SSL Pulse scans also revealed that over 13 percent of the 200,000 HTTPS-enabled websites support the insecure renegotiation of SSL connections. This can lead to man-in-the-middle attacks that compromise SSL-protected communications between users and the vulnerable servers.
"For your average Web site -- which will not have anything of substantial value -- the risk is probably very small," Ristic said. "However, for sites that either have a very large number of users that can be exploited in some way, or high-value sites (e.g., financial institutions), the risks are potentially very big."
Fixing the insecure renegotiation vulnerability is fairly easy and only requires applying a patch, Ristic said.
TIM plans to perform new SSL Pulse scans and to update the statistics on a monthly basis in order to track what progress websites are making with their SSL implementations.
This is part of a larger TIM project that will focus on SSL implementation and governance issues. The organization also announced the creation of an SSL Internet Taskforce on Thursday, to develop and propose solutions for known problems in these key areas.
The taskforce members include Michael Barrett, chief information security officer at PayPal; Taher Elgamal, one of the creators of the SSL protocol; Adam Langley, a Google software engineer responsible for SSL in Chrome and on the company's front-end servers; Moxie Marlinspike, the creator of the Convergence project, which offers an alternative method for SSL certificate validation; Ivan Ristic, the creator of the Qualys SSL Labs and Ryan Hurst, chief technology officer at certificate authority GlobalSign.