Hi, RFC3207 says publicly available servers are required to support plaintext and fallback to plaintext if cipher negotations etc fail.
wikileaks.org - self-signed cert, supports SSLv3, TLSv1, TLSv1.1 and TLSv1.2, AnonDH, key size 2048 bits, weakest cipher essentially zero. google.com - TTP cert, supports SSLv3, TLSv1, TLSv1.1 and TLSv1.2, key size 2048 bits, weakest cipher suite with 128 bits. postfix.org (cloud9.net) - TTP cert, supports SSLv2, SSLv3 and TLSv1, AnonDH, key size 2048 bits, weakest cipher essentially zero. verisign.com - TTP cert with invalid hostname, supports SSLv3 and TLSv1, key size 2048 bits, weakest cipher suite with 128 bits. porcupine.org - STARTTLS not supported https://starttls.info/ have checked MX's of Alexa Top 1 million + more for starttls support, with stats and comparisons available: https://starttls.info/stats https://starttls.info/stats/com/net (.com vs .net) It seems to me as if mailadmins prefer supporting "everything", since anything is better than plaintext. On the other side webadmins and crypto people saying that SSLv3, 128 bit, 2048 bit key and valid cert should be a minimum. I would really like to hear honest and justified opinions on what to consider "good" and "best" practices on this matter. Regards, Per Thorsheim
