[jdev] SSL/TLS versions
Matthew Wild
mwild1 at gmail.com
Fri Nov 15 22:59:28 UTC 2013
Hi,
On 15 November 2013 02:33, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew Wild has run some analytics on SSL/TLS versions negotiated
> over a period of time at the jabber.org XMPP service. The percentages
> were roughly as follows:
>
> TLS 1.0 72%
> TLS 1.2 21%
> TLS 1.1 4%
> SSLv3 3%
Quick note: I consider these preliminary results, they've had very
little processing and should be taken with a pinch of salt. For
example, I had to filter out some spammer who was abusing the service
with a single client and severely skewing the results. It's important
to note that these are a series of handshakes over a period of time
(~12h I think), and not a snapshot of connected clients at a single
point in time - thus they might include reconnects and other biases.
We saw somewhat different ratios on dukgo.com, which has a smaller but
large userbase - however I believe dukgo.com users are heavily skewed
towards Pidgin because of the tutorial they provide. Stats from there:
TLS 1.0 66.4%
TLS 1.1 16.7%
TLS 1.2 16.6%
SSL 3.0 0.2%
I'm still trying to play with the data and get results I'm more
confident in, and will post with more details when I have done so.
As they say: beware lies, damned lies and statistics.
Regards,
Matthew
More information about the JDev
mailing list