Half a million widely trusted websites vulnerable to Heartbleed bug

A serious overrun vulnerability in the OpenSSL cryptographic library affects around 17% of SSL web servers which use certificates issued by trusted certificate authorities. Already commonly known as the Heartbleed bug, a missing bounds check in the handling of the TLS heartbeat extension can allow remote attackers to view up to 64 kilobytes of memory on an affected server. This could allow attackers to retrieve private keys and ultimately decrypt the server's encrypted traffic or even impersonate the server.

The Heartbleed bug write-up mentions Apache and nginx as being the most notable software using OpenSSL, and also points out that these have a combined active site market share of over 66% according to our April 2014 Web Server Survey. However, not all of these servers are running an HTTPS service, nor are they all running vulnerable versions of OpenSSL with heartbeats enabled.

Our most recent SSL Survey found that the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities. These certificates are consequently vulnerable to being spoofed (through private key disclosure), allowing an attacker to impersonate the affected websites without raising any browser warnings.


Most vulnerable servers are using Apache.

Note that a small percentage of Microsoft web servers also appear to support the TLS heartbeat extension; these are actually likely to be vulnerable Linux machines acting as reverse proxy frontends to Windows servers.

Support for heartbeats was added to OpenSSL 1.0.1 (released in 2012) by Robin Seggelmann, who also coauthored the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension RFC. The new code was committed to OpenSSL's git repository just before midnight on new year's eve 2011.

OpenSSL's security advisory states that only versions 1.0.1 and 1.0.2-beta are affected, including 1.0.1f and 1.0.2-beta1. The vulnerability has been fixed in OpenSSL 1.0.1g, and users who are unable to upgrade immediately can disable heartbeat support by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.

Popular sites which exhibit support for the TLS heartbeat extension include Twitter, GitHub, Yahoo, Tumblr, Steam, DropBox, HypoVereinsbank, PostFinance, Regents Bank, Commonwealth Bank of Australia, and the anonymous search engine DuckDuckGo.

Certificates and keys at risk of compromise should be revoked and replaced, particularly if they are used to protect sensitive data. Certificate Authorities, hosting companies and other interested parties can contact us for assistance in identifying affected certificates.

You can check whether your own HTTPS website might be vulnerable using the form below, and looking for the RFC6520 heartbeat TLS extension.

Netcraft site report
URL:

The Meteoric Rise of DigitalOcean

[November 2013: Click to view updated graphs and statistics for DigitalOcean]

Cloud hosting startup DigitalOcean has grown extraordinarily over the past six months. In December 2012, DigitalOcean had just over 100 web-facing computers; in June 2013, Netcraft found more than 7,000. DigitalOcean provides SSD-backed virtual computers which are available by the hour. The cheapest droplet, as it refers to virtual computers, costs less than a cent per hour, about a third of the price of Amazon's cheapest option. DigitalOcean claims to be able to provision a new droplet within 55 seconds in one of three locations: New York, Amsterdam (available since January 2012), and San Francisco (April 2013).

Hosting provider December 2012 June 2013 Growth Growth (%)
Amazon 134,117 165,438 +31,321 +23.35%
Alibaba6,64917,347+10,699+160.91%
Hetzner75,88084,896+9,016+11.88%
DigitalOcean1387,134+6,996+5084.64%
OVH90,30596,558+6,253+6.92%
Shore Network Tech (Linode)54,05157,701+3,650+6.75%

Fastest growing hosting providers by web-facing computers, December 2012 to June 2013.

Over the last six months DigitalOcean had the fourth largest growth in web-facing computers with only Amazon, Alibaba, and Hetzner ahead of it. DigitalOcean's more than 50-fold growth makes it the 72nd largest hosting provider in the world by web-facing computers, up from 549th in December and 102nd last month. DigitalOcean had the second largest growth of web-facing computers last month — it was one of only five hosting providers to grow by more than 1,000 web-facing computers — and it contributed 10% of the total growth worldwide.

Previous hosting provider Net movement to DigitalOcean
New sites+6,211
Rackspace+1,475
Shore Network Tech (Linode)+1,028
Amazon+626
Softlayer+263

Sites (hostnames) switching to DigitalOcean from notable providers, May 2013 to June 2013

As shown in the table above, websites are migrating to DigitalOcean from its better known competitors; last month almost 1,500 websites moved from Rackspace and 1,000 from Shore Network Tech (Linode). NewsBlur, a news aggregation website, is one of the busiest sites hosted at DigitalOcean. Several websites belonging to the Ruby on Rails project including guides.rubyonrails.org and api.rubyonrails.org are now hosted at DigitalOcean after recently moving from Linode.

Operating System share by web-facing computer at DigitalOcean in June 2013

DigitalOcean provide a number of template images in order to create a droplet, including five Linux distributions: Ubuntu, CentOS, Debian, Arch Linux and Fedora. Of the web-facing computers presenting a distribution-specific server banner, Ubuntu is by far the most popular: over 70% of web-facing computers with an identifiable distribution are using the Debian-derived distribution. Microsoft Windows is conspicuous by its absence; DigitalOcean has postponed plans to support Windows citing complexities including licensing and security concerns.

DigitalOcean — 2012 graduate of the Tech Stars startup accelerator — has had difficulty getting access to a sufficient quantity of IPv4 addresses in Amsterdam which meant that it was uneconomic to provide smaller droplet sizes. In May 2013, DigitalOcean announced the availability of further IP addresses for smaller droplet sizes in Europe, re-enabling the creation of 512MB and 1GB droplets.

Netcraft provides information on the Internet infrastructure, including the hosting industry, and web content technologies. For information on the cloud computing industry visit www.netcraft.com.

SSL: Intercepted today, decrypted tomorrow

[September 2013: The Netcraft extension — for Firefox, Google Chrome, and Operanow displays whether or not PFS is supported]

Millions of websites and billions of people rely on SSL to protect the transmission of sensitive information such as passwords, credit card details, and personal information with the expectation that encryption guarantees privacy. However, recently leaked documents appear to reveal that the NSA, the United States National Security Agency, logs very high volumes of internet traffic and retains captured encrypted communication for later cryptanalysis. The United States is far from the only government wishing to monitor encrypted internet traffic: Saudi Arabia has asked for help decrypting SSL traffic, China has been accused of performing a MITM attack against SSL-only GitHub, and Iran has been reported to be engaged in deep packet inspection and more, to name but a few.

The reason that governments might consider going to great lengths to log and store high volumes of encrypted traffic is that if the SSL private key to the encrypted traffic later becomes available — perhaps through court order, social engineering, successful attack against the website, or through cryptanalysis — all of the affected site’s historical traffic may then be decrypted at once. This really would open Pandora’s Box, as on a busy site a single key would decrypt all of the past encrypted traffic for millions of people.

There is a defence against this, known as perfect forward secrecy (PFS). When PFS is used, the compromise of an SSL site's private key does not necessarily reveal the secrets of past private communication; connections to SSL sites which use PFS have a per-session key which is not revealed if the long-term private key is compromised. The security of PFS depends on both parties discarding the shared secret after the transaction is complete (or after a reasonable period to allow for session resumption).

Eavesdroppers wishing to decrypt past communication which has used PFS face a daunting task: each previous session needs to be attacked independently. Even knowing the long-term private key does not help as the session key is not available by simple decryption. Conversely, when SSL connections do not use PFS, the secret key used to encrypt the rest of the session is generated by the SSL site and sent encrypted with the long-term private-public key pair. If this long-term private key is ever compromised all previous encrypted sessions are easily decrypted.

Perfect forward secrecy was invented in 1992, pre-dating the SSL protocol by two years, and consequently one might reasonably have expected that SSL would have made operational use of PFS from the outset. Nevertheless, almost twenty years later, PFS usage is not used by the majority of SSL sites.

The use of PFS is dependent on the negotiation between the browser and the web site successfully agreeing on a PFS cipher suite. One might reasonably expect browsers to do all they can to support PFS cipher suites as PFS confers an advantage in privacy for the browser’s user community, and any PFS performance disadvantages may only be a serious issue at the larger scales found on the server-side. On the other hand, there are only a small number of browsers in widespread use, and if a government wished to maximise its influence in restricting the use of PFS in order to facilitate decryption of recorded encrypted transactions it would start with the web browsers.

Browser support for PFS

Netcraft has tested the cipher suite selection of five major browsers — Internet Explorer, Google Chrome, Firefox, Safari and Opera — against 2.4 Million SSL sites from Netcraft's June SSL Survey. The support for PFS varied significantly between browsers: only a tiny fraction of Internet Explorer's SSL connections operated with PFS; whereas Google Chrome, Opera and Firefox were protected for approximately one third of connections. Safari fared only a little better than Internet Explorer.

The actual cipher suites used when connecting to 2.4 Million SSL sites with the cipher suite settings extracted from each browser. *Opera does not include its TLS 1.2 cipher suites.

Internet Explorer does particularly poorly as it does not support any cipher suite that uses both RSA public keys and non-elliptic-curve DH key exchange, which includes the most popular PFS cipher suite. The PFS cipher suites that IE does support have a lower priority than some of the most commonly supported non-PFS cipher suites. Curiously, IE does support DHE-DSS-AES256-SHA, which uses the rarer DSS authentication method, but not the very popular DHE-RSA-AES256-SHA.

Browser priorityCipher SuiteReal-world usage in SSL Survey
1AES128-SHA63.52%
2AES256-SHA2.21%
3RC4-SHA17.12%
4DES-CBC3-SHA0.41%
5ECDHE-RSA-AES128-SHA0.08%
6ECDHE-RSA-AES256-SHA0.21%
7ECDHE-ECDSA-AES128-SHA0.00%
8ECDHE-ECDSA-AES256-SHA0.00%
9DHE-DSS-AES128-SHA0.00%
10DHE-DSS-AES256-SHA0.00%
11EDH-DSS-DES-CBC3-SHA0.00%
12RC4-MD516.46%

Internet Explorer 10's cipher suite ordering and the actual negotiated cipher suite in Netcraft's SSL survey. PFS cipher suites are highlighted in bold and green.

Safari supports many PFS cipher suites but non-elliptic-curve cipher suites are used only as a last resort. As several non-PFS ciphers have a higher priority, web servers respecting the browser's preferences will end up selecting a non-PFS cipher suite even if the web server itself does support some (non elliptic-curve) PFS cipher suites.

Chrome, Firefox, and Opera all do better, preferring PFS cipher suites ahead of non-PFS at any given strength level — for example Opera's preference list starts: DHE-RSA-AES256-SHA, DHE-DSS-AES256-SHA, AES256-SHA, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA, AES128-SHA. Netcraft did not include any cipher suites only present in TLS 1.2 which includes many of Opera's PFS cipher suites, so the results for Opera form a lower bound on the number of SSL sites using PFS with Opera.

None of the browsers change their user interface perceptibly to reflect the presence of PFS akin to the way EV certificates are treated to a green address bar. Google Chrome and Opera show the cipher suite used (in popups or dialog boxes), but they rely on a user understanding the implications of wording such as "[..] ECDHE_RSA as the key exchange mechanism".

Web server support for PFS

Despite a browser's best efforts to prefer PFS cipher suites, the key exchange method used is selected by the server and it may either not support any PFS cipher suites or it may prefer to use an alternative cipher suite (and perhaps reasonably so for performance reasons). The use of the Diffie-Hellman key exchange does impose a performance penalty as there is additional computation required to derive the secret key.

Using any browser's cipher suite preference order, at least two-thirds of the SSL connections made in the Netcraft SSL survey did not use a cipher suite with PFS at all.

Connections to 2.4 Million SSL sites in the SSL survey, once for each browser, split by the web server vendor

nginx, an open-source web server originally written by Russian Igor Sysoev, uses strong cipher suites by default, which has caused some to comment on nginx's SSL performance. With the exception of Internet Explorer and Safari, more than 70% of SSL sites using the web server selected a PFS cipher suite when visited with a modern browser.

The usage of PFS amongst SSL sites using Apache is also fair, around two-thirds of the SSL sites it serves use a PFS cipher suite when visited in Firefox, Chrome, or Opera. Conversely, Microsoft's support for PFS cipher suites is notably lacking; both Microsoft IIS and Internet Explorer only rarely use PFS cipher suites — when used together only 111 (0.01%) of SSL connections between IIS and IE used PFS.

Whilst Google uses PFS cipher suites for some Google SSL sites, it appears that many SSL sites hosted on Google App Engine do not.

How is this related to PRISM?

WebsiteInternet ExplorerGoogle ChromeFirefoxSafariOpera
www.facebook.comRC4-SHARC4-SHARC4-SHARC4-SHARC4-SHA
www.twitter.comRC4-SHARC4-SHARC4-SHARC4-SHARC4-SHA
www.yahoo.comAES128-SHACAMELLIA256-SHACAMELLIA256-SHAAES128-SHAAES256-SHA
www.google.comECDHE-RSA-AES128-SHAECDHE-RSA-RC4-SHAECDHE-RSA-RC4-SHAECDHE-RSA-RC4-SHARC4-SHA
login.live.comAES128-SHAAES128-SHAAES128-SHAAES128-SHAAES128-SHA
www.aol.comRC4-SHARC4-SHARC4-SHARC4-SHARC4-SHA
www.apple.comAES256-SHAAES256-SHAAES256-SHAAES256-SHAAES256-SHA
commerce.paltalk.comRC4-SHARC4-SHARC4-SHARC4-SHARC4-SHA

The negotiated cipher suite for a selection of SSL sites belonging to companies implicated in the PRISM programme. PFS cipher suites are highlighted in bold and green.

Many SSL sites of those companies implicated in the PRISM programme do not use PFS cipher suites when visited in any of the major browsers. Google, however, does use a PFS cipher suite in most browsers, with the notable exception of Opera. If PRISM operates by examining SSL traffic, which has been said to be fairly unlikely given its quoted $20M cost, all of the traffic to these SSL sites (except for Google) could have been compromised if the NSA had access to the private key.

Some other noteworthy SSL sites

WebsiteInternet ExplorerGoogle ChromeFirefoxSafariOpera
www.cloudflare.comECDHE-RSA-AES128-SHAECDHE-RSA-RC4-SHAECDHE-RSA-RC4-SHAECDHE-RSA-RC4-SHARC4-SHA
www.duckduckgo.comRC4-SHARC4-SHARC4-SHARC4-SHARC4-SHA
www.mega.co.nzRC4-SHARC4-SHARC4-SHARC4-SHARC4-SHA

The negotiated cipher suite for a selection of SSL sites. PFS cipher suites are highlighted in bold and green.

DuckDuckGo, a search engine, has been prominent in the media since the start of the Snowden revelations due to its privacy policy which promotes anonymity. If the private key used by DuckDuckGo were ever compromised — for example if one of their servers were seized — all previous searches would be revealed where logged traffic is available. DuckDuckGo may be a particularly interesting target for the NSA due to its audience and the small volume of traffic (as compared to Google).

CloudFlare has taken a similar approach to Google using ECDHE RC4 or AES cipher suites, but also leave Opera users without the protection of PFS. One of CloudFlare's options for SSL deployment is 'flexible' SSL which encrypts traffic from the browser to CloudFlare but if the content is not returned from its cache, the connection from CloudFlare to the original website is made without SSL. Rather than attempting to decrypt the encrypted content it may be easier to intercept unencrypted traffic between CloudFlare and the original website.

Mega does not use PFS cipher suites, perhaps a risky move given the history of raids on Megaupload's servers by the US Government. With physical access to the servers, it is not implausible that the private keys of any server could be extracted, even if it is from non-persistent memory.

Conclusions

Conspiracy theorists may be unsurprised that:

  • Microsoft’s support for PFS is conspicuous by its absence across Internet Explorer, IIS, and some of its own web sites. Apple’s support for PFS in Safari is only slightly better.
  • Russia, long-time target of US spies, is the home of the developer of nginx, the web server which uses PFS most often.
  • Almost all of the websites run by companies involved in the PRISM programme do not use PFS.

Whilst conspiracy theorists may delight in speculating on the reasons why PFS isn't ubiquitous, one reason may be web sites' (bona fide) performance concerns: Mavrogiannopoulos reports up to a 3x performance penalty starting an SSL connection using DHE-RSA instead of plain RSA. The lack of clear in-browser notifications of the use of PFS cipher suites may persuade popular SSL sites to forgo the protection PFS offers, which typical users do not notice, to instead improve the web site's performance, which typical users do notice.

Without the support of two major browsers and major websites most internet users are missing out on the security benefits of perfect forward secrecy. Without the protection of PFS, if an organisation were ever compelled — legally or otherwise — to turn over RSA private keys, all past communication over SSL is at risk. Perfect forward secrecy is no panacea, however; whilst it makes wholesale decryption of past SSL connections difficult, it does not protect against targeted attack on individual sessions. Whether or not PFS is used, SSL remains an important tool for web sites to use to secure data transmission across the internet to protect against (perhaps all but the most well-equipped) eavesdroppers.

It should be noted that the US Government, along with many others governments, can issue any SSL certificate of its choosing — albeit at the risk of breaking the rules of the programme and at the risk of detection by alert users and by Google (for certain SSL sites). The scale at which an active attack is practical and unlikely to be detected, however, would be significantly smaller than that of a passive eavesdropper exploiting the lack of PFS.

More detail on PFS negotiation

The cipher suite selected for the SSL connection depends on an agreement between the browser and the SSL site. Both browsers and SSL sites can each have independent preference lists for SSL cipher suites. During the handshake the browser sends a ClientHello message which contains an ordered list of all supported cipher suites in preference order. The SSL site can either select the first cipher on that list which it also supports or it can use override the clients preference list with its own. As illustrated in the above diagram, either Cipher A (if the browser's preference order is respected) or Cipher C (if the website's preference order is respected) is used for the connection depending on the settings of the SSL site.

Illustration of cipher suite selection algorithms.

Diffie-Hellman key exchange (DH) and variants of it are used to negotiate a per-session shared secret key between two parties without ever transmitting the key itself. The per-session key can be discarded after the session has terminated (and after a suitable time period for renegotiation) leading to the ephemeral property which PFS relies upon. The security of Diffie-Hellman relies on the difficulty of the discrete logarithm problem to exchange DH public keys whilst making it difficult for an eavesdropper to determine the resulting shared secret. SSL cipher suites support both conventional ephemeral Diffie-Hellman key exchange (often referred to as EDH or DHE) and ephemeral elliptic curve Diffie-Hellman (ECDHE) which uses a similar scheme but relies on the difficulty of the elliptic curve Discrete Logarithm problem. Elliptic curve-based DHE key exchange despite being faster is supported by fewer SSL sites than conventional DHE.

April 2014 Web Server Survey

In the April 2014 survey we received responses from 958,919,789 sites — 39 million more than last month.

Microsoft made the largest gain this month, with nearly 31 million additional sites boosting its market share by 1.9 percentage points. IIS is now used by a third of the world's websites. Although this is not Microsoft's largest ever market share (it reached 37% in October 2007), this is the closest it has ever been to Apache's leading market share, leaving Apache only 4.7 points ahead. Although Apache gained 6.9 million sites, this was not enough to prevent its market share falling by 0.87 to 37.7%. nginx, which gained 3.1 million sites, also lost some of its market share.

More than 70% of this month's new IIS-powered websites are hosted in the US, followed by 22% in China. Nearly 20 million of the new IIS sites in the US are hosted by a single company, Nobis Technology Group, which was also responsible for much of Microsoft's growth in February. A smaller amount of Microsoft IIS growth was also seen on the Windows Azure platform (which will be renamed to Microsoft Azure on April 3), where the total number of active sites has grown by 25% since February, when we compared the platform against Amazon AWS. 84% of all active sites hosted on the Azure platform are running Microsoft web server software.

Many of the new IIS sites hosted by Nobis Technology Group feature similar content and form part of a Chinese link farm. Link farming is often an attempt to influence search engine results, and each individual site within a link farm is typically of little interest to a human. Netcraft's active sites metric therefore provides a better idea of how many websites are actively managed rather than being automatically generated en mass, such as link farm content and domain holding pages. Of the 114 million sites hosted by Nobis, only a fifth are counted as active sites.

In terms of active sites, Apache remains in a much stronger position with a 52% share of the market, compared with Microsoft's 11%. A significantly higher proportion of Apache sites are active: 26% of all Apache sites were deemed to be active, whereas only 6% of Microsoft's were. nginx takes a 14% share of the active sites market, putting it 3 points ahead of Microsoft.

Apache also fares well amongst the million busiest sites, where there is intrinsically very little interference from domain holding pages, link farms and other web spam. Here Apache takes a 53% share of the market, while nginx has 18% and Microsoft has 12%. Although only 3% of the top million sites use Google web server software, Google's dominance amongst the very busiest sites give it a presence on 8 of the top 10 sites.

Both Apache and nginx were affected by security vulnerabilities which were resolved during March, whereas Microsoft IIS has yet to be affected by publicly-known security issues this year.

The latest version of Apache (2.4.9) was released on March 17. The Apache Software Foundation describes this as representing fifteen years of innovation by the project, and this major release of the 2.4 stable branch is recommended over all previous releases. Nevertheless, it is still common for many websites to use the legacy 2.2 branch of releases, or even older versions. Apache 2.4.9 is primarily a security and bug fix release, although it also includes the changes introduced in 2.4.8, which was not actually released. A workaround for a bug in older versions of OpenSSL, which prevented the release of 2.4.8, has been included in 2.4.9.

Although Apache 2.4.8 was not released, the development version (Apache/2.4.8-dev) was found on 675 sites during this survey, which ran in March. Nearly all of these sites were running on FreeBSD servers which belonged to various Apache projects, mostly Apache HTTPD and Apache OpenOffice.

The stable branch of nginx was updated twice during March. Two bugs were resolved in nginx 1.4.6, which was released on March 4. nginx 1.4.7 was then released on March 18, addressing another bug and a heap buffer overflow vulnerability. This security vulnerability affected nginx's SPDY module, where a specially crafted request could allow a remote attacker to execute arbitrary code on a vulnerable web server. nginx is notable for its SPDY support, which is used extensively by CloudFlare and also by Automattic, which hosts millions of WordPress blogs and co-sponsored the development of the ngx_http_spdy_module. The same SPDY vulnerability also affected the mainline branch of nginx, which was resolved with the release of nginx 1.5.12.

Many of the new generic top level domains (gTLDs) are starting to appear in Netcraft's Web Server Survey in significant numbers. For example, the previous survey saw only one website using the .guru gTLD, whereas this month's survey (which ran during March) found 36 thousand. Other gTLDs which have shown significant growth since last month's survey include .photography, .today, .tips, .technology, .directory, .land, .gallery, .estate and .singles.

Amongst established TLDs, the number of sites using the .ga country code top level domain grew by 140% this month. The My GA website allows .ga domains to be registered for free from between 1 and 12 months, which has no doubt helped towards their goal of increasing the awareness of Gabon across the globe. The .ga ccTLD is administered by the Agence Nationale des Infrastructures Numériques et des Fréquences (ANINF) in Libreville, Gabon, while the registration process is provided by Freenom, who also provide free domain registrations for the more popular .tk ccTLD. Registered Freenom users are allowed an unlimited number of domain name renewals on both the .ga and .tk d domains, while paying customers can choose to register domains for as long as 10 years in one go and can automatically renew the registration.

Free and easily-registerable domain names are obviously attractive to fraudsters: During February, Netcraft blocked nearly 1,500 unique phishing sites hosted on .ga domains alone, and this figure jumped to more than 2,400 in March. The vast majority of these phishing attacks targeted Chinese companies, particularly the Taobao marketplace and the Alipay online payment escrow service.





DeveloperMarch 2014PercentApril 2014PercentChange
Apache354,956,66038.60%361,853,00337.74%-0.87
Microsoft286,014,56631.10%316,843,69533.04%1.94
nginx143,095,18115.56%146,204,06715.25%-0.31
Google20,960,4222.28%20,983,3102.19%-0.09
Continue reading

Chrome users oblivious to Heartbleed revocation tsunami

In the aftermath of Heartbleed, it has become clear that revoking potentially compromised certificates is essential. On Thursday, CloudFlare announced it was reissuing and revoking all of its SSL certificates. The effects of CloudFlare's mass revocation are evident in a single Certificate Revocation List (CRL) belonging to GlobalSign, which grew by almost 134,000 certificates.

The vast number of CloudFlare certificates is due, in part, to the way in which it serves content over SSL. In order to work around the lack of support for Server Name Indication (SNI) in some older operating systems and mobile devices CloudFlare uses GlobalSign's Cloud SSL product. CloudFlare's SSL certificates make use of the Subject Alternative Name (SAN) extension, which allows an edge node to use a single certificate for multiple domains. When a new CloudFlare customer enables SSL, CloudFlare reissues an existing certificate with the new customer's domain added to the existing list of other customers' domains.

The number of certificates revoked per hour since 7th April. GlobalSign's OV CRL at http://crl.globalsign.com/gs/gsorganizationvalg2.crl and other CRLs have been separated.

As a result of CloudFlare's revocations, GlobalSign's CRL at http://crl.globalsign.com/gs/gsorganizationvalg2.crl has ballooned in size and now weighs in at 4.5MB. The CRL is hosted at CloudFlare itself but has nonetheless experienced some performance problems. However, the CRL's performance problems will not have had a significant effect on internet users, as most major browsers use OCSP in preference to CRLs and GlobalSign's OCSP responder did not have any performance problems.

Time to connect to http://crl.globalsign.com/gs/gsorganizationvalg2.crl from Pennsylvania

Time to connect to http://ocsp2.globalsign.com/gsorganizationvalg2 from Pennsylvania

However, most Google Chrome users are left in the dark, as Chrome performs neither type of check for non-EV certificates by default. Instead of conventional revocation checks, Google Chrome relies on an aggregated list of revocations, dubbed CRLSets, which are compiled by Google. The revocations from GlobalSign's CRL have not yet appeared in Google's CRLSets and hence Chrome users will not be warned if presented with a potentially compromised, but revoked, CloudFlare certificate.

The CRLSets deliberately do not cover all CRLs in an attempt to reduce the total size of the aggregated list. In effect, Google has traded the completeness of their revocation checking for a speed advantage over rival browsers as downloading CRLs or making OCSP requests imposes a performance penalty.

Google Chrome setting to enable revocation checking.

However, it is possible to configure Google Chrome to check for revocation. There is a checkbox in the Advanced settings menu to "Check for server certificate revocation".

February 2014 Web Server Survey

In the February 2014 survey we received responses from 920,102,079 sites — over 58 million more than last month.

Microsoft gained a staggering 48 million sites this month, increasing its total by 19% — most of this growth is attributable to new sites hosted by Nobis Technology Group. Along with Microsoft, nginx also made a large gain of 14 million sites, whereas Apache fell by 7 million. Unsurprisingly, these changes have had a dramatic effect on the overall market share of each web server vendor, with Microsoft's share growing by 3.38 percentage points to 32.8% (302 million sites) while Apache's has fallen by 3.41 to 38.2% (352 million sites).

Microsoft's market share is now only 5.4 percentage points lower than Apache's, which is the closest it has ever been. If recent trends continue, Microsoft could overtake Apache within the next few months, ending Apache's 17+ year reign as the most common web server. Apache is faring much better in both the active sites and top million sites datasets, however, where it is still dominating with just over half of the market share in both metrics.

Nearly 2% of the top million websites are now being served by CloudFlare's customised version of nginx (cloudflare-nginx), which it uses to serve web content via its globally distributed CDN edge nodes. This month's survey saw more than a thousand of the top million sites migrate to cloudflare-nginx from other web server software, including pizzahut.co.uk, pet-supermarket.co.uk, the image server used by the popular Cheezburger network of blogs, and the official PRINCE2 website which switched from Microsoft IIS 6.0 running on Windows Server 2003.

Overall, nginx powers 17.5% of the top million sites, including popular overclocking forum www.overclock.net, despite its server headers declaring that it is now using Microsoft IIS 4.1. Responses from the server also include an X-Powered-By header which claims the application is running on Visual Basic 2.0 on Rails (Visual Basic 2.0 is a long-deprecated language which was released more than 20 years ago, while Microsoft IIS 4.1 never actually existed). The server claimed to be running nginx during Netcraft's previous survey, and indeed, it exhibits characteristics which suggest it is still using nginx.

The number of sites using the .pw country-code top-level domain (ccTLD) grew by more than half this month, reaching 10M sites in total. This ccTLD is assigned to Palau, but the .pw registry has branded the domain as the Professional Web and allows domains to be registered by the general public, regardless of which country they are in. 97% of this month's new .pw sites are hosted in the US (87% at Nobis Technology Group alone), and 2.7 million of them are running on Windows.

The busiest .pw domain is the single-letter u.pw, which is used by viral social media site Upworthy. Other than that, the ccTLD remains relatively obscure, with less than 0.02% of the top million sites using .pw domains, while other single-letter domains have been sold for the modest sums of $8,000 each. Only two single-letter .pw domains actually appear within the top million sites, and there are no two-letter domains at all. Last year, Symantec noted an increase in spam messages containing URLs with .pw TLDs, and .pw later became the first TLD to adopt the Uniform Rapid Suspension (URS) rights protection mechanism.

Version 1.0 of the URS Technical Requirements were published by ICANN in October 2013, and are intended to make it faster and cheaper for trademark holders to seek resolution when there are obvious cases of infringement. URS is intended to complement rather than replace the existing Uniform Domain-Name Dispute-Resolution Policy (UDRP).





DeveloperJanuary 2014PercentFebruary 2014PercentChange
Apache358,669,01241.64%351,700,57238.22%-3.41
Microsoft253,438,49329.42%301,781,99732.80%3.38
nginx124,052,99614.40%138,056,44415.00%0.60
Google21,280,6392.47%21,129,5092.30%-0.17
Continue reading