On Tue, Nov 30, 2004 at 01:39:42PM -0500, Victor Duchovni wrote: > The third mode is quite common for STARTTLS with SMTP if I am not > mistaken. A one day sample of inbound TLS email has the following cipher > frequencies: > > 8221 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) > 6529 (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) > 186 (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)) > 117 (using TLSv1 with cipher RC4-SHA (128/128 bits)) > 59 (using SSLv3 with cipher RC4-SHA (128/128 bits)) > 40 (using SSLv3 with cipher DES-CBC3-SHA (168/168 bits)) > 28 (using TLSv1 with cipher RC4-MD5 (128/128 bits)) > 16 (using SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) > 14 (using TLSv1 with cipher DES-CBC3-SHA (168/168 bits)) > 1 (using SSLv3 with cipher RC4-MD5 (128/128 bits)) > 1 (using SSLv2 with cipher DES-CBC3-MD5 (168/168 bits))

Looking at my logs, about 95% of all STARTTLS connections are DHE-RSA-AES256-SHA; I'm guessing this is because most STARTTLS-enabled SMTP servers (ie Postfix, Sendmail, Qmail) use OpenSSL, and recent versions of OpenSSL have DHE-RSA-AES256-SHA as the top preference cipher by default. I suspect you'd see about the same results for any other SSL service that's not HTTP. I'm surprised to see that SSLv2 connection at the bottom... considering that STARTTLS didn't exist until, well, TLS, I wonder what logic went into supporting only SSLv2. > it is my perhaps misguided impression that the both the EDH and the DHE > cipher-suites provide PFS. Is there in fact a difference between EDH > and DHE? OpenSSL just calls them differently depending on the ciphers in use (an artifact of the specifications, I think). -Jack --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]