[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

To: "[email protected]" <[email protected]>
Subject: Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
From: [email protected] (Rich Jones)
Date: Mon, 14 Oct 2013 13:26:15 -0700

Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/

Looks like ignorance rather than malice, but that's a pretty fucking
bone-headed maneuver. Normally the Android guys are quite sharp, so a
mistake like this actually strikes me as a little bit fishy.

Here's the guy responsible for the commit: http://carlstrom.com/
http://www.linkedin.com/in/carlstrom

Worth a follow-up?

R
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20131014/db878b7f/attachment.html>

Follow-Ups:
- Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
  - From: [email protected] (Alexey Zakhlestin)

Prev by Date: An Interview with Simon Persson of CounterMail
Next by Date: [20] surveying the minefield
Previous by thread: An Interview with Simon Persson of CounterMail
Next by thread: Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
Index(es):
- Date
- Thread