How to get rid of weak cipher suites?

[Tristan Göthel]

Hello,

 

our app got audited and they found, that we support weak cipher suites. The weak ciphersuites come from the Android Webview.

As you point out, weak ciphersuites are still supported by chrome / chromium.

How I can get rid of them?

I tried using shouldInterceptRequest to solve this, but as we have redirects, this wasn’t the correct approach.

Any help would be appreciated, or at least an info about, when Chrome will stop supporting bad ciphersuites.

 

Thanks a lot.

 

Viele Grüße

Tristan Göthel

TECHNOLOGIE


HORNBACH Baumarkt AG
Hornbach Strasse 11
76879 Bornheim

Tel: +49-6348-60-5857

eMail: tristan...@hornbach.com
Home Page: http://www.hornbach.com

 

 

 

HORNBACH Baumarkt AG
Sitz: Bornheim/Pfalz
Registergericht Landau HRB 2311
USt-IDNr. DE 151 116 749
WEEE-Reg.-Nr. DE 39697378
 
Vorsitzender des Aufsichtsrates: Albrecht Hornbach
Vorstand: Erich Harsch (Vorsitzender), Karin Dohm, Jan Hornbach,
Nils Hornbach, Susanne Jäger, Karsten Kühn,
Ingo Leiner, Dr. Andreas Schobert, Christa Theurer
********************************************************************************************

HORNBACH auf Instagram	https://www.instagram.com/hornbach_de
HORNBACH auf Youtube	https://www.youtube.com/@Hornbach
HORNBACH auf Facebook	https://www.facebook.com/hornbach.de
HORNBACH auf Pinterest	https://www.pinterest.de/hornbachde
HORNBACH auf TikTok	https://www.tiktok.com/@hornbach_de

********************************************************************************************
E-mail-Newsletter: Jetzt anmelden!  
Ein Mail. Ein Wink:
Einfach auf hornbach.de gehen, anmelden und los geht es.
Lassen Sie sich nichts durch die Lappen gehen!
 
http://www.hornbach.de/newsletter
********************************************************************************************
Sofern die in Art. 21 DSGVO (https://dsgvo-gesetz.de/art-21-dsgvo/) genannten
Voraussetzungen erfüllt sind können Sie der Verarbeitung Ihrer Daten widersprechen.
Weitere Hinweise zum Umgang mit Ihren Daten und zu Ihren Rechten erhalten
Sie unter HORNBACH Datenschutzhinweise.
********************************************************************************************
This e-mail is only intended for the person(s) to whom it is addressed and may
contain confidential information. Unless stated to the contrary, any opinions or
comments are personal to the writer and do not represent the official view of the
company. If you have received this e-mail in error, please notify us immediately by
reply e-mail and then delete this message from your system. Please do not copy
it or use it for any purposes, or disclose its contents to any other person.
Thank you for your co-operation.
********************************************************************************************

[Torne (Richard Coles)]

On Mon, 2 Dec 2024 at 12:21, 'Tristan Göthel' via android-webview-dev <android-w...@chromium.org> wrote:

Hello,

 

our app got audited and they found, that we support weak cipher suites. The weak ciphersuites come from the Android Webview.

As you point out, weak ciphersuites are still supported by chrome / chromium.

How I can get rid of them?

I tried using shouldInterceptRequest to solve this, but as we have redirects, this wasn’t the correct approach.

Any help would be appreciated, or at least an info about, when Chrome will stop supporting bad ciphersuites.

As far as I know WebView just supports the same ciphersuites as Chromium and there isn't any way to configure this.

Which specific ciphersuites are you referring to?

 

--
You received this message because you are subscribed to the Google Groups "android-webview-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-webview...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/android-webview-dev/20241128-094703.188259e5q-2wza%40compute06.