Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
Rich Jones
rich at openwatch.net
Mon Oct 14 13:26:15 PDT 2013
Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/
Looks like ignorance rather than malice, but that's a pretty fucking
bone-headed maneuver. Normally the Android guys are quite sharp, so a
mistake like this actually strikes me as a little bit fishy.
Here's the guy responsible for the commit: http://carlstrom.com/
http://www.linkedin.com/in/carlstrom
Worth a follow-up?
R
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 663 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131014/db878b7f/attachment-0001.txt>
More information about the cypherpunks
mailing list