Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#299 closed change (fixed)

Drop support for RC4 cypher

Reported by: trev Assignee: trev
Priority: P3 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):



We are currently supporting RC4 cypher, we even enforce it in order to save CPU time. However, RC4 isn't considered secure any more - see

What to change

Remove RC4 support as suggested by SSL Labs.

Change History (5)

comment:1 Changed 6 years ago by trev

  • Owner set to trev
  • Status changed from new to assigned

comment:2 Changed 6 years ago by trev

  • Review URL(s) modified (diff)
  • Status changed from assigned to reviewing

comment:3 Changed 6 years ago by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:4 Changed 6 years ago by Gingerbread Man

SSL Labs reports RC4 is still used. Does anyone care to comment on this, and the lack of Forward Secrecy?

comment:5 Changed 6 years ago by trev

That's a security provider, not one of our servers. We contacted them about improving the SSL configuration a while ago, so far without any response. The long-term solution will likely be only routing through them when actually necessary.

Note: See TracTickets for help on using tickets.