The long and the short of it is - we should make sure we don't use the RC4 ciphersuite when making tls clients and servers. crypto/tls has a Config struct that is used to create clients and servers, and has a Ciphersuites field that defaults to effectively "use whatever". We should be populating that field with crypto/tls's list of ciphersuites (sans RC4 versions).
The long and the short of it is - we should make sure we don't use the RC4 ciphersuite when making tls clients and servers. crypto/tls has a Config struct that is used to create clients and servers, and has a Ciphersuites field that defaults to effectively "use whatever". We should be populating that field with crypto/tls's list of ciphersuites (sans RC4 versions).