Do not use RC4 TLS/SSL cipher suites by default.

RC4 has been deprecated for a while. It's now time to no longer use it by default. Mozilla Firefox and Chrome web browsers have already made the leap. Bug: 24898327 (cherry picked from commit 751965bd) Change-Id: I63fb45fe62b594ba6311d42be26e214adbab5c20

Do not use RC4 TLS/SSL cipher suites by default.
RC4 has been deprecated for a while. It's now time to no longer use it by default. Mozilla Firefox and Chrome web browsers have already made the leap. Bug: 24898327 (cherry picked from commit 751965bd) Change-Id: I63fb45fe62b594ba6311d42be26e214adbab5c20
77b758db · Alex Klyubin · e48fd1d9 · 77b758db
Commit 77b758db authored 9 years ago by Alex Klyubin
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 3 deletions

src/main/java/org/conscrypt/NativeCrypto.java src/main/java/org/conscrypt/NativeCrypto.java +0 -3

No files found.
--- a/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/src/main/java/org/conscrypt/NativeCrypto.java
@@ -770,8 +770,6 @@ public final class NativeCrypto {
    // * Prefer Forward Secrecy (i.e., cipher suites that use ECDHE and DHE for key agreement).
    // * Prefer AES-GCM to AES-CBC whose MAC-pad-then-encrypt approach leads to weaknesses (e.g.,
    //   Lucky 13).
-    // * Prefer AES to RC4 whose foundations are a bit shaky. See http://www.isg.rhul.ac.uk/tls/.
-    //   BEAST and Lucky13 mitigations are enabled.
    // * Prefer 128-bit bulk encryption to 256-bit one, because 128-bit is safe enough while
    //   consuming less CPU/time/energy.
    //
@@ -800,7 +798,6 @@ public final class NativeCrypto {
        "TLS_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_RSA_WITH_AES_128_CBC_SHA",
        "TLS_RSA_WITH_AES_256_CBC_SHA",
-        "SSL_RSA_WITH_RC4_128_SHA",
    };

    /** TLS-PSK cipher suites enabled by default (if requested), in preference order. */