Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

October 14, 2013 at 08:28 PM

Nice sleuthing and humorously written alert / background info on SSL connections in Android. SSL is one of the least problematic security / privacy issues with a smartphone, but I found it entertaining as I have gone through a round of hardening servers and apps and in the process have learned much about ciphers and handshake protocols.

Link: Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010


Permanent Link — Posted in Web Links