Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. F5, Inc.
  6. News
  7. Summary
    FFIV   US3156161024

F5, INC.

SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

F5 : Key Takeaways from F5 Labs' 2021 TLS Telemetry Report

10/20/2021 | 08:11am EST

The state of encryption on the web is a case of taking two steps forward and one step back. Compared with our last report from early 2020, the 2021 TLS Telemetry Report shows that web encryption has improved in several respects. Adoption of Transportation Layer Security (TLS) 1.3 has grown, which has simplified the huge variety of previously available cipher suites and put to bed some that were inarguably past their prime.

At the same time, because of the flexible nature of HTTPS and cipher suite negotiation, stagnation or regression in many areas is undoing some of the progress. SSL 3 (the predecessor to TLS) just won't die, half of all web servers allow the use of insecure RSA key exchanges, certificate revocation is problematic at best, and old, rarely updated servers are visible everywhere.

Of course, the potential use or abuse of web encryption for malicious purposes persists. Attackers have learned how to use TLS to their advantage in phishing campaigns, governments worldwide seek to subvert encryption to their benefit, and fingerprinting techniques raise questions about the prevalence of malware servers in the top 1M sites on the web.

Read on for detailed stats on what's good, what's troubling, and what's bad in the world of TLS encryption.

The Good

The faster, more secure TLS 1.3 is gaining ground, certificate lifespans are dropping, and the use of advanced encryption and hashing algorithms is rising.

  • For the first time, TLS 1.3 was the encryption protocol of choice on the majority of webservers on the Tranco 1M list. Nearly 63% of servers now prefer TLS 1.3, as do over 95% of all browsers in active use.
  • Canada and the United States are significantly ahead of the pack, with Canadian servers preferring TLS 1.3 nearly 80% of the time, and the U.S. just over 75%.
  • More than three-quarters of every TLS connection across the top 1M sites make use of AES (with a 256-bit key) and the SHA-2 hashing algorithm (with a 384-bit output size).
  • TLS 1.3 removes the risk of using the less-secure RSA key exchange, since it permits only ECDHE key agreements. ECC certificates using the elliptic-curve digital signature algorithm (ECDSA) have been increasing as a result. Just over 24% of top sites use 256-bit ECDSA certificates, while around 1% use 384-bit ECDSA certs.
  • The maximum lifespan of newly issued certificates dropped significantly in September 2020, from three years to just 398 days. There's a growing movement toward extremely short-term certificates too as the single most common lifespan was 90 days, accounting for 38% of all certificates.

The Not So Good

Too many sites continue to support older cryptographic protocols and RSA certificates.

  • DNS CAA records grew in prevalence from 2019 (1.8% of sites) to 2021 (3.5%). This shows a positive and steady increase but also demonstrates how few sites still use them.
  • The top 100 sites were more likely to still support SSL 3, TLS 1.0, and TLS 1.1 than servers with much less traffic.
  • 2% of sites still have SSL 3 enabled, which represents some progress towards its removal from the web but not enough in our book.
  • 52% of servers still allow the use of insecure RSA key exchanges, if that is all the client supports.
  • Of the 1M sites we scanned, 0.3% used RSA certificates with 1024-bit keys, which haven't been available from trustworthy CAs since 2013.
  • 70% of sites using 1024-bit certs are running Apache, and 22% are running Apache 2.0. Since Apache 2.0 was released in 2002 and last patched in 2013, this strongly suggests that many web servers are configured once and are touched again only when it is time to renew the cert.
  • Certificate revocation methods are almost entirely broken, driving a growing desire across the CA and browser industry to move toward extremely short-term certificates.

The Just Plain Bad

Phishing is running rampant, and it won't be going away anytime soon.

  • The number of phishing sites using HTTPS with valid certificates to appear more legitimate to their victims grew from 70% in 2019 to nearly 83%. Roughly 80% of malicious sites come from just 3.8% of the hosting providers.
  • In terms of service providers, phishers tended to slightly prefer Fastly, with Unified Layer, Cloudflare, and Namecheap just behind it.
  • Facebook and Microsoft Outlook/Office 365 were the brands most commonly spoofed in phishing attacks. Stolen credentials from these sites have great value, in part because so many other accounts tend to rely on these as identity providers (IdP) or a password reset function.
  • Webmail platforms constituted 10.4% of impersonated web functions, almost as high as Facebook. This means phishing attacks are as common against webmail as they are against Facebook accounts.

The Work Continues

It's clear that we're facing two important realities heading into 2022. One is that the desire to intercept, circumvent, and weaken encryption has never been greater; nation-states and cybercriminals are working to defeat the problems that strong encryption causes them, looking for creative ways to intercept or capture information before or after it's encrypted. The other is that the greatest weaknesses come not from the latest features we struggle to adopt but the old ones we are reluctant to disable. Until both of them are addressed, make it a priority to use supporting protocols, such as DNS CAA and HSTS, to ensure that the minor gaps in the strength of HTTPS can't be exploited.

Click here to view or download the complete 2021 TLS Telemetry Report.

About the Study

The majority of data in this study is from our Cryptonice scans of the most popular sites listed in the Tranco top 1M list, which ranks 1M popular domains. We also look at phishing sites as reported by OpenPhish and supplement our findings with client (browser) data captured by Shape Security to get a clear understanding of the most frequently used browsers and bots. Visit F5 Labs for more detail.


F5 Networks Inc. published this content on 20 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 20 October 2021 12:10:06 UTC.

ę Publicnow 2021
All news about F5, INC.
12/02F5 to Participate in Barclays Global Technology, Media and Telecommunications Conferenc..
12/02F5 : Going Fast Vs. Going Far on Your Cloud Journey
12/01F5 : Bridging the Gap Between Multi-Cloud and Multiple Clouds for the Public Sector
12/01F5 : Marks World AIDS Day 2021
11/30F5 : Employees Are the Superpower Behind Giving Tuesday
11/30Solvay Gets EPA Approval for Actizone F5 Disinfectant
11/29F5 : How to Save Hundreds of Hours a Month on App Deployment Using Multi-Cloud Clusters
11/29F5 : Modern Security for Modern Environments
11/29F5 : The Future of 5G
11/26Office Properties Income Trust Likely to Pay Lower-Than-Expected Incentive Management F..
More news
Analyst Recommendations on F5, INC.
More recommendations
Financials (USD)
Sales 2022 2 817 M - -
Net income 2022 464 M - -
Net cash 2022 1 374 M - -
P/E ratio 2022 30,3x
Yield 2022 -
Capitalization 13 696 M 13 696 M -
EV / Sales 2022 4,37x
EV / Sales 2023 3,93x
Nbr of Employees 6 429
Free-Float 99,6%
Chart F5, INC.
Duration : Period :
F5, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends F5, INC.
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus OUTPERFORM
Number of Analysts 17
Last Close Price 223,68 $
Average target price 236,53 $
Spread / Average Target 5,75%
EPS Revisions
Managers and Directors
Franšois Locoh-Donou President, Chief Executive Officer & Director
Francis J. Pelzer Chief Financial Officer & Executive Vice President
Alan J. Higginson Non-Executive Chairman
Geng Lin Chief Technology Officer & Executive VP
Gail Coury Chief Information Security Officer & Senior VP
Sector and Competitors
1st jan.Capi. (M$)
F5, INC.29.29%13 696
ACCENTURE PLC37.87%228 288
SNOWFLAKE INC.10.52%103 844