Nasty: [1]http://op-co.de/blog/posts/android_ssl_downgrade/
   Looks like ignorance rather than malice, but that's a pretty fucking
   bone-headed maneuver. Normally the Android guys are quite sharp, so a
   mistake like this actually strikes me as a little bit fishy.
   Here's the guy responsible for the commit: [2]http://carlstrom.com/
   [3]http://www.linkedin.com/in/carlstrom
   Worth a follow-up?
   R

References

   1. http://op-co.de/blog/posts/android_ssl_downgrade/
   2. http://carlstrom.com/
   3. http://www.linkedin.com/in/carlstrom