killing RC4 in Chrome
Ted Smith
tedks at riseup.net
Thu Sep 18 08:10:55 PDT 2014
There's sort of a chicken/egg problem here.
You can actually just disable them in configuration; in Firefox, you can
just go to about:config and set all the security.*.rc4* to false instead
of true.
However, this breaks a *lot* of sites, including some big ones.
On Thu, 2014-09-18 at 11:26 +0100, Cathal Garvey wrote:
> This is what occurred to me when I saw your first few mails on this
> subject; how hard is it to just comment out the stupid algos in the
> source for FF/Chrome, and just recompile? TLS negotiates available
> algos, so there's probably a list somewhere of which algos to send to
> the server; you could change nothing but that list and the algos would
> simply never be advertised, negotiated, or used?
>
> On 18/09/14 03:31, coderman wrote:
> > https://twitter.com/grittygrease/status/512328703938797568
> >
> > <grittygrease> Are you planning on dropping RC4 support in Chrome anytime soon?
> >
> > <sleevi_> Not until I can work with @mikewest to get our mixed content
> > detection improved and get @__apf__ on board for more sec-ui :)
> >
>
--
Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140918/b45a0f76/attachment-0002.sig>
More information about the cypherpunks
mailing list