AES-CBC is going the way of the dodo
In a recent development, AES-CBC cipher suites have seen their market share drop significantly on Cloudflare's edge network, falling below that of ChaCha20-Poly1305 suites. Over the last six months, AES-CBC has lost more than 33% of its share, which is now held by AES-GCM (71.2%) and ChaCha20-Poly1305 (15.3%). Additionally, ECDSA signature usage surpassed RSA at the beginning of this year, with over 60% of all connections using ECDSA. Furthermore, 98.4% of all connections now use PFS (Perfect Forward Secrecy) for key exchange, up from 97.6% six months ago. This trend towards safer and faster cryptography is expected to continue with the finalization of TLS 1.3 later this year.
Company
Cloudflare
Date published
April 21, 2017
Author(s)
Vlad Krasnov
Word count
284
Language
English
Hacker News points
None found.