----- Original Message ----- > From: "Nikos Mavrogiannopoulos" <nmav@xxxxxxxxxx> > To: "Hubert Kario" <hkario@xxxxxxxxxx> > Cc: security@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Tuesday, 26 August, 2014 9:06:39 AM > Subject: Re: TLS scan results for August 2014 > > On Mon, 2014-08-25 at 08:26 -0400, Hubert Kario wrote: > > Not many exciting changes, just continuation of previous trends. > > SHA-256 has grown by 2%, RC4 basically unchanged. > > > > As always, detailed commentary on my blog: > > https://securitypitfalls.wordpress.com/2014/08/25/august-2014-scan-results/ > > > > SSL/TLS survey of 397695 websites from Alexa's top 1 million > > Stats only from connections that did provide valid certificates > > (or anonymous DH from servers that do also have valid certificate > > installed) > > > DH,512bits 43198 10.8621 21.3266 > > DH,768bits 759 0.1908 0.3747 > > The percentages of these servers is kind of scary. It seems that there > is some server that ships with such default parameters. Yes, Java uses small parameters by default, Java6 and Java7 uses 768 bit IIRC. The 512 bit may be coming from Java 5, but I'm just guessing here. -- Regards, Hubert Kario -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
