Shared publicly  - 
Android SSL Downgraded in Late 2010

For some reason, Android's SSL cryptographic preference was downgraded in 2010.!
tl;dr. Android is using the combination of horribly broken RC4 and MD5 as the first default cipher on all SSL connections. This impacts all apps that did not care enough to change the list of enabled ciphers (i.e. almost all existing apps). This post investigates why RC4-MD5 is the default ...
Paul Henning's profile photoJoe Feise's profile photoBjörn Lundén (blunden)'s profile photoTom Bruning's profile photo
They wanted to protect users from BEAST etc. most likely. Until we can use TLS 1.2 without issues this likely makes people slightly better off than before. That article misses some important things. See the hacker news comments for details.
Let's change the cipher order then?
Panic! If you care about any this stuff, don't use the system defaults? Maybe open with Chrome on Android to see how weak it is?
Also sorted in priority order as specified in JSSE documentation probably means just that, not deliberately weakened because haxor pwn!
+Jason Telford I don't use iOS, etc. but you should get the same results for a given version of Chrome. Unless there are some OS-related restrictions, but unlikely.
BTW, most servers don't really care about client config. Try this: 

URL url = new URL("");
URLConnection conn = url.openConnection();
HttpsURLConnection urlConnection = (HttpsURLConnection) conn;
Log.d(TAG,"Cipher suite: " + urlConnection.getCipherSuite());

> D/MainActivity(14760): Cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+Ryan M. Tillotson Thats not the point. The NSA's MO is to knock out a few of the supports on encryption to give them a ledge to stand on to break it in a reasonable, human time frame by throwing iron/math/exploits at it. They need not-so-easy but breakable crypto to allow them to secretly and undetectable influence things in their favor.
+Joe Feise Ever heard of advance copies of research? It happens all the time.

What would be really interesting would be to know what that internal bug ticket contained.
+Björn Lundén Not months before the research is made public. And yes, I have done security research. You inform the vendor in advance, but don't wait months for the vendor to fix things.
This had nothing to do with BEAST.
+Joe Feise Considering the theoretical vulnerability was known in 2002 you can't say that with certainty. This is not like a normal security finding where you are informing a single vendor so I wouldn't compare that to attacks such as BEAST and CRIME that affect most internet users.

Without knowing what the original bug was about, we can't really say anything with certainty other than that Google is using an old cipher priority list (which is bad of course).
Add a comment...