SSL/TLS passive sniffing
Jack Lloyd
lloyd at randombit.net
Tue Nov 30 16:41:40 EST 2004
On Tue, Nov 30, 2004 at 03:32:35PM -0500, Ian Grigg wrote:
> > On Tue, Nov 30, 2004 at 01:39:42PM -0500, Victor Duchovni wrote:
> >> 8221 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> >> 6529 (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
> ...
>
> (which I calculated as 98% DHE-xxx)
>
> > "Jack Lloyd" wrote:
> > Looking at my logs, about 95% of all STARTTLS connections are
> > DHE-RSA-AES256-SHA;...
>
>
> Great stats, guys! Can either/both comment on what proportion
> of connections you are seeing that use STARTTLS as opposed to
> not using STARTTLS?
>
> iang
Based on unique hosts, about 5% used TLS for at least one connection (I didn't
do a full comparison, but eyballing it, it looked like if they used TLS at all,
they always used it). Based on connections made to the mail server, it's about
2.5%. Meaning that hosts that don't use STARTTLS send more mail (at least to
the system in question). I suspect that is accounted for by mailing list hosts
and spambots.
Source here was the logs for this month from a host with ~130 users. Since
Victor stated that his counts were just for today, he obviously has a much
larger sample set than I do, so I would be curious how his results compare.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list