DescriptionRemove RC4 by default.
RC4 may still be re-enabled via the RC4Enabled administrative policy, until
sometime around September. Also control it via a field trial so we still have
an escape hatch should something catastrophic happen.
Keep the deprecated cipher suite fallback around (rename the parameter since I
got the naming convention wrong) since it's still got the IIS AES-GCM
workaround in it, and it will be used in not too long for DHE_RSA instead.
BUG=375342
TEST=Loading https://rc4.badssl.com/ fails with ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Relaunching Chrome with --force-fieldtrials=RC4Ciphers/Enabled/ makes that page succeed.
Relaunching Chrome after setting the RC4Enabled polcy to true makes that page succeed.
(Note: press refresh when loading the site to make sure it's not cached.)
Committed: https://crrev.com/14b1a53362ffb727e02bdf27e24e93c5f9b2d423
Cr-Commit-Position: refs/heads/master@{#357114}
Patch Set 1 #Patch Set 2 : #Patch Set 3 : rebase #
Total comments: 7
Patch Set 4 : put RC4 in the description #Patch Set 5 : rebase #Messages
Total messages: 26 (5 generated)
|