On Fri, Feb 5, 2016 at 4:10 PM, John Levine <johnl@xxxxxxxxx> wrote: >>The issue at hand is whether or not to disable the use of old ciphersuites in >>the IETF's use of STARTTLS in SMTP. Irrespective of the reasons we have for >>doing that, John's point was and is that it can adverse effect on our ability >>to reach everyone who wants to participate. > > Has anyone looked at the logs to see how much SSL3 there actually is? > In my logs, which are doubtless not representative of anyone but > they're what I've got, here's what I see for the past six weeks of > starttls on my IPv4 server: > > 22617 TLS1.2/X.509/AEAD > 16791 TLS1.0/X.509/SHA1 > 2526 TLS1.2/X.509/SHA256 > 2069 TLS1.2/X.509/SHA384 > 1058 TLS1.2/X.509/SHA1 > 339 TLS1.1/X.509/SHA1 > 232 SSL3.0/X.509/SHA1 > 147 TLS1.0/X.509/MD5 > 8 TLS1.0/X.509/SHA256 > > And here's the past year on my lower volume IPv6 server: > > 130886 TLS1.2/X.509/AEAD > 44172 TLS1.0/X.509/SHA1 > 6610 TLS1.2/X.509/SHA1 > 1485 TLS1.1/X.509/SHA1 > 259 TLS1.2/X.509/SHA384 > > (The much higher numbers are mostly because gmail sends all their mail > to me over IPv6 with TLS.) > > I was surprised to see 237 SSL3 connections, so I looked at the ones > in the past day, all of which are from two servers on a network in > Turkey running ancient versions of Merak, and trying to send me spam. > One is sending spam from the bogus domain globalconferences.org (no A, > AAAA, or MX record) presumably for fake conferences. So at least > here, rejecting SSL3 would only block a little spam. I would be surprised by any legitimate SSL3 mail because the STARTTLS spec came long after TLS 1.0 was settled. There might be a mail server out there that cannot legitimately do TLS but I would be very surprised. And any server that can't accept TLS/1.0 inbound isn't compliant with the spec anyway.