16 Oct
2013
16 Oct
'13
7:49 p.m.
On 15.10.2013, at 0:26, Rich Jones <rich@openwatch.net> wrote:
Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/
Looks like ignorance rather than malice, but that's a pretty fucking bone-headed maneuver. Normally the Android guys are quite sharp, so a mistake like this actually strikes me as a little bit fishy.
Here's the guy responsible for the commit: http://carlstrom.com/ http://www.linkedin.com/in/carlstrom
Well, good news is, that: 1. browser (chrome) keeps its own better set of ciphers. 2. a lot of servers ignore client's preferences of ciphers these days still stupid, though. -- Alexey Zakhlestin CTO at Grids.by/you https://github.com/indeyets PGP key: http://indeyets.ru/alexey.zakhlestin.pgp.asc