Re: [TLS] publishing SSL 3.0 as historic
Martin Rex <mrex@sap.com> Tue, 15 February 2011 15:09 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B778F3A6D56 for <tls@core3.amsl.com>; Tue, 15 Feb 2011 07:09:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.205
X-Spam-Level:
X-Spam-Status: No, score=-10.205 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Snk4Nyl9LSVX for <tls@core3.amsl.com>; Tue, 15 Feb 2011 07:09:46 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id B07503A6D54 for <tls@ietf.org>; Tue, 15 Feb 2011 07:09:45 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p1FFA7UL016749 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 15 Feb 2011 16:10:08 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201102151510.p1FFA7Rf019374@fs4113.wdf.sap.corp>
To: simon@josefsson.org
Date: Tue, 15 Feb 2011 16:10:07 +0100
In-Reply-To: <87vd0lbe2d.fsf@latte.josefsson.org> from "Simon Josefsson" at Feb 15, 11 02:52:10 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] publishing SSL 3.0 as historic
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2011 15:09:46 -0000
Simon Josefsson wrote: > > Martin Rex <mrex@sap.com> writes: > > > Ralph Holz wrote: > >> > >> > Considering that a non-marginal fraction of the TLS protected communication > >> > actually negotiates protocol version {0x03,0x00}, there is not reason for > >> > a classification of "historic". > >> > >> Not intending to take sides here, but from our own observations at a > >> large ISP, SSLv3 seems to be chosen as a protocol version only for a > >> very marginal fraction of connections. I can't quite remember the > >> numbers, but it was something around 0.1% or less. I can look it up, if > >> you want. > > > > That low number appears somewhat unrealistic to me. > > > > Microsoft Windows XP was shipped with SSLv2 enabled and TLSv1.0 disabled. > > Service packs can make rather radical changes, are you sure an updated > Windows XP still enable SSLv2? If so, I'm hoping the next security > update will disable it. I do not have access to a sufficient variety of "virgin" installs. My impression is that installation of MSIE7 (or later) might change the defaults and disable SSLv2 and enable TLSv1.0. I don't know about XPsp3. With XPsp2+MSIE6 as well as Win2K3sp2+MSIE6 the original default applies. -Martin
- [TLS] publishing SSL 3.0 as historic Nikos Mavrogiannopoulos
- Re: [TLS] publishing SSL 3.0 as historic Simon Josefsson
- Re: [TLS] publishing SSL 3.0 as historic Yoav Nir
- Re: [TLS] publishing SSL 3.0 as historic Nikos Mavrogiannopoulos
- Re: [TLS] publishing SSL 3.0 as historic Geoffrey Keating
- Re: [TLS] publishing SSL 3.0 as historic Martin Rex
- Re: [TLS] publishing SSL 3.0 as historic Geoffrey Keating
- Re: [TLS] publishing SSL 3.0 as historic Martin Rex
- Re: [TLS] publishing SSL 3.0 as historic Geoffrey Keating
- Re: [TLS] publishing SSL 3.0 as historic Nikos Mavrogiannopoulos
- Re: [TLS] publishing SSL 3.0 as historic Ralph Holz
- Re: [TLS] publishing SSL 3.0 as historic Phillip Hallam-Baker
- Re: [TLS] publishing SSL 3.0 as historic Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] publishing SSL 3.0 as historic Paul Hoffman
- Re: [TLS] publishing SSL 3.0 as historic Ralph Holz
- Re: [TLS] publishing SSL 3.0 as historic Yoav Nir
- Re: [TLS] publishing SSL 3.0 as historic Nikos Mavrogiannopoulos
- Re: [TLS] publishing SSL 3.0 as historic Paul Hoffman
- Re: [TLS] publishing SSL 3.0 as historic Bodo Moeller
- Re: [TLS] publishing SSL 3.0 as historic Martin Rex
- Re: [TLS] publishing SSL 3.0 as historic Simon Josefsson
- Re: [TLS] publishing SSL 3.0 as historic Martin Rex