/plushcap/analysis/cloudflare/killing-rc4

Killing RC4 (softly)

What's this blog post about?

In 2011, the BEAST attack on TLS v1.0's CBC encryption mode was discovered, prompting experts to recommend using RC4-based cipher suites as a mitigation strategy. However, attacks on RC4 were demonstrated in 2013, making this choice problematic. Since then, modern browsers have started supporting TLS v1.2, but open-source web servers and OpenSSL do not allow for fine-grained control over cipher suite usage based on protocol version. To address this issue, a patch has been released for OpenSSL that disables RC4-based cipher suites for connections using TLS v1.1 and above while leaving them enabled for TLS v1.0 users. This ensures protection against both the BEAST attack and attacks on RC4.

Company
Cloudflare

Date published
Jan. 29, 2014

Author(s)
Piotr Sikora

Word count
401

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.