In an apparent coordinated announcement, Google, Mozilla and Microsoft announced that they would stop using the RC4 stream cipher in their respective browsers.
There was a consensus among the three organisations that RC4, designed in 1987, had passed its sell-by date. It had become a workhorse for the cyber-security industry, since it was leaked into the public domain in 1994, but a mounting number of attack techniques had revealed its underlying weaknesses.
According to Microsoft, “There is consensus across the industry that RC4 is no longer cryptographically secure.” Modern attacks have demonstrated that RC4 can be broken within hours or days.
Microsoft Edge and IE 11 use RC4 only during a fallback from TLS 1.2 or 1.1 to TLS 1.0, the company said. “A fallback to TLS 1.0 with RC4 is most often the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack,” wrote Alec Oot on the Microsoft Edge dev blog.
Richard Barnes, writing on Mozilla.dev.platform, said that RC4 was being steadily phased out of Firefox and will be completely shut down in version 44, scheduled for released on 26 January 2016.
The phase out began with version 37. It still works in Beta and Release but in Nightly and Aurora it is allowed only for a static whitelist of hosts – a list mainly built ad hoc following the discovery of compatibility issues.
In version 42, the whitelist will be disabled in Nightly/Aurora. In version 43, they will disable unrestricted fallback in Beta/Release. And then in version 44, RC4 will be disabled by default in all releases.
“As of Firefox 44, RC4 will be entirely disabled unless a user explicitly enables it through one of the prefs,” Barnes said. The consequences of this would be that Firefox will no longer connect to servers that require RC4, but according to Mozilla's data, Firefox users encounter these sites very rarely.
Google concurred with that assessment of RC4, saying that only 0.13 percent of HTTPS connections by Chrome users use RC4.
“When Chrome makes an HTTPS connection it has an implicit duty to do what it can to ensure that the connection is secure. At this point, the use of RC4 in an HTTPS connection is falling below that bar and thus we plan to disable support for RC4 in a future Chrome release,” wrote Adam Langley on Google's Security-dev group.
Google will deprecate RC4 from Chrome in January or February 2016.
Anyone who's website relies on RC4 will need to take action as browsers will, by default, be unable to connect with your site. While it will be possible to reactivate RC4, it will be beyond the capabilities of most users, so it is recommended that they upgrade to TLS 1.2.