From 5b5d1856264a3b3a8a9e5c0ac55c79b638ca568f Mon Sep 17 00:00:00 2001 From: Andy Brody Date: Thu, 27 Nov 2014 21:56:56 -0500 Subject: [PATCH] Drop RC4-MD5; virtually no sites should use it. --- history.md | 1 + lib/restclient/request.rb | 7 +++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/history.md b/history.md index e0ad47d..4f79715 100644 --- a/history.md +++ b/history.md @@ -3,6 +3,7 @@ - Drop support for Ruby 1.9.2 - Change default Accept header to `*/*` - Use a more descriptive User-Agent header by default +- Drop RC4-MD5 from default cipher list (will have no affect on most users) # 1.7.2 diff --git a/lib/restclient/request.rb b/lib/restclient/request.rb index 7e7c967..024e3fd 100644 --- a/lib/restclient/request.rb +++ b/lib/restclient/request.rb @@ -41,9 +41,9 @@ module RestClient new(args).execute(& block) end - # This is similar to the list now in ruby core, but adds HIGH and RC4-MD5 - # for better compatibility (similar to Firefox) and moves AES-GCM cipher - # suites above DHE/ECDHE CBC suites (similar to Chromium). + # This is similar to the list now in ruby core, but adds HIGH for better + # compatibility (similar to Firefox) and moves AES-GCM cipher suites above + # DHE/ECDHE CBC suites (similar to Chromium). # https://github.com/ruby/ruby/commit/699b209cf8cf11809620e12985ad33ae33b119ee # # This list will be used by default if the Ruby global OpenSSL default @@ -91,7 +91,6 @@ module RestClient HIGH +RC4 - RC4-MD5 }.join(":") # A set of weak default ciphers that we will override by default.