I was trying to figure out why my libreoffice-bin is throwing an error when I came across Deactivating the RC4 cipher in Firefox, then I searched for some information about why doing such.
According to Wikipedia:
A double-byte bias attack on RC4 in TLS and SSL that requires 13 × 220 encryptions to break RC4 was unveiled on 8 July 2013, and it was described as “feasible” in the accompanying presentation at the 22nd USENIX Security Symposium on August 15, 2013. Microsoft recommends disabling RC4 where possible.
Little farther down the excerpt, it says “36.2% (-0.3%) support RC4 suites used with modern browsers” and only “7.6% (+0.3%) not support.” To be honest, I don’t have any clue how the attack is done since I am definitely not possessing any knowledge of Internet security by my own judgment.
However, since there are more far more secured ciphers available, current websites generally support those, and browsers (or protocol?) would choose most secured method (High-grade Encryption) to communicate, therefore I decided it might be a good idea just to disable RC4.
You can use the following sites to see a list of ciphers available in your browser, which shouldn’t have RC4 listed once you disable those settings:
Mozilla has planned to disable RC4 by default on January 26, 2016 with Firefox 44 release. You do not need to anything from this version on. RC4 is gone for good.
Since February, 2015 with Firefox 36, RC4 has become fallback-only option via security.tls.unrestricted_rc4_fallback. If you want to turn RC4 cipher off, just set the option off and you will be done.
The steps are easy, just go to about:config and search for rc4, then disable the following six entires by double-clicking on each one to disable them, that is values set to all false:
You can try to find one server to test:
If no cipher options is available to be used, then you will get this typical error when you connect to a RC4-only website in Firefox:
The connection was reset
The connection to the server was reset while the page was loading.
As for Chrome, current 31.0.1650.57:stable, you will need to launch with:
in order to disable the following four ciphers:
|Spec||Cipher Suite Name||Key Size||Description|
|(00,04)||RSA-RC4128-MD5||128 Bit||Key exchange: RSA, encryption: RC4, MAC: MD5.|
|(00,05)||RSA-RC4128-SHA||128 Bit||Key exchange: RSA, encryption: RC4, MAC: SHA1.|
|(c0,07)||ECDHE-ECDSA-RC4 128-SHA||128 Bit||Key exchange: ECDH, encryption: RC4, MAC: SHA1.|
|(c0,11)||ECDHE-RSA-RC4128-SHA||128 Bit||Key exchange: ECDH, encryption: RC4, MAC: SHA1.|