Android SSL Library Downgraded To RC4 Circa 2010

An IT blog carried a story about Android’s SSL implementation the other day. The story suggests that at some point around 2010 the default cipher was changed from AES to RC4. Such odd commits that seem to weaken security rather than improve them do occur from time to time, but since the NSA mass surveillance allegations every such instance of these regressions must now be looked at with a critical eye.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s