Am 17.10.2014 um 19:34 schrieb Matthias Hunstock:
No gain in security if you lock out some mail clients
and their users just turn connection encryption off....
Well, it's weekend and just 12 hours of sampling, but it looks good
actually:
13 'SSLv3' and cipher 'ECDHE-RSA-AES256-SHA'
119 'SSLv3' and cipher 'RC4-SHA'
205 'SSLv3' and cipher 'AES256-SHA'
5 'TLSv1.2' and cipher 'ECDHE-RSA-AES128-GCM-SHA256'
6 'TLSv1.2' and cipher 'ECDHE-RSA-AES128-SHA256'
7 'TLSv1.2' and cipher 'AES256-GCM-SHA384'
10 'TLSv1.2' and cipher 'AES256-SHA'
13 'TLSv1.2' and cipher 'ECDHE-RSA-AES256-SHA384'
58 'TLSv1' and cipher 'RC4-SHA'
676 'TLSv1' and cipher 'AES128-SHA'
754 'TLSv1.1' and cipher 'ECDHE-RSA-AES256-SHA'
1751 'TLSv1.2' and cipher 'ECDHE-RSA-AES256-GCM-SHA384'
2875 'TLSv1' and cipher 'AES256-SHA'
8435 'TLSv1.2' and cipher 'ECDHE-RSA-AES256-SHA'
38907 'TLSv1' and cipher 'ECDHE-RSA-AES256-SHA'
The SSLv3/AES256-SHA connections are pop connections from one particular
client, so there are ~0.3% of connections via SSL3.
Regards