AES-CBC is going the way of the dodo

In a recent development, AES-CBC cipher suites have seen their market share drop significantly on Cloudflare's edge network, falling below that of ChaCha20-Poly1305 suites. Over the last six months, AES-CBC has lost more than 33% of its share, which is now held by AES-GCM (71.2%) and ChaCha20-Poly1305 (15.3%). Additionally, ECDSA signature usage surpassed RSA at the beginning of this year, with over 60% of all connections using ECDSA. Furthermore, 98.4% of all connections now use PFS (Perfect Forward Secrecy) for key exchange, up from 97.6% six months ago. This trend towards safer and faster cryptography is expected to continue with the finalization of TLS 1.3 later this year.