Drop RC4-MD5; virtually no sites should use it.

2014-11-27 21:56:56 -05:00 · 2014-11-27 21:56:56 -05:00 · 5b5d185626
parent 27cd0fc3c5
commit 5b5d185626
2 changed files with 4 additions and 4 deletions
--- a/history.md
+++ b/history.md
@ -3,6 +3,7 @@
 - Drop support for Ruby 1.9.2
 - Change default Accept header to `*/*`
 - Use a more descriptive User-Agent header by default
+- Drop RC4-MD5 from default cipher list (will have no affect on most users)

 # 1.7.2

--- a/lib/restclient/request.rb
+++ b/lib/restclient/request.rb
@ -41,9 +41,9 @@ module RestClient
      new(args).execute(& block)
    end

-    # This is similar to the list now in ruby core, but adds HIGH and RC4-MD5
-    # for better compatibility (similar to Firefox) and moves AES-GCM cipher
-    # suites above DHE/ECDHE CBC suites (similar to Chromium).
+    # This is similar to the list now in ruby core, but adds HIGH for better
+    # compatibility (similar to Firefox) and moves AES-GCM cipher suites above
+    # DHE/ECDHE CBC suites (similar to Chromium).
    # https://github.com/ruby/ruby/commit/699b209cf8cf11809620e12985ad33ae33b119ee
    #
    # This list will be used by default if the Ruby global OpenSSL default
@ -91,7 +91,6 @@ module RestClient

      HIGH
      +RC4
-      RC4-MD5
    }.join(":")

    # A set of weak default ciphers that we will override by default.