----- Original Message -----
From: "Tomas Mraz" <tmraz(a)redhat.com>
To: "Eric H. Christensen" <sparks(a)fedoraproject.org>
Cc: "Hubert Kario" <hkario(a)redhat.com>, security(a)lists.fedoraproject.org
Sent: Tuesday, 6 May, 2014 10:24:38 AM
Subject: Re: Fedora crypto policy vs the real world Was: available crypto policies
On Po, 2014-05-05 at 13:26 -0400, Eric H. Christensen wrote:
> On Mon, May 05, 2014 at 01:20:17PM -0400, Hubert Kario wrote:
> > ----- Original Message -----
> > > From: "Eric H. Christensen" <sparks(a)fedoraproject.org>
> > > To: "Nikos Mavrogiannopoulos" <nmav(a)redhat.com>
> > > Cc: security(a)lists.fedoraproject.org
> > > Sent: Monday, May 5, 2014 6:38:40 PM
> > > Subject: Re: Fedora crypto policy vs the real world Was: available
> > > crypto policies
> > >
> > > upcoming
> > > versions of Microsoft Windows 7 will also stop supporting RC4
> >
> > That sounds nearly too good to be true. Source?
>
>
https://technet.microsoft.com/library/security/2868725?altTemplate=Securi...
Huh, but it actually does not disable RC4 support by default. The update
just enables possibility to disable it through registry setting or API
call.
"What does the 2868725 update do?
The update supports the removal of RC4 as an available cipher on
affected systems through registry settings. It also allows developers to
remove RC4 in individual applications through the use of the
SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options
are not enabled by default. Microsoft recommends that customers test any
new settings for disabling RC4 prior to implementing them in their
environments."
So no, Windows won't disable RC4 support by default.
nitpick: Windows 7 doesn't disable RC4 support by default.
Windows 8 does disable RC4 by default:
http://blogs.msdn.com/b/ie/archive/2013/11/12/ie11-automatically-makes-ov...
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario(a)redhat.com
Web:
www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic