On 2014-01-09 06:41, Kurt Roeckx wrote:
I'm considering if we should also drop support for RC4 on the client side.
At least IE11 on windows 8.1 doesn't do RC4, but does do 3DES.
I started a scan of Alexa's top 1 million websites. It's going to take a few
days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES or 3DES.
All of these sites are high traffic:
lynda.com
priceline.com
adultfriendfinder.com
siteground.com
lacaixa.es
mmotraffic.com
hostmonster.com
elance.com
vine.co
cvs.com
tharunaya.co.uk
directv.com
goal.com
bluehost.com
typepad.com
inbox.com
sprint.com
squarespace.com
justhost.com
123rf.com
hostgator.com
The (partial) results are here: http://4u.1nw.eu/top1m_ciphersuite_scan.tar
I'll do more number crunching once the scan is done.
The numbers show that deprecating RC4 in Firefox would have real impact on
big websites. Whether we think that's a good or bad thing is up for
discussion :)
- Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
