The types of TLS seen on our external MX (as of April 2023)
On the Fediverse, I said:
Today's sysadmin tip: if you don't want to be depressed, don't look at how many other mail servers are still connecting to your external mail gateway with TLS 1.0, and especially not exactly who they are.
Today I feel like providing some statistics on that, partly for my own interest. All of these are over the past full nine days, which means that they mostly cover the end of April 2023 (plus May 1st).
Over this time we accepted 94,037 messages, of which 62,885 were encrypted with some version of TLS. The TLS versions used break down like this:
36426 X=TLS1.2 26209 X=TLS1.3 229 X=TLS1.0 21 X=TLS1.1
After my Fediverse post, I'm actually surprised to see such a low usage of TLS 1.0 and 1.1. I'm pleased to see that TLS 1.3 is so close to TLS 1.2.
(I think what I was seeing in my Fediverse post was that outside mailers were making a handful of connections a day with TLS 1.0 and TLS 1.1. At the time the TLS 1.0 connections stood out more.)
I don't particularly know why TLS 1.1 is so uncommon compared to TLS 1.0. It may be that TLS 1.1 was only the latest version of TLS for a few years (based on Wikipedia's dates). There was probably a relatively narrow window of time for people to have developed and shipped TLS 1.1 products (and then never updated them to TLS 1.2).
Ubuntu 22.04's version of Exim conveniently formats the full cipher name in a way that makes it easy to get a top level view of the broad signature schemes in use:
25774 X=TLS1.3:ECDHE_X25519 19678 X=TLS1.2:ECDHE_SECP256R1 11159 X=TLS1.2:ECDHE_SECP384R1 2916 X=TLS1.2:ECDHE_SECP521R1 2599 X=TLS1.2:ECDHE_X25519 435 X=TLS1.3:ECDHE_SECP256R1 203 X=TLS1.0:ECDHE_SECP256R1 74 X=TLS1.2:RSA 26 X=TLS1.0:RSA 16 X=TLS1.1:ECDHE_SECP521R1 5 X=TLS1.1:RSA
Overall, there were 34 different full cipher suites used, and so I'll give a little breakdown by TLS protocols (partial for TLS 1.2):
13796 X=TLS1.3: ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM: 128 11960 X=TLS1.3: ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM: 256 424 X=TLS1.3: ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM: 256 18 X=TLS1.3: ECDHE_X25519__RSA_PSS_RSAE_SHA512__AES_256_GCM: 256 11 X=TLS1.3: ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM: 128 13377 X=TLS1.2: ECDHE_SECP256R1__RSA_SHA512__AES_256_GCM: 256 11089 X=TLS1.2: ECDHE_SECP384R1__RSA_SHA256__AES_256_GCM: 256 3719 X=TLS1.2: ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_CBC__SHA1: 128 2880 X=TLS1.2: ECDHE_SECP521R1__RSA_SHA512__AES_256_GCM: 256 2037 X=TLS1.2: ECDHE_SECP256R1__RSA_SHA256__AES_128_GCM: 128 1820 X=TLS1.2: ECDHE_X25519__RSA_SHA512__AES_256_GCM: 256 497 X=TLS1.2: ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM: 128 433 X=TLS1.2: ECDHE_SECP256R1__RSA_SHA512__AES_128_GCM: 128 [...] 16 X=TLS1.1: ECDHE_SECP521R1__RSA_SHA1__AES_256_CBC__SHA1: 256 5 X=TLS1.1: RSA__AES_256_CBC__SHA1: 256 203 X=TLS1.0: ECDHE_SECP256R1__RSA_SHA1__AES_256_CBC__SHA1: 256 26 X=TLS1.0: RSA__AES_256_CBC__SHA1: 256
(I've added spaces after the :s for better line wrapping.)
As we can see here, TLS 1.2 contributed the largest diversity; it has 25 different full cipher strings. I believe this reflects a wide diversity of opinions in the sending MTAs, because the Exim documentation says that the client (here, the sending MTA) picks the preferred cipher if you're using GnuTLS, as the Ubuntu Exim is.
Sidebar: the TLS 1.2 RSA ciphers
44 X=TLS1.2: RSA__AES_256_CBC__SHA1: 256 18 X=TLS1.2: RSA__AES_256_GCM: 256 12 X=TLS1.2: RSA__AES_128_CBC__SHA1: 128
I don't know how horrified I should be here.