Saturday, December 28, 2013

How to Disable SSL Ciphers in Google Chrome

What should be disabled?
RC4. All the way. RC4 should be considered unsafe. So it's best to include all IDs that contain RC4.

Most browsers still have these ciphers enabled - and certain sites (including some of Google's services) are still using these.

But usually, HTTPS-enabled sites also support other ciphers, which are considered safe by current standards. So it's only a matter of disabling certain ciphers. To do this for chrome, you need to pass a specific command-line argument:

--cipher-suite-blacklist=0x0004,0x0005,0xc011,0xc007

The list of IDs can be taken from here:

The following URL can be used to test your browser's current setting:

The IDs above were ok for me using Chrome (31.0.1650.63) on Mac OS. You might need different IDs depending on your OS and browser in use.