killing RC4 in Chrome

Cathal Garvey cathalgarvey at
Thu Sep 18 03:26:23 PDT 2014

This is what occurred to me when I saw your first few mails on this
subject; how hard is it to just comment out the stupid algos in the
source for FF/Chrome, and just recompile? TLS negotiates available
algos, so there's probably a list somewhere of which algos to send to
the server; you could change nothing but that list and the algos would
simply never be advertised, negotiated, or used?

On 18/09/14 03:31, coderman wrote:
> <grittygrease> Are you planning on dropping RC4 support in Chrome anytime soon?
> <sleevi_> Not until I can work with @mikewest to get our mixed content
> detection improved and get @__apf__ on board for more sec-ui :)

Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the cypherpunks mailing list