We're discussing marking clients using RC4 cipher suites as Bad and need some data:https://groups.google.com/forum/#!topic/howsmyssl-upkeep/71AMhyV6r-0 …
@howsmyssl All those browsers still do RC4 if the initial RC4-less handshake fails for nearly any reason. TLS_DOWNGRADE_SCSV doesn't help.
-
-
@brian_____ Good thing to know! Curious about the existence of more, uh, proactive mechanisms. -
@jmhodges Firefox disabled version intolerance feedback exception whitelisted sites. That stops AES-GCM -> RC4 fallback.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.