Secure Browsing: Disable TLS RC4 for Chrome

Secure Browsing: Disable TLS RC4 for Chrome

Keywords: TLS, Transfer Layer Security, RC4, Secure Web Broswing, Google Chrome, Cipher

Download

Known to work with Google Chrome Version 37.0.2062.124.

Installation

1. Check if insecure RC4 is activated on your Google Chrome browser here: https://cc.dcsec.uni-hannover.de
(Check this: If RC4 is in fact enabled the string "RC4" appears on the list many times.)
2. Save startchrome App, for example in this folder: "/Users/YOURACCOUNT/bin/"
3. Just drag&drop the App to the Dock.
4. Done!
5. Quit already running Google Chrome
6. Start Google Chrome with startchrome.
This will start just Google Chrome with some special parameters which disables RC4.
7. Check if RC4 is disabled now with: https://cc.dcsec.uni-hannover.de
(The string "RC4" should not appear anywhere if RC4 is disabled.)

How it works?

It just starts Google Chrome with this parameters:
--cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83

Helpful?

3 thoughts on “Secure Browsing: Disable TLS RC4 for Chrome

  • 4. March 2015 at 16:41
    Permalink

    Hi there,

    seems not to work with Google Chrome version 41.0.2272.76 (64 Bit) on OS X 10.10.2 Yosemite …

    If I quit Google Chrome and start with the arguments from your Shell-Script:

    open -a “Google Chrome.app” –args -pinned-tag-count=4 –cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83

    The website https://cc.dcsec.uni-hannover.de/ still shows me these cipher suites (also after deleting the Chrome cache completely):

    ECDHE-ECDSA-RC4128-SHA
    ECDHE-RSA-RC4128-SHA
    RSA-RC4128-SHA
    RSA-RC4128-MD5

    Any ideas?

    All the best,
    Marcel

    Reply
  • 4. March 2015 at 16:47
    Permalink

    Hi there,

    seems not to work with Google Chrome version 41.0.2272.76 (64 Bit) on OS X 10.10.2 Yosemite …

    If I quit Google Chrome and start with the arguments from your Shell-Script:

    open -a “Google Chrome.app” –args -pinned-tag-count=4 –cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83

    The website https://cc.dcsec.uni-hannover.de/ still shows me the RC4 cipher suites (also after deleting the Chrome cache completely).

    Maybe the arguments have changed since version 37 of Chrome?

    All the best,
    Marcel

    Reply
    • 4. March 2015 at 17:07
      Permalink

      Thank you for your feedback. Chrome is a very bad browser in terms of memory usage and background activities… So I just removed it from my system. 🙂
      Auf gut deutsch: Dieser elende Chrome bremst das gesamte System runter, und macht im Hintergrund irgendwelche Update-Aufrufe, Downloads, etc.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *