Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SSL telemetry very early grain of salt edition
11 views
Skip to first unread message
Patrick McManus
Nov 29, 2012, 11:23:48 AM11/29/12
to dev-tech...@lists.mozilla.org
We've had some SSL telemetry in nightly for about a week, much of that over
a holiday.
Despite its thinness it provides some early insight into questions I've
had, I really like to be able to characterize the web - so here is the
summary from that sneak peak:
We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more
than I hoped, but less than brian feared :)
1.7% of OCSP queries fail to generate an OCSP response.
OCSP responses take a median 310ms to complete.
The "Time to Ready" metric for a new connection using ssl (which would
include the TCP handshake and SSL handhake which may or may not be resumed
or require OCSP), has a median around 400ms. Plaintext HTTP has a
time-to-ready around 110ms.
a holiday.
Despite its thinness it provides some early insight into questions I've
had, I really like to be able to characterize the web - so here is the
summary from that sneak peak:
We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more
than I hoped, but less than brian feared :)
1.7% of OCSP queries fail to generate an OCSP response.
OCSP responses take a median 310ms to complete.
The "Time to Ready" metric for a new connection using ssl (which would
include the TCP handshake and SSL handhake which may or may not be resumed
or require OCSP), has a median around 400ms. Plaintext HTTP has a
time-to-ready around 110ms.
Eric H. Jung
Nov 29, 2012, 11:36:55 AM11/29/12
to Patrick McManus, dev-tech...@lists.mozilla.org
Eric
Gervase Markham
Nov 30, 2012, 5:14:15 AM11/30/12
to Patrick McManus
On 29/11/12 16:23, Patrick McManus wrote:
> We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more
> than I hoped, but less than brian feared :)
As in, 98.87% of the time we use TLS? We only support 1.0 at the moment,
> We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more
> than I hoped, but less than brian feared :)
right?
> 1.7% of OCSP queries fail to generate an OCSP response.
not included for privacy or size reasons?
> OCSP responses take a median 310ms to complete.
> The "Time to Ready" metric for a new connection using ssl (which would
> include the TCP handshake and SSL handhake which may or may not be resumed
> or require OCSP), has a median around 400ms. Plaintext HTTP has a
> time-to-ready around 110ms.
very close to the above-mentioned 310ms?
No wonder Chrome switched it off...
Gerv
Patrick McManus
Dec 6, 2012, 9:51:56 AM12/6/12
to dev-tech...@lists.mozilla.org
On Thu, Nov 29, 2012 at 11:23 AM, Patrick McManus <pmcm...@mozilla.com>wrote:
> We've had some SSL telemetry in nightly for about a week, much of that
> over a holiday.
>
> Despite its thinness it provides some early insight into questions I've
> had, I really like to be able to characterize the web - so here is the
> summary from that sneak peak:
>
> We've had some SSL telemetry in nightly for about a week, much of that
> over a holiday.
>
> Despite its thinness it provides some early insight into questions I've
> had, I really like to be able to characterize the web - so here is the
> summary from that sneak peak:
>
> We use SSL3 instead of TLS in handshakes 1.13% of the time. That's more
> than I hoped, but less than brian feared :)
>
with some more data in that number has now fallen to 1.02%. But that's not
> than I hoped, but less than brian feared :)
>
why I'm replying to myself :)
Relevant followup - http://unmitigatedrisk.com/?p=260
that blog takes a look at a "large cross section of websites" (both client
and server) and has some of the same kind of data.. seeing SSL3 2.48% of
the time in the wild.
This is UA breakdown of the source of an SSL3 connection (I believe IE <=6
favors SSL3 by default)
Internet Explorer >=7
68.31
Internet Explorer <=6
6.67
Gecko
16.39%
Apple
4.12%
Playstation
2.85%
Chrome
1.36%
Other
0.30%
If you reweight that by market share that makes chrome look *a lot *better
than everyone else. The most intuitive conclusion is that we can improve
our intolerance strategy for falling back given the state of the Internet
though I'm curious if anyone has other theories..
-P
0 new messages