Many of the world’s top websites still support older, deprecated security protocols

Tajammul Pangarkar
Tajammul Pangarkar

Updated · Oct 22, 2021

SHARE: is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.
Advertiser Disclosure

At Scoop, we strive to bring you the most accurate and up-to-date information by utilizing a variety of resources, including paid and free sources, primary research, and phone interviews. Our data is available to the public free of charge, and we encourage you to use it to inform your personal or business decisions. If you choose to republish our data on your own website, we simply ask that you provide a proper citation or link back to the respective page on Scoop. We appreciate your support and look forward to continuing to provide valuable insights for our audience.

The top 100 websites routinely fail to follow Transport Layer Security (TLS) best practices and still support older, deprecated protocols, suggests a new report.

Compiled by cybersecurity firm F5 Labs, the 2021 TLS Telemetry Report analyzes how successful the busiest websites on the internet are at implementing best practices around HTTPS and TLS using data from scans of the web’s most popular websites.

“As old protocols prove to be insecure and new standards emerge, it has never been more important to keep HTTPS configurations up to date…As this report shows, the issue is not so much the lack of adopting new ciphers and security features but the rate at which old and vulnerable protocols are removed,” reads the report.

TechRadar needs you!

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

>> Click here to start the survey in a new window <<

Commenting on the importance of this information, F5 says that websites that routinely fail to follow TLS best practices are also usually the ones that run old and like vulnerable web servers.

Two steps forward…

David Warburton, Principal Threat Research Evangelist (EMEA) at F5 Networks writes that the report shows that while web encryption has improved in several respects, as compared to last year, stagnation or even regression in many other areas is negating some of the progress.

The report notices several positives, such as the wide adoption of TLS 1.3, which has finally become the encryption protocol of choice on the majority of web servers in the top one million websites. 

Furthermore, the maximum lifespan of newly issued SSL certificates also registered a significant drop in September 2020, coming down from three years to just 398 days.

…and one step back

On the flip side though, the report revealed that the top 100 sites were more likely to still support the older SSL 3, TLS 1.0, and TLS 1.1 protocols than servers with much less traffic.

More worryingly, it found that 22% of the web servers were running Apache 2.0, which was released in 2002 and last patched in 2013. 

The report also observed that the number of phishing sites that used HTTPS with valid certificates to appear more legitimate grew from 70% in 2019 to nearly 83%.

“It’s clear that we’re facing two important realities heading into 2022. One is that the desire to intercept, circumvent, and weaken encryption has never been greater…The other is that the greatest weaknesses come not from the latest features we struggle to adopt but the old ones we are reluctant to disable,” concludes Warburton.

Source Link Many of the world’s top websites still support older, deprecated security protocols

Tajammul Pangarkar

Tajammul Pangarkar

Tajammul Pangarkar is a CMO at Prudour Pvt Ltd. Tajammul longstanding experience in the fields of mobile technology and industry research is often reflected in his insightful body of work. His interest lies in understanding tech trends, dissecting mobile applications, and raising general awareness of technical know-how. He frequently contributes to numerous industry-specific magazines and forums. When he’s not ruminating about various happenings in the tech world, he can usually be found indulging in his next favorite interest - table tennis.