[tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser

isis isis at torproject.org
Wed Oct 15 22:47:45 UTC 2014


AntiTree transcribed 0.6K bytes:
> >
> > Someone somewhere (I think Mike Perry quoting AGL) mentioned today that
> > we'd only be
> > breaking 0.3% of the internet if we do this.
> >
> 
> My fact checker 9000 looked into this[1]. the 0.3% is probably close but
> here are a few stats per Zmap and Alexa
> 
> - of the top 1 Million domains, 0.02% have SSLv3 as their highest version
> (verified domains)
> - of the entire ipv4 space, 2.8% use SSLv3 as their highest version
> (unverified certificates)
> 
> [1]. https://zmap.io/sslv3/

Neat. Those stats on SSL/TLS deployment are interesting... thanks! :)

-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20141015/61be076e/attachment.sig>


More information about the tor-talk mailing list