[Cryptography] [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

Salz, Rich rsalz at akamai.com
Sun May 17 22:52:12 EDT 2015

> Android is more of an issue but it seems like a self-limiting one.

I just looked at our stats; roughly 10% of our incoming SSL/TLS connections do not have an SNI value.  That's a lot of the net to discount.

> From what I can see, Android 2.x doesn't do SNI, Android 4.x and 5.x do.
> There are still 2.x phones, but given the usual upgrade cycle they're likely to
> be retired a lot faster than old Windows boxes.

The upgrade cycle in the developing countries, where we see most old Android, is not the same as it is "here" where here is a deliberately vauge term that probably encompasses everyone who reads this list.

> Also, Android has good IPv6 support and if you have IPv6, SNI is irrelevant.

If your provider supports it.  It's getting better globally, but again, see above.


More information about the cryptography mailing list