[cryptography] Q: CBC in SSH
Bernhard Amann
bernhard at ICSI.Berkeley.EDU
Wed Feb 13 17:47:05 PST 2013
On Feb 13, 2013, at 3:22 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Bodo Moeller <bmoeller at acm.org> writes:
>> On Wed, Feb 13, 2013 at 12:52 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
>>
>>> active use of ECC suites on the public Internet is practically nonexistent
>>
>> That's not entirely accurate; try www.google.com.
>
> It was based on the last (SSL Observatory?) scans at the time which found
> about five or six servers worldwide, presumably the test servers being run by
> Certicom, Red Hat, Microsoft, etc. If Google supports ECC now that'd be good,
> one more site to test against.
We see quite a bit of ECDHE traffic at the sites that feed our notary. At the moment,
the top-3 cipher suites we see (by connection count) are TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA.
We also see TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (7th most popular).
If http://www.imperialviolet.org/2012/03/02/ieecdhe.html is still correct, RC4+ECDHE
is chosen by Chrome and Firefox. AES+ECDHE is Safari and Internet Explorer.
The first non-AES/RC4 cipher suite is TLS_RSA_WITH_3DES_EDE_CBC_SHA
(9th most popular) followed by TLS_RSA_WITH_CAMELLIA_256_CBC_SHA.
Bernhard
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list