[16487] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: SSL/TLS passive sniffing

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Dec 1 11:30:12 2004

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, lloyd@randombit.net
In-Reply-To: <20041130192236.GD26086@randombit.net>
Date: Wed, 01 Dec 2004 20:09:24 +1300

Jack Lloyd <lloyd@randombit.net> writes"

>Looking at my logs, about 95% of all STARTTLS connections are DHE-RSA-AES256-
>SHA; I'm guessing this is because most STARTTLS-enabled SMTP servers (ie
>Postfix, Sendmail, Qmail) use OpenSSL, and recent versions of OpenSSL have
>DHE-RSA-AES256-SHA as the top preference cipher by default.

I was just about to point that out myself.  I'd expect for more usual TLS
usage (web browser/server) it'd be 99+% RSA-*.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16487] in cryptography@c2.net mail archive

Re: SSL/TLS passive sniffing

daemon@ATHENA.MIT.EDU (Peter Gutmann)Wed Dec 1 11:30:12 2004

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Dec 1 11:30:12 2004