Browsers Dropping Cipher

Friday, September 4, 2015 @ 03:09 PM gHale

While it may seem a bit further off, the last of RC4 encryption will go away in Chrome, Firefox, Internet Explorer and Edge by the end of February next year, officials said.

The RC4 encryption algorithm, used in Web technologies like WEP, WPA, SSH, TLS/SSL, RDP, PDF, Kerberos, SASL, Skype, and BitTorrent, is going away.

Firefox Update Fixes 2 Security Flaws
Zero Day Flaws in Browsers for Android
Emergency Patch for IE
New Tool Finds Browser Flaws

RC4’s popularity decreased so much the creators of the TLS protocol, the Internet Engineering Task Force (IETF), outright prohibited its usage within TLS anymore.

Starting with the early part of 2016, browser makers like Mozilla, Microsoft and Google will drop RC4 support from Firefox, Internet Explorer, Edge, and Chrome.

Mozilla will disable RC4 starting with Firefox 44, officially scheduled for release on January 26, 2016.

Mozilla’s internal data shows only .08 percent of its user base were currently using it, RC4 being partly disabled since Firefox 37.

The Chrome team, on the other hand, didn’t provide an exact date or version, but they committed to removing RC4 support in the Stable channel around January or February 2016.

Microsoft said, “Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations.” The release affects IE and Edge.