On Sat, Dec 14, 2013 at 4:47 PM, Kosuke Kaizuka <cai.0...@gmail.com> wrote:
> > little supported, never negotiated cipher > > One of the largest websites which support Camellia is Yahoo!. > Firefox 26 or lower use TLS_RSA_WITH_CAMELLIA_256_CBC_SHA with Yahoo!. > In Firefox 27 or later, Yahoo! will choose TLS_RSA_WITH_AES_128_CBC_SHA instead, because of the cipher suite order change in Firefox 27. In case people are curious how the cipher suite order has changed servers' selection of cipher suites between Firefox 26 beta and Firefox 27 beta, here is a table: Fx26 Fx27 Change Cipher Suite 0.00% 14.15% +14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (new) 0.00% 8.30% +8.30% TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (new) 0.74% 0.27% -0.47% TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0.00% 0.00% - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 1.97% 0.49% -1.48% TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0.00% 0.00% - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0.00% 0.00% - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 10.22% 0.48% -9.74% TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 6.75% 0.11% -6.64% TLS_ECDHE_RSA_WITH_RC4_128_SHA 0.89% 5.64% +4.75% TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0.00% 0.00% - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 2.66% 0.58% -2.08% TLS_DHE_RSA_WITH_AES_256_CBC_SHA 2.38% 0.03% -2.35% TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0.00% 0.01% +0.01% TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0.00% 0.00% - TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0.00% 0.00% - TLS_DHE_DSS_WITH_AES_256_CBC_SHA 3.77% 26.26% +22.50% TLS_RSA_WITH_AES_128_CBC_SHA 0.00% 0.00% - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 21.40% 0.90% -20.50% TLS_RSA_WITH_AES_256_CBC_SHA 3.18% 0.00% -3.18% TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0.00% 0.00% - TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (removed) 0.04% 0.18% +0.13% TLS_RSA_WITH_3DES_EDE_CBC_SHA 0.00% 0.00% - TLS_RSA_WITH_SEED_CBC_SHA (removed) 41.17% 37.57% -3.60% TLS_RSA_WITH_RC4_128_SHA 4.83% 5.03% +0.21% TLS_RSA_WITH_RC4_128_MD5 Interestingly: * AES-128 has largely replaced AES-256 because AES-128 was moved ahead of AES-256. * AES-GCM has largely replaced RC4 amongst sites doing ECDHE key exchange. * Camellia usage dropped from >5% to close to 0% because AES cipher suites were moved ahead of their corresponding Camellia cipher suites. * Virtually no site was using SEED. * There was a ~4% increase in ephemeral key exchange usage, almost all of which was due to increased adoption of ECDHE. Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto