Drop RC4 from the cipher list

In addition to having many security concerns, it is a violation of RFC 7465 to include RC4 cipher suites in a ClientHello.
urllib3 · Feb 19, 2015 · 42955b1 · 42955b1
1 parent f6a652a
commit 42955b1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/urllib3/util/ssl_.py b/urllib3/util/ssl_.py
@@ -29,8 +29,8 @@
 except ImportError:
     _DEFAULT_CIPHERS = (
         'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
-        'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:ECDH+RC4:'
-        'DH+RC4:RSA+RC4:!aNULL:!eNULL:!MD5'
+        'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:!aNULL:'
+        '!eNULL:!MD5'
     )
 
 try: