Wandering Thoughts archives

2025-05-31

TLSExternalTypes-2025-05

The types of TLS seen on our external SMTP MX (as of May 2025)

Back in April 2023 I did some statistics on what versions of TLS our external SMTP email gateway was seeing. Today, for reasons outside of the scope of this entry, I feel like revisiting those numbers to show how things have changed (somewhat). As with the first set of numbers, these cover the previous nine days of data to us, a fairly large computer science department in a fairly large university.

(Conveniently, our external SMTP gateway is still running Ubuntu 22.04, as it was two years ago, and so it still has the same selection of TLS versions and cipher suites and so on.)

Over the past nine days, we've received 90,938 email messages, of which 74,256 used some version of TLS, so roughly 82% of our incoming email is encrypted and 18% isn't. This latter number (and percent) is not really great, but it is what it is and it's substantially smaller than it was two years ago. What Exim reports for TLS versions breaks down as follows:

 58596  X=TLS1.3   [79%]
 15509  X=TLS1.2   [21%]
   135  X=TLS1.0
    16  X=TLS1.1

The TLS 1.0 email appears to be all or almost all from spammers, and I think it's mostly from on particularly prolific spam source (that revolves IPs, sending domains, and so on). The TLS 1.1 email is from a small handful of places, and anyway there's almost none of it. The TLS 1.2 email is a substantial portion and appears to come from a number of places, including some hosting providers, various significant universities, ieee.org, lists.ubuntu.com, and others. If we ignore various machines within the university, the non-TLS email appears to be mostly but not entirely spammers; one notable real non-TLS source is Air Canada.

The heartening thing to me is that in two years, incoming TLS versions have switched so that TLS 1.3 is dominant and TLS 1.2 has shrunk to only a fifth. I'm not sure I would have guessed that things would change that fast.

Exim conveniently formats its TLS information so I can show a top level view of the broad signature schemes in use:

 48011  X=TLS1.3:ECDHE_X25519
 11774  X=TLS1.2:ECDHE_SECP256R1
  9968  X=TLS1.3:ECDHE_SECP384R1
  1799  X=TLS1.2:ECDHE_X25519
  1631  X=TLS1.2:ECDHE_SECP521R1
   617  X=TLS1.3:ECDHE_SECP256R1
   159  X=TLS1.2:ECDHE_SECP384R1
   146  X=TLS1.2:RSA
   129  X=TLS1.0:ECDHE_SECP256R1
    12  X=TLS1.1:ECDHE_SECP521R1
     4  X=TLS1.1:RSA
     4  X=TLS1.0:RSA
     2  X=TLS1.0:ECDHE_SECP521R1

Pretty clearly, in TLS 1.3 ECDHE with X25519 has decisively won (at least in inbound SMTP) over the NIST curves, although there are still a decent number of holdouts. This dominance isn't there in TLS 1.2, where instead ECDHE with X25519 is a minority position and the dominant one is SECP256R1.

Overall there were 31 different full cipher suites used, and so I'll give a little (partial) breakdown by protocol:

 24653  X=TLS1.3: ECDHE_X25519 RSA_PSS_RSAE_SHA256 AES_256_GCM: 256
 23083  X=TLS1.3: ECDHE_X25519 RSA_PSS_RSAE_SHA256 AES_128_GCM: 128
  9968  X=TLS1.3: ECDHE_SECP384R1 RSA_PSS_RSAE_SHA256 AES_256_GCM: 256
   617  X=TLS1.3: ECDHE_SECP256R1 RSA_PSS_RSAE_SHA256 AES_256_GCM: 256
   275  X=TLS1.3: ECDHE_X25519 RSA_PSS_RSAE_SHA512 AES_256_GCM: 256

  8199  X=TLS1.2: ECDHE_SECP256R1 RSA_SHA512 AES_256_GCM: 256
  1978  X=TLS1.2: ECDHE_SECP256R1 RSA_SHA256 AES_128_GCM: 128
  1590  X=TLS1.2: ECDHE_SECP521R1 RSA_SHA512 AES_256_GCM: 256
  1428  X=TLS1.2: ECDHE_SECP256R1 RSA_SHA512 AES_128_GCM: 128
   738  X=TLS1.2: ECDHE_X25519 RSA_PSS_RSAE_SHA256 AES_128_GCM: 128
 [... 21 different ones in total ...]
     1  X=TLS1.2: RSA AES_128_CBC SHA1: 128

    12  X=TLS1.1: ECDHE_SECP521R1 RSA_SHA1 AES_256_CBC SHA1: 256
     4  X=TLS1.1: RSA AES_256_CBC SHA1: 256

   129  X=TLS1.0: ECDHE_SECP256R1 RSA_SHA1 AES_256_CBC SHA1: 256
     4  X=TLS1.0: RSA AES_256_CBC SHA1: 256
     2  X=TLS1.0: ECDHE_SECP521R1 RSA_SHA1 AES_256_CBC SHA1: 256

(This has been slightly reformatted from how Exim presents its ciphers to create more word breaks.)

The least used cipher is the TLS 1.2 one above that was used once. It's somewhat amusing to me that TLS 1.3 has such an even division between X25519 ECDHE with 128-bit or 256-bit AES GCM (which was also there two years ago).

Sidebar: the TLS 1.2 RSA ciphers

Here they are:

    97  X=TLS1.2:RSA__AES_256_CBC__SHA1:256
    48  X=TLS1.2:RSA__AES_256_GCM:256
     1  X=TLS1.2:RSA__AES_128_CBC__SHA1:128

As before, I don't know how horrified I should be.

spam/TLSExternalTypes-2025-05 written at 22:00:19;

(Previous day | Next day)
By day for May 2025: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31; before May; after May.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.