The paper presents a longitudinal study of secure sockets layer/transport layer security (SSL/TLS) deployment. The datasets span periods from early 2012 and mid-2015 until now, and contain the TLS parameters used for negotiations as well as those actually negotiated for connections. The negotiation parameters allow for fingerprinting and identifying most client and server TLS software versions. The parameters actually negotiated indicate the relative relevance of the use cases.
The presented graphs show the different versions of TLS and the various ciphers offered and negotiated, both as percentages of all connections to show overall relevance and as percentages of actual use to show the support for TLS solutions. The effects of security research and vulnerability reporting on TLS are investigated. To that end, the graphs include time markers linked to major vulnerabilities, including BEAST (2011), Lucky 13 (2012), Heartbleed (2013), POODLE (2014), FREAK (2015), Logjam (2015), and multiple RCA attacks. Each attack is linked to the vulnerable parts of TLS.
The authors further discuss newer TLS security features. The availability of forward secrecy, elliptic curves, and TLS 1.3 allows for stronger security, providing motivation to move forward. It is clear that support for changes in TLS security features dictates the earliest possible adoption.
The authors also identify the continued use of NULL cipher suites (even NULL_WITH_NULL_NULL) and anonymous ciphers, a bad surprise. They even note server software ignoring standard handshake principles.
The earliest measurements indicate poor security practices: they show a very slow adoption of new solutions despite found vulnerabilities. At the time of writing, TLS 1.3 is catching on, though not yet out of draft mode. The impact of published TLS vulnerabilities on the speed of change depends on the root cause of the vulnerability, but is also linked to the media attention received.
The mere presence of weak versions and ciphers is a risk--a difficult lesson to learn despite the evidence (for example, DROWN). The frequency of vulnerable TLS parameter usage shows a long tail even if vulnerabilities are published and more secure versions become available. The paper lists some possible explanations for the slow changes observed; however, TLS is a foundational security feature, so the facts as shown here are cause for some serious concern.