On Thu, Jul 30, 2015 at 04:10:56PM -0400, Michael Richardson wrote: > > Michael Richardson wrote: > >> RC4 is supported by 83% of end points that support crypto, or of 83% > >> of end points that answer TCP? > > > This percentage is based on hosts that did complete a SSL/TLS > > handshake. > > okay, so whle we might cringe at how many hosts are using weak crypto, > we might also be elated (if we had numbers) about how many hosts support > *any* crypto... Note that RC4 *use* is much lower than RC4 *support*... Lots of servers support RC4, to interoperate with legacy peers, but in practice very rarely negotiate it. Many of the below support RC4, but in practice you get much stronger crypto: $ for d in gmail.com outlook.com yahoo.com aol.com hotmail.com microsoft.com gmx.de t-online.de web.de do posttls-finger -c -lencrypt -Lsummary $d done posttls-finger: ... gmail-smtp-in.l.google.com... TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) posttls-finger: ... mx2.hotmail.com... TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) posttls-finger: ... mta7.am0.yahoodns.net... TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) posttls-finger: ... mailin-03.mx.aol.com... TLSv1 with cipher ADH-AES256-SHA (256/256 bits) posttls-finger: ... mx2.hotmail.com... TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) posttls-finger: ... microsoft-com.mail.protection.outlook.com... TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits) posttls-finger: ... mx01.emig.gmx.net... TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) posttls-finger: ... mx03.t-online.de... TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) posttls-finger: ... mx-ha03.web.de... TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) $ for d in gmail.com outlook.com yahoo.com aol.com hotmail.com microsoft.com gmx.de t-online.de web.de do posttls-finger -c -lencrypt -o tls_medium_cipherlist=RC4-SHA -Lsummary $d done posttls-finger: ... gmail-smtp-in.l.google.com... TLSv1.2 with cipher RC4-SHA (128/128 bits) posttls-finger: ... mx4.hotmail.com... TLSv1.2 with cipher RC4-SHA (128/128 bits) posttls-finger: ... mta5.am0.yahoodns.net... TLSv1.2 with cipher RC4-SHA (128/128 bits) posttls-finger: ... mailin-01.mx.aol.com... TLSv1 with cipher RC4-SHA (128/128 bits) posttls-finger: ... mx2.hotmail.com... TLSv1.2 with cipher RC4-SHA (128/128 bits) posttls-finger: SSL_connect error to microsoft-com.mail.protection.outlook.com... lost connection posttls-finger: SSL_connect error to mx01.emig.gmx.net... -1 posttls-finger: ... mx03.t-online.de... TLSv1.2 with cipher RC4-SHA (128/128 bits) posttls-finger: SSL_connect error to mx-ha02.web.de... -1 Lack of RC4 support at three of the above just means that email they receive from some legacy systems is sent in the clear. It has been rumoured that Yahoo's outboud systems prefer RC4, and unless servers impose their own cipher priority, mail from Yahoo uses RC4. I've not personally tested that for some time, so that "factoid" may be stale... -- Viktor.