[Cryptography] [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

Salz, Rich rsalz at akamai.com
Sun May 17 22:52:12 EDT 2015


> Android is more of an issue but it seems like a self-limiting one.

I just looked at our stats; roughly 10% of our incoming SSL/TLS connections do not have an SNI value.  That's a lot of the net to discount.

> From what I can see, Android 2.x doesn't do SNI, Android 4.x and 5.x do.
> There are still 2.x phones, but given the usual upgrade cycle they're likely to
> be retired a lot faster than old Windows boxes.

The upgrade cycle in the developing countries, where we see most old Android, is not the same as it is "here" where here is a deliberately vauge term that probably encompasses everyone who reads this list.

> Also, Android has good IPv6 support and if you have IPv6, SNI is irrelevant.

If your provider supports it.  It's getting better globally, but again, see above.

	/r$



More information about the cryptography mailing list