* on the Wed, Oct 15, 2014 at 07:18:54PM +0200, Luigi Rosa wrote: >> I'd be interested to hear figures regarding how much traffic would change >> from being encrypted to plain text if SSLv3 was dropped for SMTP... > > My humble opinion about the delta: zero. > > I prefer to disable SSLv3 to prevent a future 0-day that could affect STARTTLS > and IMAPS (I disabled SSL v2 and v3 on Dovecot ad well)
I semi-agree with you, which is why I disabled SSLv3 on my SMTP and IMAP servers yesterday when I first heard that a vulnerability was due to be disclosed. I also disabled SSLv3 on my websites a year or so ago. However, I have a feeling that the figures would show that doing this is worse than not doing it when it comes to SMTP. I'm not after anecdotes or opinions but hard figures from people who get a lot of TLS traffic. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
