Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
Rich Jones
rich@openwatch.net
Mon Oct 14 13:26:15 PDT 2013
Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/
Looks like ignorance rather than malice, but that's a pretty fucking
bone-headed maneuver. Normally the Android guys are quite sharp, so a
mistake like this actually strikes me as a little bit fishy.
Here's the guy responsible for the commit: http://carlstrom.com/
http://www.linkedin.com/in/carlstrom
Worth a follow-up?
R
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20131014/db878b7f/attachment.html>
More information about the cypherpunks
mailing list