A few weeks back a comment on a programmers group on Facebook left me wondering about how many Icelandic websites really use HTTPS so I did the only logical thing, spent hours and hours finding out.

I wanted to answer 2 questions with this, which I believe I have.

1: What percentage of .is urls are using HTTPS
2: What Cert authorities are they using.

 

Those not interested in the method can skip “The Code” section and go straight to the graphs and data

 

The Code

I started by scraping some lists of .is urls and managed to get about 300 urls which I didn’t think was enough. So I ended up paying 5$ or so for a list with 17398 .is urls. Then I got to writing some software to do something with it.

Like is expected of me I tried doing it in bash and when that failed I turned to python, however I didn’t find good enough python libraries so I ended up also using a little bit of bash. I forgot to note down how long it took to run this but if I recall correctly it was around 17 hours.

I reran the code with a much larger URL set (53K) and published the raw JSON on my github

Those who bothered reading the code might have noticed I called a script there, x.sh

and here we enter some shitty-code™ territory where this bash script calls another one, 2.sh

There is some reason for this, Python didn’t print out good enough info so I decided to use openssl, the way openssl prints out the data it was easiest to just nest it, I think. It has been about 3 weeks since I wrote the software and I of course didn’t write a single comment, maybe I was just being lazy.

 

 

The Graphs

Here we have what I thought was most interesting mixed with some contextual data.
In most cases the data-set for the graphs are pretty large and can be read by expanding the code-viewer beneath it

HTTP Response Codes 

Right off the bat we see we have only 75% of 200 responses, 21% no response and a mixed bag of all sorts of responses

1

 

HTTPS Response Codes
2

 


HTTPS usage on .is urls

3

No SSL 9764
SSL 7634

 

.is HTTPS providers

4

Data in graph:

Data with “Other” expanded

 

Summary:

Not sure what to summarize, the data speaks for itself. It seems that Iceland runs on Let’s Encrypt, just like this blog

Leave a Reply

Your email address will not be published. Required fields are marked *