/plushcap/analysis/cloudflare/aes-cbc-going-the-way-of-the-dodo

AES-CBC is going the way of the dodo

What's this blog post about?

In a recent development, AES-CBC cipher suites have seen their market share drop significantly on Cloudflare's edge network, falling below that of ChaCha20-Poly1305 suites. Over the last six months, AES-CBC has lost more than 33% of its share, which is now held by AES-GCM (71.2%) and ChaCha20-Poly1305 (15.3%). Additionally, ECDSA signature usage surpassed RSA at the beginning of this year, with over 60% of all connections using ECDSA. Furthermore, 98.4% of all connections now use PFS (Perfect Forward Secrecy) for key exchange, up from 97.6% six months ago. This trend towards safer and faster cryptography is expected to continue with the finalization of TLS 1.3 later this year.

Company
Cloudflare

Date published
April 21, 2017

Author(s)
Vlad Krasnov

Word count
284

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.