On Thu, Nov 29, 2012 at 11:23 AM, Patrick McManus <[email protected]>wrote:
> We've had some SSL telemetry in nightly for about a week, much of that > over a holiday. > > Despite its thinness it provides some early insight into questions I've > had, I really like to be able to characterize the web - so here is the > summary from that sneak peak: > > We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more > than I hoped, but less than brian feared :) > with some more data in that number has now fallen to 1.02%. But that's not why I'm replying to myself :) Relevant followup - http://unmitigatedrisk.com/?p=260 that blog takes a look at a "large cross section of websites" (both client and server) and has some of the same kind of data.. seeing SSL3 2.48% of the time in the wild. This is UA breakdown of the source of an SSL3 connection (I believe IE <=6 favors SSL3 by default) Internet Explorer >=7 68.31 Internet Explorer <=6 6.67 Gecko 16.39% Apple 4.12% Playstation 2.85% Chrome 1.36% Other 0.30% If you reweight that by market share that makes chrome look *a lot *better than everyone else. The most intuitive conclusion is that we can improve our intolerance strategy for falling back given the state of the Internet though I'm curious if anyone has other theories.. -P _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
