Chrome

Chrome, Firefox And Edge/IE Will Soon Drop RC4 Encryption

browser security

What is RC4?

RC4 is a stream cipher designed in 1987 that has been widely supported across browsers and online services for the purposes of encryption. Multiple vulnerabilities have been discovered in RC4 over the years, making it possible to crack within days or even hours.

It’s good news that all the major browsers are going to drop it and move forward to a better cipher.

When?

  • Chrome plans to disable support for RC4 in a future Chrome release. While the company didn’t provide a specific date, it expects the Chrome version that doesn’t include RC4 to reach the stable channel “around January or February 2016.”
  • Firefox plans to turn off RC4 entirely in Firefox 44, which is currently scheduled for release on January 26, 2016.
  • Microsoft plans to disable RC4 by default for all Microsoft Edge and Internet Explorer users on Windows 7, Windows 8.1, and Windows 10 “starting in early 2016.”

What to do?

There is a simple check you should run against your production site. If you got an F like in the image below, check the reasons and correct your server configuration. Server operators who don’t wish to have to tweak configurations again in the foreseeable future should check that they support TLS 1.2 with  ECDHE_RSA_WITH_AES_128_GCM.
ssl test

Resource

  1. Chromium forum
  2. Mozilla dev discussion
  3. Windows blog post
  4. VB post

 

 

Standard

11 thoughts on “Chrome, Firefox And Edge/IE Will Soon Drop RC4 Encryption

  1. Pingback: Chrome 48 beta brings custom notification buttons and presenting to Google Cast devices on Android | 381test

  2. Pingback: Chrome 48 beta brings custom notification buttons and presenting to Google Cast devices on Android | Global Services Media

  3. Pingback: Chrome 48 beta brings custom notification buttons and presenting to Google Cast devices on Android -

  4. Pingback: Chrome 48 beta brings custom notification buttons and presenting to Google Cast devices on Android | DARE

  5. Pingback: Chrome 48 Beta: Present to Cast devices, custom notification buttons, and bandwidth estimation - InfoLogs

  6. Pingback: Chrome 48 beta brings custom notification buttons and presenting to Google Cast devices on Android | BawlBuster

  7. Pingback: Chrome 48 Beta: Present to Cast, custom notification buttons, and network estimation - InfoLogs

  8. Pingback: Chrome 48 beta brings custom notification buttons and presenting to Google Cast devices on Android - Hybrid Apps | Web Apps | Mobile Apps

  9. Pingback: Chrome 48 Beta: Present to Cast, custom notification buttons, and network estimation - Cocopine Web Solutions

  10. Pingback: Chrome 48 Beta:Present to Cast、自定义通知按钮和网络估算

  11. Pingback: Chrome 48 Beta: Present to Cast, custom notification buttons, and network estimation – Hawk Background Check Reviews

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s