Microsoft has announced that it is ending support for RC4 cipher in both Internet Explorer 11 and Edge. This will begin in the early parts of 2016, and as such, it will no longer be used in TLS fallback discussions.
The reason why Microsoft is ditching RC4 cipher is because it is no longer cryptographically secure, according to the industry at large. The announcement from Microsoft falls in line with similar statements from Mozilla and Google, as both companies have ended support for RC4 cipher in Firefox and Chrome, respectively.
At the moment, it is not sure what Microsoft intends to use to replace RC4 cipher, but we’re guessing the company must have something in mind hence it wouldn’t just outright choose to get rid of it without a plan for the future.
What is RC4 cipher
It is a stream cipher that first came to prominence back in 1987, and since then, the platform has been used by almost all web browsers and many online services.
The age of RC4 cipher is probably the defining factor in why it is no longer secure enough. From what we’ve come to understand, attackers can take days, if not hours, to break RC4. Once attackers are in, they will have access to plaintext files among other things.
Will the move from RC4 cipher affect me?
Microsoft says the percentage of websites that support RC4 at this point is small and shrinking. However, the software giant did not specify how little, and by what rate is support shrinking.
It should mean that only a small amount of users on the web may come across issues, but the majority are expected to not even realize that RC4 is no longer in use.