/plushcap/analysis/cloudflare/end-of-the-road-for-rc4

End of the road for RC4

What's this blog post about?

On February 23, 2015, Cloudflare disabled the RC4 encryption algorithm for all SSL/TLS connections to its sites due to security concerns. The company had previously deprecated RC4 in May 2014 and noted that some users still required it, particularly those using old mobile phones and Windows XP. However, recent data showed a significant decline in RC4 usage, with almost all remaining requests coming from old phones and Windows XP users. Additionally, some connections were traced back to SSL-intercepting proxy software using RC4. Cloudflare decided to disable the protocol completely due to its lack of security and the availability of more secure alternatives.

Company
Cloudflare

Date published
Feb. 23, 2015

Author(s)
John Graham-Cumming

Word count
550

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.