Details
-
Improvement
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
Fully Compatible
-
Security 2 04/24/15
Description
RC4 is considered weak for TLS. We should explicitly disable it through SSL_CTX_set_cipher_list. I think adding ":!RC4" to the existing string is all that's needed.
https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what