[HTTPS-Everywhere] fetch.spec.whatwg.org and RC4-only tagging? [was: Re: Ruleset style guide]
Jacob Hoffman-Andrews
jsha at eff.org
Fri Feb 13 09:53:36 PST 2015
> People whose browsers are configured to reject RC4 are likely to get a
> "no matching ciphersuite" message when connecting to these servers.
>
> We have flags for things like uses cacert. Should we have a flag for
> rc4-required?
I'm very reluctant to add new platforms because it makes it so much
harder to maintain the rulesets in good condition. Instead, once
Firefox or another supported browser starts giving UI warnings for
RC4 by default, I would like to simply disable the rules for
RC4-only hosts altogether.
More information about the HTTPS-Everywhere
mailing list