When browsing the Internet, something essential and highly valued by Internet users is security. However, when we browse the network of networks, not all the pages we visit are. In this aspect, we can find websites that do not use modern and secure security protocols, which could cause our personal information to be leaked. When we talk about security on the web, names like TLS and HTTPS usually appear. Thanks to a report in which a large number of web pages have been analyzed, we are going to know the current situation. In this article we are going to see how the Internet is becoming more and more secure, but there are old encryption techniques that sometimes make the websites we visit unsafe.
TLS-protocol
A web page is more or less secure depending on the encryption used. For example, different websites use the TLS protocol for encryption. It should also be noted that over time this protocol becomes obsolete and no longer guarantees our security.
If we talk about the TLS protocol, we can say that versions 1.0 and 1.1 are outdated and should not be used. For this reason, some browsers no longer allow access to these web pages by default. In that aspect, an outdated encryption is not going to protect us properly and we must opt for TLS in its version 1.3 or 1.2. You may be interested in knowing the SSL, TLS and HTTPS protocols, some of which we will talk about later.
Old ciphers still used
In a new report from Venafi, called the 2021 TLS Tracker Report, an in-depth security analysis of the top 1 million websites in the world has been done over the last 18 months. The results show that the Internet is becoming more secure. One positive thing is that the use of encryption is increasing and the adoption of more modern TLS protocols is increasing. However, many companies still use old RSA encryption algorithms to generate keys, even though stronger encryption algorithms such as ECDSA are available.
The report also comments that, over the years, the use of HTTPS has increased tremendously, although it should be noted that the rate of growth is slowing. However, we continue to see more use of HTTPS than ever before. This report finds that 72% of sites now actively redirect traffic to use HTTPS, as seen in this table:
Also the use of HSTS (HTTP Strict Transport Security) has increased significantly. In this case, an increase of 44% can be seen, there are now 191,025 websites compared to the 132,466 we had in March 2020.
The use of TLS in conjunction with RSA and ECDSA
A noteworthy fact is that more than half of the million sites that use HTTPS are using TLSv1.3, which is the latest version of TLS. In this aspect, it should be noted that it has surpassed TLSv1.2 to become the most popular version of this protocol. You may be interested in how to know which version of the TLS protocol a website uses. This would be the comparative TLS table between April 2020 and November 2021.
On the other hand, RSA keys for authentication are currently the most widely used by far. Adoption of the use of TLSv1.3 was expected to greatly increase the numbers of ECDSAs. One of the main reasons to keep RSA for authentication is legacy clients that don’t support ECDSA yet but that wouldn’t justify the very low numbers you have.
In the case of using larger RSA keys for security reasons, we should use ECDSA. The reason is that it is a stronger key algorithm and offers better performance.
Finally, it should be noted that Let’s Encrypt now leads the certificate market. Out of one million websites analyzed, 240,461 sites were using Let’s Encrypt. The next largest certificate issuer is Cloudflare which has half as many sites as Cloudflare. Finally, if we add Let’s Encrypt and Cloudflare they will represent more than 50% of all certificates.
