zach at oglesby.co
AC8D 352D 380B B89B A3C2 7F43 DB36 FD89 F20C 4707

Android Security

As a reminder, Android is open source but is not a community project; there is a difference. Please try and submit a patch for this and see how far it gets you.

Some time ago, I was adding secure authentication to my APRSdroid app for Amateur Radio geolocation. While debugging its TLS handshake, I noticed that RC4-MD5 is leading the client's list of supported ciphers and thus wins the negotiation. As the task at hand was about authentication, not about secrecy, I did not care.

http://op-co.de/blog/posts/android\_ssl\_downgrade/ via http://sparkslinux.wordpress.com/2013/10/14/why-android-ssl-was-downgraded-from-aes256-sha-to-rc4-md5-in-late-2010/

Date: 2013-10-14 Mon 00:00

Author: Zach Oglesby

Created: 2018-12-28 Fri 23:27