluggish
  • The truth about block and stream ciphers
  • The relative security of today’s most popular web servers

Finally, we conclude with recommendations for improving your organization’s overall cryptographic posture.

To see the full version of this report, click "Download" below.


Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.