Microsoft kills RC4 crypto

Microsoft has removed support from RC4, an ancient and easy-to-evade cipher, from its browsers.

Google and the Mozilla Foundation have beaten Redmond to the punch with this change, killing off the cipher in past releases. IE 11 and Edge are therefore now at parity.

It's not hard to see why Redmond and its rivals have done so: as explained here “Previously, Microsoft Edge and Internet Explorer 11 allowed RC4 during a fallback from TLS 1.2 or 1.1 to TLS 1.0. A fallback to TLS 1.0 with RC4 is most often the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack. For this reason, RC4 is now entirely disabled by default for Microsoft Edge and Internet Explorer users on Windows 7, Windows 8.1 and Windows 10.”

If your web services use RC4, you need to turn on TLS 1.2 and can RC4 support if you want users to stay secure on your sites. ®

Sponsored: Beyond the Data Frontier

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019