Two years ago I had a look at my mail server’s logs and compiled some data about the use of STARTTLS. Tonight I decided to do it again, so here are the results for the past month:
| Connection type | Count | Proportion | In 2015 |
| No TLS | 137 | 17 % | 14 % |
| TLS 1.0 | 131 | 17 % | 9 % |
| TLS 1.1 | 6 | 1 % | 0 % |
| TLS 1.2 | 511 | 65 % | 77 % |
Overall, the proportion of TLS connections is similar to what I observed two years ago, although the proportion of TLS 1.2 connections is surprisingly decreasing in favor of TLS 1.0.
| Cipher suite | Count | Proportion |
| ECDHE-RSA-AES256-GCM-SHA384 | 466 | 72 % |
| DHE-RSA-AES256-SHA | 88 | 14 % |
| ECDHE-RSA-AES256-SHA | 49 | 8 % |
| ECDHE-RSA-AES128-GCM-SHA256 | 35 | 5 % |
| DHE-RSA-AES256-SHA256 | 6 | 1 % |
| ECDHE-RSA-AES256-GCM-SHA384 | 2 | < 1 % |
| ECDHE-RSA-AES256-SHA384 | 2 | < 1 % |
Things have changed a bit for the cipher suites used. The DHE-RSA-AES256-GCM-SHA384 cipher suite, which accounted for 46 % of all TLS connections in 2015, has now disappeared from the logs, replaced by its elliptic curve variant ECDHE-RSA-AES256-GCM-SHA384. 128-bit AES is being phased out (from 21 % to 5 %), but SHA-1 resists (from 28 % to 21 %), obviously helped by the resistance of TLS 1.0 (which does not allow SHA-2).
When TLS 1.2 is used, SHA-384 is largely preferred over SHA-256 (91 % vs 9 %), and almost all TLS 1.2 connections (98 %) use authenticated encryption in the form of the GCM mode.