Tuesday, October 15, 2013

how to disable weak ciphers in google chrome to prevent easy decryption



google-chrome --cipher-suite-blacklist=0xc007,0xc011,0x0066,0xc00c,0xc002,0x0005,0x0004

0xc007 = ECDHE-ECDSA-RC4128-SHA
0xc011 = ECDHE-RSA-RC4128-SHA
0x0066 = DHE_DSS_WITH_RC4_128_SHA
0xc00c = ECDH_RSA_WITH_RC4_128_SHA
0xc002 = RSA-RC4128-SHA
0x0005 = RSA-RC4128-SHA
0x0004 = RSA-RC4128-MD5

Source list of cipher names matching to spec:
[https://code.google.com/p/chromium/issues/detail?id=58833]

source: [http://security.stackexchange.com/questions/38493/remove-rc4-from-ssl-tls-ciphers-in-chromium]