Dienstag, 15. Oktober 2013

Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

Whoa, what an article! If you consider IT security your thing you have to read the following blog post over at:


The author essentially found out that since Android 2.3.4 Google has changed the default cipher suite list to favor the (unsecure) RC4-MD5 first instead of RSA-SHA256.

0 Kommentare:

Kommentar veröffentlichen