Paper 2017/020

concerto: A Methodology Towards Reproducible Analyses of TLS Datasets

Olivier Levillain, Maxence Tury, and Nicolas Vivet


Over the years, SSL/TLS has become an essential part of Internet security. As such, it should offer robust and state-of-the-art security, in particular for HTTPS, its first application. Theoretically, the protocol allows for a trade-off between secure algorithms and decent performance. Yet in practice, servers do not always support the latest version of the protocol, nor do they all enforce strong cryptographic algorithms. To assess the quality of HTTPS and other TLS deployment at large, several studies have been led to grasp the state of the ecosystem, and to characterize the quality of certificate chains in particular. In this paper, we propose to analyse some of the existing data concerning TLS measures on the Internet. We studied several datasets, from the first public ones in 2010 to more recent scans. Even if the collection methodology and the used tools vary between campaigns, we propose a unified and reproducible way to analyse the TLS ecosystem through different datasets. Our approach is based on a set of open-source tools, concerto. Our contribution is therefore threefold: an analysis of existing datasets to propose a unified methodology, the implementation of our approach with concerto, and the presentation of some results to validate our toolsets.

Note: This paper was accepted at RealWorldCrypto 2017, a conference without proceedings, and was presented on January 6th.

Available format(s)
Publication info
Preprint. MINOR revision.
SSLTLSreproducible analysis
Contact author(s)
olivier levillain @ ssi gouv fr
2017-01-11: received
Short URL
Creative Commons Attribution


      author = {Olivier Levillain and Maxence Tury and Nicolas Vivet},
      title = {concerto: A Methodology Towards Reproducible Analyses of TLS Datasets},
      howpublished = {Cryptology ePrint Archive, Paper 2017/020},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.