End of the road for RC4
On February 23, 2015, Cloudflare disabled the RC4 encryption algorithm for all SSL/TLS connections to its sites due to security concerns. The company had previously deprecated RC4 in May 2014 and noted that some users still required it, particularly those using old mobile phones and Windows XP. However, recent data showed a significant decline in RC4 usage, with almost all remaining requests coming from old phones and Windows XP users. Additionally, some connections were traced back to SSL-intercepting proxy software using RC4. Cloudflare decided to disable the protocol completely due to its lack of security and the availability of more secure alternatives.
Company
Cloudflare
Date published
Feb. 23, 2015
Author(s)
John Graham-Cumming
Word count
550
Language
English
Hacker News points
None found.