Closed v998 closed 9 years ago
The current patches/openssl__disable_rc4.patch only allows patching with 1.0.1.
patches/openssl__disable_rc4.patch
Since you have released a Chacha20-Poly1305 patch for 1.0.2, should you also include a RC4 patch for 1.0.2?
RC4 should not be used for HTTPS connection anymore. So disabling it completely at the protocol level from webserver config would be better.
RC4 has been disabled since d6529d3c.
The current
patches/openssl__disable_rc4.patch
only allows patching with 1.0.1.Since you have released a Chacha20-Poly1305 patch for 1.0.2, should you also include a RC4 patch for 1.0.2?