killing RC4 in Chrome

Ted Smith tedks at
Thu Sep 18 13:16:53 PDT 2014

On Thu, 2014-09-18 at 20:29 +0200, rysiek wrote:
> Dnia czwartek, 18 wrzeĊ›nia 2014 11:10:55 Ted Smith pisze:
> > There's sort of a chicken/egg problem here.
> > 
> > You can actually just disable them in configuration; in Firefox, you can
> > just go to about:config and set all the security.*.rc4* to false instead
> > of true.
> > 
> > However, this breaks a *lot* of sites, including some big ones.
> Time for a little name and shame?

This was a while ago and I've forgotten, though it was enough to be

It'd be pretty easy to write a script that harvested the allowed
ciphersuites from the top Alexa sites, if you were really interested.
The EFF's HTTPS Observatory might also have this information.

Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the cypherpunks mailing list