
Wikipedia's TLS Cipher stats - mmastrac
https://grafana.wikimedia.org/#/dashboard/db/tls-ciphers
======
alanh
The big graph at the top might be better represented as fractions of the
whole. The most apparent thing in this graph is its seasonality / cyclic
behavior in traffic, but that’s not the most important thing (given this was
submitted as “TLS Cipher Stats,” not “traffic spikes”). Essentially, I’m
saying the vertical axis should have percent labels instead of raw numbers.

------
HeXetic
This is neat but kinda useless without some written analysis. I am not a
crypto expert so the graphs mean little to me.

~~~
justizin
I think your comment eats to the heart of what's been happening of late. You
shouldn't need to be a crypto expert to know what Forward Secrecy or ECDHE
are, at least.

Anyone who might ever configure a webserver should be learning about this
stuff.

~~~
acqq
I'm glad that at least you find the graphs obvious, as I have a bunch of
questions.

What are security pros and cons of using or not using GCM?

And which browser uses which settings of these displayed by default? How can
we interpret the percentages?

What are the percentages anyway? It's hard to see them from all these graphs.
Actually, I don't care about the peak-hour times when I just need to know the
percentages.

And in which time zone is the time scale at all?

Thanks in advance.

~~~
tptacek
GCM is "authenticated encryption". That means that it's a cipher construction
that provides both confidentiality and integrity, in one hermetically sealed
capsule. Most legacy crypto (and most of the crypto in TLS) provides integrity
checking as a separate operation; it will, for instance, take confidentiality
from AES-CBC, and authentication from (say) HMAC-SHA1. This works fine, but
requires that implementations do joinery between the cipher and the MAC.

Every iteration of TLS prior to the version that began providing authenticated
encryption (of which GCM is the only widely compatible option) has gotten this
joinery wrong.

There are workarounds for the resultant bugs, but it's better, when possible,
to enable the version of TLS that enables GCM, and prefer the GCM
ciphersuites.

~~~
iso8859-1
You almost imply that GCM is the only authenticated encryption. People should
know that it is just one of them, but it is the one that circumvents patents
and is really reasonably fast.

~~~
tptacek
It is the only widely compatible AEAD for TLS. Soon, it'll be accompanied by
ChaCha/Poly1305, but not yet.

GCM is the last AEAD I'd reach for in a custom design!

------
firloop
More of these stats here:
[https://grafana.wikimedia.org/#/dashboard/db/home](https://grafana.wikimedia.org/#/dashboard/db/home)

------
cbsmith
Man, you can tell when people are at home vs. at work...

~~~
polpo
Absolutely. DES-CBC3-SHA = people on IE8 on XP = people at work.

~~~
ams6110
Funny, I was about to say that was people at home. I haven't used XP at work
in years, but still ran it at home up until a couple of months ago (didn't use
IE though).

~~~
cbsmith
Oh no. That's people at work. Notice how there are two days a week where it
doesn't rise during the day.

We just don't appreciate how slowly many organizations update their "frozen
rigid" workstations images.

------
ipsin
Moving to a 14-day view, what accounts for the spike in ecdhe-ecdsa-
aes128-gcm-sha256 and ecdhe-ecdsa-aes128-sha? Did these switch to preferred
defaults in some major browsers?

~~~
vacri
It's a display problem. The spike appears at 2015-09-08 12:00ish, but is not
visible at the same time on the shorter timescale views.

Edit: yes, it's aggregating things incorrectly at 14+ days. Some parts of the
graph appear to be 'aggregate' (spike), others appear to be 'average' (low
points).

------
orf
Interesting stats, but oh boy Grafana[1] looks amazing.

1\. [http://grafana.org/](http://grafana.org/)

------
jvehent
And apparently des-cbc3-sha is still a thing...

~~~
yuhong
Mostly XP by now I think.

~~~
rockdoe
Correct. For example Mozilla's recommended TLS server settings (which are
fairly popular) will result in XP+IE8 (default browser) using
TLS_RSA_WITH_3DES_EDE_CBC_SHA

