1

I have read numerous times that the RC4 cipher itself is considered broken in TLS. Still many websites are using the TLS_RSA_WITH_RC4_128_SHA configuration even to date.

Now, I know that sometimes different uses of a cipher mitigate different attack scenarios, so my question is straightforward: Is this particular cipher configuration still considered secure, or are companies just not fast enough in changing to other configurations?

e-sushi
  • 17,891
  • 12
  • 83
  • 229
random_error
  • 111
  • 1
  • 1
    Take a look at this question and answers. – mikeazo May 12 '14 at 12:02
  • @mikeazo Thank you for pointing me there. I had kind of the same idea from reading around prior to asking, just wanted to make sure. I think it's sad that there is better cryptography available and usable, but not used because people are slow in switching. – random_error May 12 '14 at 12:11

0 Answers0