Loading...

Undo Transition
Closed

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2 04/24/15
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

RC4 is considered weak for TLS. We should explicitly disable it through SSL_CTX_set_cipher_list. I think adding ":!RC4" to the existing string is all that's needed.

https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what

Assignee:: Spencer Jackson
Reporter:: Bernie Hackett
Participants:: Andreas Nilsson, Bernie Hackett, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 8 Start watching this issue

Created:: Apr 09 2015 08:17:48 PM UTC
Updated:: Apr 14 2016 03:17:54 PM UTC
Resolved:: Apr 13 2015 03:08:49 PM UTC

Details

Description

Attachments

Activity

People

Dates