BLOG

Google drops obsolete crypto

Google is disabling support for email sent using version 3 of SSL or using the RC4 cypher.

They’re both very old – SSLv3 was obsoleted by TLS1.0 in 1999, and RC4 is nearly thirty years old and while it’s aged better than some cyphers there are multiple attacks against it and it’s been replaced with more recent cyphers almost everywhere.

Google has more to say about it on their security blog and if you’re developing software you should definitely pay attention to the requirements there: TLS1.2, SNI, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, DNS alternate names with wildcards.

For everyone else, make sure that you’ve applied any patches your vendor has available well before the cutoff date of June 16th.

Comment:

Your email address will not be published. Required fields are marked *

Archives