v998
commented
9 years ago RC4 should not be used for HTTPS connection anymore. So disabling it completely at the protocol level from webserver config would be better.
Closed v998 closed 9 years ago
v998
commented
9 years ago RC4 should not be used for HTTPS connection anymore. So disabling it completely at the protocol level from webserver config would be better.
PiotrSikora
commented
9 years ago RC4 has been disabled since d6529d3c.
The current
patches/openssl__disable_rc4.patchonly allows patching with 1.0.1.Since you have released a Chacha20-Poly1305 patch for 1.0.2, should you also include a RC4 patch for 1.0.2?