On Po, 2014-05-05 at 13:26 -0400, Eric H. Christensen wrote: > On Mon, May 05, 2014 at 01:20:17PM -0400, Hubert Kario wrote: > > ----- Original Message ----- > > > From: "Eric H. Christensen" <sparks@xxxxxxxxxxxxxxxxx> > > > To: "Nikos Mavrogiannopoulos" <nmav@xxxxxxxxxx> > > > Cc: security@xxxxxxxxxxxxxxxxxxxxxxx > > > Sent: Monday, May 5, 2014 6:38:40 PM > > > Subject: Re: Fedora crypto policy vs the real world Was: available crypto policies > > > > > > upcoming > > > versions of Microsoft Windows 7 will also stop supporting RC4 > > > > That sounds nearly too good to be true. Source? > > https://technet.microsoft.com/library/security/2868725?altTemplate=SecurityAdvisoryPF Huh, but it actually does not disable RC4 support by default. The update just enables possibility to disable it through registry setting or API call. "What does the 2868725 update do? The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are not enabled by default. Microsoft recommends that customers test any new settings for disabling RC4 prior to implementing them in their environments." So no, Windows won't disable RC4 support by default. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
