Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 5:56:28 PM UTC+1, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agreem

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, 1 September 2015 09:56:28 UTC-7, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agreement t

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 9:56:28 AM UTC-7, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agreem

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 9:56:28 AM UTC-7, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agreem

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 9:56:28 AM UTC-7, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agreem

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 11:56:28 AM UTC-5, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agree

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 11:56:28 AM UTC-5, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agree

Re: Intent to ship: RC4 disabled by default in Firefox 44

On Tuesday, September 1, 2015 at 9:26:28 PM UTC+4:30, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser vendors when to turn off RC4 entirely, and there seems to be > agr

Re: Intent to ship: RC4 disabled by default in Firefox 44

On 09/01/2015 09:56 AM, Richard Barnes wrote: > # Compatibility impact > > Disabling RC4 will mean that Firefox will no longer connect to servers that > require RC4. The data we have indicate that while there are still a small > number of such servers, Firefox users encounter them at very low rat

Re: Intent to ship: RC4 disabled by default in Firefox 44

Hearing no objections, let's consider this the plan of record. Thanks, --Richard On Tue, Sep 1, 2015 at 12:56 PM, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > RC4 cipher [0]. The security team has been discussing with other the > browser ve

Re: Intent to ship: RC4 disabled by default in Firefox 44

Do we know if Chrome or IE will have a fallback UI? On 9/1/15 10:30 AM, Richard Barnes wrote: And from Microsoft: http://blogs.windows.com/msedgedev/2015/09/01/ending-support-for-the-rc4-cipher-in-microsoft-edge-and-internet-explorer-11/ On Tue, Sep 1, 2015 at 1:03 PM, Richard Barnes wrote:

Re: Intent to ship: RC4 disabled by default in Firefox 44

On 2015/09/02 1:56, Richard Barnes wrote: > * 42/ASAP: Disable whitelist in Nightly/Aurora; no change in Beta/Release > * 43: Disable unrestricted fallback in Beta/Release (thus allowing RC4 only > for whitelisted hosts) > * 44: Disable all RC4 prefs by default, in all releases The whitelist conta

Re: Intent to ship: RC4 disabled by default in Firefox 44

And from Microsoft: http://blogs.windows.com/msedgedev/2015/09/01/ending-support-for-the-rc4-cipher-in-microsoft-edge-and-internet-explorer-11/ On Tue, Sep 1, 2015 at 1:03 PM, Richard Barnes wrote: > Speaking of other browsers, the corresponding Chromium thread is here: > > > https://groups.goo

Re: Intent to ship: RC4 disabled by default in Firefox 44

Speaking of other browsers, the corresponding Chromium thread is here: https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/kVfCywocUO8/vgi_rQuhKgAJ On Tue, Sep 1, 2015 at 12:56 PM, Richard Barnes wrote: > For a while now, we have been progressively disabling the known-insecure > R

Intent to ship: RC4 disabled by default in Firefox 44

For a while now, we have been progressively disabling the known-insecure RC4 cipher [0]. The security team has been discussing with other the browser vendors when to turn off RC4 entirely, and there seems to be agreement to take that action in late January / early February 2016, following the rele