SSL/TLS passive sniffing

Jack Lloyd lloyd at
Tue Nov 30 14:22:36 EST 2004

On Tue, Nov 30, 2004 at 01:39:42PM -0500, Victor Duchovni wrote:

> The third mode is quite common for STARTTLS with SMTP if I am not
> mistaken. A one day sample of inbound TLS email has the following cipher
> frequencies:
> 8221    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> 6529    (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
>  186    (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits))
>  117    (using TLSv1 with cipher RC4-SHA (128/128 bits))
>   59    (using SSLv3 with cipher RC4-SHA (128/128 bits))
>   40    (using SSLv3 with cipher DES-CBC3-SHA (168/168 bits))
>   28    (using TLSv1 with cipher RC4-MD5 (128/128 bits))
>   16    (using SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
>   14    (using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
>    1    (using SSLv3 with cipher RC4-MD5 (128/128 bits))
>    1    (using SSLv2 with cipher DES-CBC3-MD5 (168/168 bits))

Looking at my logs, about 95% of all STARTTLS connections are
DHE-RSA-AES256-SHA; I'm guessing this is because most STARTTLS-enabled SMTP
servers (ie Postfix, Sendmail, Qmail) use OpenSSL, and recent versions of
OpenSSL have DHE-RSA-AES256-SHA as the top preference cipher by default.

I suspect you'd see about the same results for any other SSL service that's not
HTTP. I'm surprised to see that SSLv2 connection at the bottom... considering
that STARTTLS didn't exist until, well, TLS, I wonder what logic went into
supporting only SSLv2.

> it is my perhaps misguided impression that the both the EDH and the DHE
> cipher-suites provide PFS. Is there in fact a difference between EDH
> and DHE?

OpenSSL just calls them differently depending on the ciphers in use (an
artifact of the specifications, I think).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list