Re: [PATCH]: SSL options to disable SSLv2

From: David Hill (no email)
Date: Thu Sep 08 2005 - 17:06:12 EDT

  • Next message: Carlos Arellano: "postmaster mail"

    On Thu, Sep 08, 2005 at 03:52:26PM -0400, Victor Duchovni wrote:
    > On Thu, Sep 08, 2005 at 03:40:54PM -0400, Victor Duchovni wrote:
    >
    > > Here's my data (August 01 2005 - today), still in progress, but the
    > > results for as much of August as has crunched through are:
    > >
    > > 600302 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    > > 413991 (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
    > > 23675 (using TLSv1 with cipher RC4-SHA (128/128 bits))
    > > 13283 (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    > > 5704 (using TLSv1 with cipher AES256-SHA (256/256 bits))
    > > 2261 (using SSLv3 with cipher RC4-MD5 (128/128 bits))
    > > 1328 (using TLSv1 with cipher RC4-MD5 (128/128 bits))
    > > 1231 (using SSLv3 with cipher RC4-SHA (128/128 bits))
    > > 992 (using SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
    > > 922 (using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
    > > 487 (using SSLv3 with cipher DES-CBC3-SHA (168/168 bits))
    > >
    > > Not a single v2 connection, but a good mixture of SSLv3 and TLSv1,
    > > so perhaps instead of making the protocols configurable, we can simply
    > > drop v2 support with Postfix 2.3.
    >
    > The final tally was:
    >
    > 880867 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    > 585966 (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
    > 33714 (using TLSv1 with cipher RC4-SHA (128/128 bits))
    > 19265 (using SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    > 8281 (using TLSv1 with cipher AES256-SHA (256/256 bits))
    > 3290 (using SSLv3 with cipher RC4-MD5 (128/128 bits))
    > 2501 (using TLSv1 with cipher RC4-MD5 (128/128 bits))
    > 1684 (using SSLv3 with cipher RC4-SHA (128/128 bits))
    > 1426 (using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
    > 1317 (using SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
    > 511 (using SSLv3 with cipher DES-CBC3-SHA (168/168 bits))
    >
    > --
    > Viktor.
    >
    > Disclaimer: off-list followups get on-list replies or get ignored.
    > Please do not ignore the "Reply-To" header.
    >
    > To unsubscribe from the postfix-users list, visit
    > http://www.postfix.org/lists.html or click the link below:
    > <mailto:?body=unsubscribe%20postfix-users>
    >
    > If my response solves your problem, the best way to thank me is to not
    > send an "it worked, thanks" follow-up. If you must respond, please put
    > "It worked, thanks" in the "Subject" so I can delete these quickly.
    >
    > !DSPAM:43209640198463335510714!
    >

    My tally is:
    150188 TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    38037 TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
    4027 SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)
     691 TLSv1 with cipher RC4-SHA (128/128 bits)
     483 TLSv1 with cipher AES256-SHA (256/256 bits)
     372 TLSv1 with cipher RC4-MD5 (128/128 bits)
     309 SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
     108 TLSv1 with cipher DES-CBC3-SHA (168/168 bits)
      89 SSLv3 with cipher DES-CBC3-SHA (168/168 bits)
      10 SSLv3 with cipher RC4-MD5 (128/128 bits)
       5 SSLv3 with cipher RC4-SHA (128/128 bits)
       1 SSLv2 with cipher DES-CBC3-MD5 (168/168 bits)

    - David


  • Next message: Carlos Arellano: "postmaster mail"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD