Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/
Looks like ignorance rather than malice, but that's a pretty fucking bone-headed maneuver. Normally the Android guys are quite sharp, so a mistake like this actually strikes me as a little bit fishy. Here's the guy responsible for the commit: http://carlstrom.com/ http://www.linkedin.com/in/carlstrom Worth a follow-up? R
