What a Difference a Year Makes: Long Term Evaluation of TLS Cipher Suite Compatibility.

The Transport Layer Security (TLS) protocol is still the defacto standard for secure network connections over an insecure medium like the Internet. But its flexibility concerning the algorithms used for securing a channel between two parties can also be a weakness, due to the possible agreement on insecure ciphers. State of the art cipher suites are not supported by all websites. We relate on an existing white paper (Applied Crypto Hardening) giving recommendations on how to securely configure SSL/TLS connections with regard to the practical feasibility of these recommendations. In addition, we propose an additional configuration set with the aim of increasing compatibility as well as security. We also developed a small Cipher Negotiation Crawler (CiNeg) to test TLS-handshakes using given cipher configurations with Alexa's top websites and show its practical usability. In this work we examine the trend regarding supported cipher suites on webservers over time. To analyze this, we performed the scans twice with a one year gap. We compared the outcome of the two scans to see if we can determine a trend to better security as time goes by. And indeed, we found explicit enhancements in our reevaluations.