SSL/TLS passive sniffing

Jack Lloyd lloyd at
Tue Nov 30 16:41:40 EST 2004

On Tue, Nov 30, 2004 at 03:32:35PM -0500, Ian Grigg wrote:
> > On Tue, Nov 30, 2004 at 01:39:42PM -0500, Victor Duchovni wrote:
> >> 8221    (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
> >> 6529    (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
> ...
> (which I calculated as 98% DHE-xxx)
> > "Jack Lloyd" wrote:
> > Looking at my logs, about 95% of all STARTTLS connections are
> > DHE-RSA-AES256-SHA;...
> Great stats, guys!  Can either/both comment on what proportion
> of connections you are seeing that use STARTTLS as opposed to
> not using STARTTLS?
> iang

Based on unique hosts, about 5% used TLS for at least one connection (I didn't
do a full comparison, but eyballing it, it looked like if they used TLS at all,
they always used it). Based on connections made to the mail server, it's about
2.5%. Meaning that hosts that don't use STARTTLS send more mail (at least to
the system in question). I suspect that is accounted for by mailing list hosts
and spambots.

Source here was the logs for this month from a host with ~130 users. Since
Victor stated that his counts were just for today, he obviously has a much
larger sample set than I do, so I would be curious how his results compare.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list