Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
An SSL scan of my Go server with TLS enabled reports
This server accepts the RC4 cipher, which is weak. Grade capped to B.
I wonder if perhaps this one shouldn't be in the default set of cipher suites?
The text was updated successfully, but these errors were encountered:
Sorry, something went wrong.
RC4 is prohibited by RFC 7465 and should not be used.
crypto/tls: disable RC4 by default.
RC4 is frowned upon at this point and major providers are disabling it
Those who still need RC4 support in crypto/tls can enable it by
specifying the CipherSuites slice in crypto/tls.Config explicitly.
Reviewed-by: Andrew Gerrand <email@example.com>
No branches or pull requests