Secure Browsing: Disable TLS RC4 for Chrome
Keywords: TLS, Transfer Layer Security, RC4, Secure Web Broswing, Google Chrome, Cipher
Download
Download startchrome.sh.app.
Known to work with Google Chrome Version 37.0.2062.124.
Installation
1. Check if insecure RC4 is activated on your Google Chrome browser here: https://cc.dcsec.uni-hannover. de
(Check this: If RC4 is in fact enabled the string "RC4" appears on the list many times.)
2. Save startchrome App, for example in this folder: "/Users/YOURACCOUNT/bin/"
3. Just drag&drop the App to the Dock.
4. Done!
5. Quit already running Google Chrome
6. Start Google Chrome with startchrome.
This will start just Google Chrome with some special parameters which disables RC4.
7. Check if RC4 is disabled now with: https://cc.dcsec.uni-hannover. de
(The string "RC4" should not appear anywhere if RC4 is disabled.)
How it works?
It just starts Google Chrome with this parameters:
--cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83
Helpful?
Let us know if you liked the post. That’s the only way we can improve.
Hi there,
seems not to work with Google Chrome version 41.0.2272.76 (64 Bit) on OS X 10.10.2 Yosemite …
If I quit Google Chrome and start with the arguments from your Shell-Script:
open -a “Google Chrome.app” –args -pinned-tag-count=4 –cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83
The website https://cc.dcsec.uni-hannover.de/ still shows me these cipher suites (also after deleting the Chrome cache completely):
ECDHE-ECDSA-RC4128-SHA
ECDHE-RSA-RC4128-SHA
RSA-RC4128-SHA
RSA-RC4128-MD5
Any ideas?
All the best,
Marcel
Hi there,
seems not to work with Google Chrome version 41.0.2272.76 (64 Bit) on OS X 10.10.2 Yosemite …
If I quit Google Chrome and start with the arguments from your Shell-Script:
open -a “Google Chrome.app” –args -pinned-tag-count=4 –cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83
The website https://cc.dcsec.uni-hannover.de/ still shows me the RC4 cipher suites (also after deleting the Chrome cache completely).
Maybe the arguments have changed since version 37 of Chrome?
All the best,
Marcel
Thank you for your feedback. Chrome is a very bad browser in terms of memory usage and background activities… So I just removed it from my system. 🙂
Auf gut deutsch: Dieser elende Chrome bremst das gesamte System runter, und macht im Hintergrund irgendwelche Update-Aufrufe, Downloads, etc.