Posts Tagged ‘RC4’

How to Block the Insecure RC4 Cipher in Firefox and Chrome

Tuesday, July 28th, 2015

Yet another browser vulnerability to worry about … but fortunately there’s an easy way to block it.

Whenever you connect to a secure website using Firefox or any other modern browser, negotiations happen in the background that determine what is being used to encrypt the connection. RC4 is a stream cipher that is currently supported by most browsers even though it may only be used as a fallback (if other negotiations fail) or for whitelisted sites. Exploits have come to light in recent time that take advantage of weaknesses in RC4 which allow attackers to run attacks in a reasonable time frame, for instance to decrypt web cookies which often contain authentication information.