Stop using RC4

A follow up of my previous post: in response to my letter, NIST is going to increase the CVSS score of CVE-2013-2566 (RC4) to match CVE-2011-3389 (BEAST). Yay!

In other news, WebKitGTK+ 2.8 has full support for RFC 7465. That’s a fancy way of saying that we will no longer negotiate RC4 connections and you will now be unable to access the small minority of HTTPS sites that offer nothing but RC4. Hopefully other browsers will follow along sooner rather than later. In particular, Firefox nightly has stopped negotiating RC4 except for a few whitelisted sites: I would very much like to see that whitelist removed. Internet Explorer has stopped negotiating RC4 except when it performs voluntary protocol version fallback. It would be great to see a firmer stance from Mozilla and Microsoft, and some action from Google and Apple.

2 Replies to “Stop using RC4”

  1. There’s a pretty clear explanation at

    “[I]n 2013 it was announced that RC4 had a serious flaw that would make it possible for a determined attacker to decrypt data encrypted with RC4 in TLS.

    Due to the serious flaw in RC4 and the fact that the BEAST attack has been mitigated by all modern browsers, all HTTPS sites should be configured to use ciphers other than RC4.”

    That statement is somewhat exaggerated. The attacks on RC4 are not really practical today. But they are uncomfortably close to being practical, it’s just a matter of time before it’s being silently decrypted in the wild, and who knows if it’s happening already and just been kept secret. Everyone agrees we need to kill off RC4 as soon as possible.

Comments are closed.