Home > Uncategorized > YouTube, now with less RC4

YouTube, now with less RC4


This is awesome news. Passing it along.

securitypitfalls

After everybody said not to use RC4 any more, Google finally enabled one additional cipher on Google video servers: TLS_RSA_WITH_AES_128_GCM_SHA256.Unfortunately, this cipher is not supported either by Firefox 30 nor by Internet Explorer on Windows 8.1 or earlier.

Users of Firefox will have to wait for the bug 1029179 to be fixed.

This cipher is though supported by Google Chrome and Chromium, so if you’re a user of those browsers, you can finally disable RC4 for everyday browsing. You can do it either by creating a wrapper script, or modifying the shortcut you use to run those browsers to have one additional option:

chrome --cipher-suite-blacklist=0x0003,0x0004,0x0005,0x0017,0x0018,0x0020,0x0024,0x0028,0x002B,0x0066,0x008A,0x008E,0x0092,0xC002,0xC007,0xC00C,0xC011,0xC016,0xC033

This will disable following cipher suites:

  • 0x0003 – TLS_RSA_EXPORT_WITH_RC4_40_MD5
  • 0x0004 – TLS_RSA_WITH_RC4_128_MD5
  • 0x0005 – TLS_RSA_WITH_RC4_128_SHA
  • 0x0017 – TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
  • 0x0018 – TLS_DH_anon_WITH_RC4_128_MD5
  • 0x0020 – TLS_KRB5_WITH_RC4_128_SHA
  • 0x0024 – TLS_KRB5_WITH_RC4_128_MD5
  • 0x0028 – TLS_KRB5_EXPORT_WITH_RC4_40_SHA
  • 0x002B – TLS_KRB5_EXPORT_WITH_RC4_40_MD5
  • 0x0066 – SSL_DHE_DSS_WITH_RC4_128_SHA
  • 0x008A – TLS_PSK_WITH_RC4_128_SHA
  • 0x008E – TLS_DHE_PSK_WITH_RC4_128_SHA
  • 0x0092 –…

View original post 87 more words

Advertisements
Categories: Uncategorized
  1. corbyn
    2014-06-24 at 13:23 EDT

    Wait.. what? I disable all rc4 in my firefox and i am still able watch youtube videos.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s