They are just using what the softwares provide. https://jve.linuxwall.info/blog/index.php?post/TLS_Survey
This guy scanned Alexa's list of top 1,000,000 websites. At "janvier 11 2014". 45% of them had TLS support. 1.23% of websites only accept 3DES, and 1.56% of websites only accept RC4. PFS support was 75% ! 38 websites only accept SSLv2. lol. TLS 1.2 support is 33% so shit, that still would need time. And this was one year ago. In the meantime we had POODLE, Heartbleed that had informed people to update. What did it took to disable SSLv3 in the main webbrowsers? Just a little push that is named POODLE. You are the OpenBSD team, break things to make it better! Just loud thinking, but isn't it time to say NO to weak things? No RC*/DES/MD5/non-PFS/etc. Many thanks for your hard work! On Wed, Mar 4, 2015 at 7:54 PM, Carlin Bingham <c...@viennan.net> wrote: > On Thu, 5 Mar 2015, at 07:37 AM, someone wrote: > > "interoperable" - you mean there are still softwares that really count > > and > > still cannot use/support HIGH ciphers? wow. What a world we live in.. :\ > > > > On Wed, Mar 4, 2015 at 7:27 PM, Miod Vallat <m...@online.fr> wrote: > > > > > > "Sometimes you have to break things to make it better" > > > > > > Yes, and getting people to stop using LibreSSL because it suddenly is > > > not interoperable with anything would surely help a lot. > > > > > > Instead, we are trying to get developers to try and use LibreSSL > > > provided libtsl, which defaults to sane, strong crypto choices. > > > > > > Miod > > > > Disable RC4 and non-PFS ciphers in Firefox (there are extensions, eg. > SSleuth, that can help with doing this) and see how many sites stop > working. Better yet, see how many bank's sites stop working. > > > -- > Carlin
