On 15.10.2013, at 0:26, Rich Jones <[email protected]> wrote: > Nasty: http://op-co.de/blog/posts/android_ssl_downgrade/ > > Looks like ignorance rather than malice, but that's a pretty fucking > bone-headed maneuver. Normally the Android guys are quite sharp, so a mistake > like this actually strikes me as a little bit fishy. > > Here's the guy responsible for the commit: http://carlstrom.com/ > http://www.linkedin.com/in/carlstrom
Well, good news is, that: 1. browser (chrome) keeps its own better set of ciphers. 2. a lot of servers ignore client's preferences of ciphers these days still stupid, though. -- Alexey Zakhlestin CTO at Grids.by/you https://github.com/indeyets PGP key: http://indeyets.ru/alexey.zakhlestin.pgp.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
