[guardian-dev] Fwd: Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
Miron
miron at hyper.to
Mon Oct 14 18:25:41 EDT 2013
Of potential interest.
-------- Original Message --------
Subject: Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in
late 2010
Date: Mon, 14 Oct 2013 13:26:15 -0700
From: Rich Jones <rich at openwatch.net>
To: cypherpunks at cpunks.org <cypherpunks at cpunks.org>
Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/
Looks like ignorance rather than malice, but that's a pretty fucking
bone-headed maneuver. Normally the Android guys are quite sharp, so a
mistake like this actually strikes me as a little bit fishy.
Here's the guy responsible for the commit: http://carlstrom.com/
http://www.linkedin.com/in/carlstrom
Worth a follow-up?
R
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20131014/4d9ae413/attachment.html>
More information about the Guardian-dev
mailing list