SSL/TLS passive sniffing
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Dec 1 02:09:24 EST 2004
Jack Lloyd <lloyd at randombit.net> writes"
>Looking at my logs, about 95% of all STARTTLS connections are DHE-RSA-AES256-
>SHA; I'm guessing this is because most STARTTLS-enabled SMTP servers (ie
>Postfix, Sendmail, Qmail) use OpenSSL, and recent versions of OpenSSL have
>DHE-RSA-AES256-SHA as the top preference cipher by default.
I was just about to point that out myself. I'd expect for more usual TLS
usage (web browser/server) it'd be 99+% RSA-*.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list