Java Spec Compatibility Weakened Android's TLS Encryption

sfcrazy writes "It has been discovered that Google downgraded the SSL encryption of Android after version 2.3.4 and defaulted to RC4 and MD5 ciphers. It may appear that NSA is at play here as both are broken and can be easily compromised. But after digging the code Georg Lukas concluded that the blame goes to Oracle. 'The cipher order on the vast majority of Android devices was defined by Sun in 2002 and taken over into the Android project in 2010 as an attempt to improve compatibility.'" The Java spec from 2002 specified RC4 and MD5 as the first two ciphers for TLS; Android, however, used DHE-RSA-AES256-SHA by default. The default cipher list for Java 7 was updated, but Android is stuck using JDK 6 and a default cipher list over a decade old.

Some things are not worth being compatible with

[Qzukk]

Shitty security protocols are one of them, if your obsolete software can't cope with modern encryption, it is crap and should be replaced.

Almost!

[mythosaz]

Well, we almost worked the NSA into every article headline today. ...there's always tomorrow.

How is this Java's fault

[Anonymous Coward]

> The default cipher list for Java 7 was updated, but Android is stuck using JDK 6 and a default cipher list over a decade old.

The Android platform did not upgrade. How is that Oracle's fault? Next we will be blaming vendors for vulnerabilities that were patched years ago.

The blame is Google's, not Oracle's

[DavidinAla]

Nobody forced Google to use Java. Google made its own decision what to use and how to use it. Quit trying to give most geeks' favorite company a pass when it makes lousy decisions that come back to hurt users.

Instead of a blog note how about some info?

[Virtucon]

Qualys published a list in August of this year for Java 6 Update 45 that lists the default Cipher Suites in order of preference. [ssllabs.com] On that list there are 4 that are insecure but there 7 that are weak. What needs to start happening to fix this is
1) App vendors need to become aware of the situation.
2) Disable use of the weak and vulnerable ciphers. This can be done on the web server for example as a start.

Remember it takes two to tango in an SSL/TLS handshake and if one side says No to a weak or vulnerable Cipher then one of the stronger Ciphers (if available) can be used. If you're using weak or vulnerable ciphers at all, fix your app. We also have to push to get rid of any of the older than TLS 1.1 and keep pushing on the Browsers to support TLS 1.2 which oddly enough only MSFT has supported since IE8 and Opera since version 10. http://en.wikipedia.org/wiki/Transport_Layer_Security [wikipedia.org]

NSA?

[Darinbob]

Why does everyone blame NSA here? NSA does not want ciphers that everyone can decrypt more easily. They'd be much happier with ciphers that only the NSA could decrypt but which stumped the Chinese and Russians and mafia and terrorists and foreign hackers, etc.

There's the attitude I see that seems to be getting more popular, which implies that the NSA wishes that no one used encryption at all. But that's patently false. They absolutely want encryption within the government (so that we can't spy on the government), they want encryption in the business sector (secure communications is good business), and the absolutely don't want the US to be painfully backwards with respect to cryptography compared to every other country in the world.

Who trusts him?

[OhANameWhatName]

Georg Lukas concluded that the blame goes to Oracle

No matter what, you have to take responsibility. You've destroyed the hopes of leagues of loyal fans.