Microsoft had announced a year ago in September 2015 that it will be ending the support for RC4 Cipher in both the Microsoft Edge and Internet Explorer. As we all know a cumulative upgrade is due this April and Microsoft has clearly stated out that this update will come with the RC4 cipher disabled by default which also implies that it will not be used in TLS fall-back negotiations.
RC4 cipher support to end
Let’s now try to understand what exactly is RC4 Cipher and its implications on the users. The RC4 stream cipher was first used in 1987 and ever since it has been used across the wed.
Lately it has been noticed that the RC4 can be hacked into in just a day or maybe even a couple of hours. Microsoft Edge and Internet Explorer 11 make use of RC4 while falling back from TLS 1.2 or 1.1 to TLS 1.0. Usually such errors are not harmful in anyway but the trouble brews when it is a man-in-the-middle attack.
Citing security concerns Microsoft will be disabling the same in both Microsoft Edge and Internet Explorer users running Windows 7, Windows 8.1 and also Windows 10 starting from April 12th.
Now here is why you don’t need to fret, as a user it is likely that you won’t notice the change and considering the fact that web services that support only RC4 are near extinction it will affect you even less.
If you are a webmaster and your site uses RC4 it is better to follow the Microsoft recommendation to enable TLS 1.2 in the services and on the other hand stop supporting RC4.