killing RC4 in Chrome
tedks at riseup.net
Thu Sep 18 08:10:55 PDT 2014
There's sort of a chicken/egg problem here.
You can actually just disable them in configuration; in Firefox, you can
just go to about:config and set all the security.*.rc4* to false instead
However, this breaks a *lot* of sites, including some big ones.
On Thu, 2014-09-18 at 11:26 +0100, Cathal Garvey wrote:
> This is what occurred to me when I saw your first few mails on this
> subject; how hard is it to just comment out the stupid algos in the
> source for FF/Chrome, and just recompile? TLS negotiates available
> algos, so there's probably a list somewhere of which algos to send to
> the server; you could change nothing but that list and the algos would
> simply never be advertised, negotiated, or used?
> On 18/09/14 03:31, coderman wrote:
> > https://twitter.com/grittygrease/status/512328703938797568
> > <grittygrease> Are you planning on dropping RC4 support in Chrome anytime soon?
> > <sleevi_> Not until I can work with @mikewest to get our mixed content
> > detection improved and get @__apf__ on board for more sec-ui :)
Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the cypherpunks