[cryptography] Q: CBC in SSH

Bernhard Amann bernhard at ICSI.Berkeley.EDU
Wed Feb 13 17:47:05 PST 2013

On Feb 13, 2013, at 3:22 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Bodo Moeller <bmoeller at acm.org> writes:
>> On Wed, Feb 13, 2013 at 12:52 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
>>> active use of ECC suites on the public Internet is practically nonexistent
>> That's not entirely accurate; try www.google.com.
> It was based on the last (SSL Observatory?) scans at the time which found
> about five or six servers worldwide, presumably the test servers being run by
> Certicom, Red Hat, Microsoft, etc.  If Google supports ECC now that'd be good,
> one more site to test against.

We see quite a bit of ECDHE traffic at the sites that feed our notary. At the moment,
the top-3 cipher suites we see (by connection count) are TLS_RSA_WITH_RC4_128_SHA, 

We also see TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (7th most popular).
If http://www.imperialviolet.org/2012/03/02/ieecdhe.html is still correct, RC4+ECDHE
is chosen by Chrome and Firefox. AES+ECDHE is Safari and Internet Explorer. 

The first non-AES/RC4 cipher suite is TLS_RSA_WITH_3DES_EDE_CBC_SHA 
(9th most popular) followed by TLS_RSA_WITH_CAMELLIA_256_CBC_SHA.

cryptography mailing list
cryptography at randombit.net

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list