Ivan Ristic from Qualys has a new study out which presents his results from an exhaustive survey of SSL servers. Some of the results are pretty interesting for those of us that create embedded ssl libraries. These points really caught our attention:
1. Too many SSL implementations still support insecure SSLv2.
2. Very few SSL implementations support TLS 1.1 and 1.2.
3. There is still wide support for weak ciphers.
As CyaSSL users know, CyaSSL does not support SSLv2 because it is insecure. Also, as a technology leader, CyaSSL has put TLS 1.1 in production for over three years and has had TLS 1.2 available for a year.
Ivan’s blog post: http://blog.ivanristic.com/2010/07/internet-ssl-survey-2010-is-here.html
Ivan’s BlackHat presentation: http://blog.ivanristic.com/Qualys_SSL_Labs-State_of_SSL_2010-v1.6.pdf