Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Future Firefox, Chrome, IE, and Edge Releases Will Not Support RC4 Encryption

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

Bye bye, Rivest Cipher 4, it was fun while it lasted

By the end of February 2016, you'll have seen the last of RC4 encryption in browsers like Chrome, Firefox, Internet Explorer, and Edge, their parent companies have announced.

The once mighty RC4 encryption algorithm, used in popular Web technologies like WEP, WPA, SSH, TLS/SSL, RDP, PDF, Kerberos, SASL, Skype, and BitTorrent, has seen its glory days come and go.

With security experts slashing it to pieces in their research papers and hackers using its exposed flaws to mount their attacks, RC4's popularity decreased so much that the creators of the TLS protocol, the Internet Engineering Task Force (IETF), outright prohibited its usage within TLS anymore.

Things turned even uglier for RC4 yesterday, when, in a series of inter-connected announcements, three of the five major browser makers announced that they plan to remove RC4 support from future versions of their products altogether, practically twisting the knife that was already left in RC4's back by the IETF announcement.

RC4 support will be removed by late February 2016

So, starting with the early part of 2016, browser makers like Mozilla, Microsoft and Google will drop RC4 support from Firefox, Internet Explorer, Edge, and Chrome.

In a detailed timeline, Mozilla has announced it intends to disable RC4 starting with Firefox 44, which is officially scheduled for release on January 26, 2016.

This is no big deal since its internal data shows that only 0,08% of its userbase were currently using it, RC4 being partly disabled since Firefox 37.

The Chrome team, on the other hand, didn't provide an exact date or version, but they committed to removing RC4 support in the Stable channel around January or February 2016.

While these two announcements came buried deep in Google Grup talk pages, Microsoft downright announced it on its official blog, saying that "Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations." This announcement will affect both browsers of the company, IE and Edge.

Source

Link to comment
Share on other sites
  • Replies 2
  • Views 1.5k
  • Created
  • Last Reply
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

it should be removed right now, not in 2016.

same with SSL 3.0 and 2.0.

Agreed.

RC4, relatively, is as good as WEP, so not sure why it's not removed already. Encryption is something I am not expertized in, but from what I know, AES is already used and is far better than others.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...