It's official. Support for RC4, a stream cipher used by browsers for securing connections (among other things), will be dropped sometime in early 2016 by Google, Mozilla, and Microsoft. The cipher is vulnerable to several concerning attacks, and its design dates from 1987.
RC4's deprecation isn't entirely unexpected. The Internet Engineering Task Force had already published an RFC document in February of this year prohibiting the use of the cipher suite in TLS connections, so the writing was on the wall, but the cipher now has a date with the executioner.
All of today's major browsers only use RC4 as a fallback cipher if a better encryption method can't be negotiated with the server, and the move to deprecate it should have next to no drawbacks. According to Google, only 0.13% of HTTPS connections in Chrome are made using the outdated cipher, a number that's only shrinking as sysadmins around the world disable it on their servers. Mozilla reports an even smaller number for Firefox—only 0.08% of that browser's HTTPS connections use RC4.
|TR's 2017 Christmas giveaway: goodies from MSI, Antec, and OCZ||14|
|VESA DisplayHDR attempts to demystify HDR-capable monitors||14|
|BenQ EW277HDR brings HDR10 in reach of mere mortals||5|
|Intel Pentium Gold chips now have Silver siblings||25|
|Acer ProDesigner PE320QK is big on size and color accuracy||2|
|Thermaltake's Nemesis Switch has enough buttons for all your macros||17|
|Zotac Gaming MEK1 PCs have the requisite pieces of flair||9|
|Toshiba's latest hard drives store 14 TB without shingles||66|
|Friday deals: a motherboard trio, a cheap CLC, and a rodent||11|