In line with our earlier reports, Microsoft is finally retiring the RC4 in Microsoft Edge and Internet Explorer 11. The reason behind this step is the logically fact that RC4 is no longer secure. With the KB3151631 released this August 9, 2016, this cumulative upgrade for Windows disables RC4 in Microsoft Edge and IE11.
Microsoft retires RC4 cipher support in Edge and IE 11
For the sake of context, RC4 was a stream cipher that has been widely supported across various browsers since 1987. It is now that the modern attacks have exposed loopholes in RC4 which allows the attacker to break the same in hours or days. The Internet Engineering Task Force took the step to prohibit the use of RC4 in tandem with the TLS.
The very fact that fallback from TLS 1,0 from the RC4 was mostly an actual error but it was indistinguishable from a man-in-the-middle-attack. This is one of the main reasons why RC4 has been completely disabled for Microsoft Edge and Internet Explorer users on Windows 7. 8.1 and the latest Windows 10. However, it’s worth noting that RC4 was allowed during a fallback from TLS 1.2 to TLS 1.0.
That being said, most of the folks will still not notice the change in the percentage of web services that support RC4 are very less and slowly becoming extinct.
If you are a webmaster and your web service still supports RC 4 it is the time you take some action. For instance refer to the Security Advisory 2868725, for a list of supported ciphers and Cipher suites.
- Tags: Security