O2 joins Virgin Media as member of weak crypto software club

Operator promises El Reg it'll all be fixed before browsers deep-six support

shutterstock_192561857-cat-

It turns out that Virgin Media isn't the only telco still using the weak RC4 stream cipher on the more sensitive areas of its website. Step forward O2, which is also stuck on the broken SSL system.

The mobile carrier, as spotted by Reg reader Stephen, still transfers customer bank details over the weak crypto algorithm.

If you run O2's identity webpage through SSL Labs' analysis site, it confirms that the operator's "server accepts the RC4 cipher, which is weak."

As The Register has previously reported, Virgin Media has been taking its time over moving its sensitive webpages away from the crappy encryption software.

However, big browser makers have warned that support for the RC4 cipher suite will end early next year.

El Reg asked O2 to tell us why it was still stuck on the system.

A company spokesbeing told us: "We are aware of this issue and are planning to move away from this system in good time before browser makers remove support next year."

So that's alright then! ®


Biting the hand that feeds IT © 1998–2017