Home > Confidentiality, Encryption, Integrity, Security > Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010


Just ran across this article discussing how horrible the cipher preference list is in Android.  That’s a lot of bad crypto on the streets right now.

Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

 

About these ads
  1. 2013-10-14 at 15:28 EDT

    I’ve submitted a patch to CyanogenMod to enable TLSv1.2 and AES as the default -> http://review.cyanogenmod.org/#/c/51771/

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 212 other followers