On Feb 13, 2013, at 3:22 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Bodo Moeller <bmoel...@acm.org> writes: >> On Wed, Feb 13, 2013 at 12:52 PM, Peter Gutmann >> <pgut...@cs.auckland.ac.nz>wrote: >> >>> active use of ECC suites on the public Internet is practically nonexistent >> >> That's not entirely accurate; try www.google.com. > > It was based on the last (SSL Observatory?) scans at the time which found > about five or six servers worldwide, presumably the test servers being run by > Certicom, Red Hat, Microsoft, etc. If Google supports ECC now that'd be good, > one more site to test against. We see quite a bit of ECDHE traffic at the sites that feed our notary. At the moment, the top-3 cipher suites we see (by connection count) are TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA. We also see TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (7th most popular). If http://www.imperialviolet.org/2012/03/02/ieecdhe.html is still correct, RC4+ECDHE is chosen by Chrome and Firefox. AES+ECDHE is Safari and Internet Explorer. The first non-AES/RC4 cipher suite is TLS_RSA_WITH_3DES_EDE_CBC_SHA (9th most popular) followed by TLS_RSA_WITH_CAMELLIA_256_CBC_SHA. Bernhard _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography