{"id":2029,"date":"2015-09-11T10:08:07","date_gmt":"2015-09-11T17:08:07","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2029"},"modified":"2016-09-30T02:48:02","modified_gmt":"2016-09-30T09:48:02","slug":"deprecating-the-rc4-cipher","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/","title":{"rendered":"Deprecating the RC4 Cipher"},"content":{"rendered":"<p>As part of our commitment to protect the privacy of our users, Mozilla will disable the insecure RC4 cipher in Firefox in late January 2016, beginning with Firefox 44. Mozilla will be taking this action in coordination with the <a href=\"https:\/\/groups.google.com\/a\/chromium.org\/forum\/#%21msg\/security-dev\/kVfCywocUO8\/vgi_rQuhKgAJ\">Chrome<\/a> and <a href=\"http:\/\/blogs.windows.com\/msedgedev\/2015\/09\/01\/ending-support-for-the-rc4-cipher-in-microsoft-edge-and-internet-explorer-11\/\">IE\/Edge<\/a> teams. If you&#8217;re a web site operator and still rely on RC4, you need to <a href=\"https:\/\/wiki.mozilla.org\/Security\/Server_Side_TLS#Recommended_configurations\">enable some other ciphers<\/a>, or Firefox users will be unable to reach you.\u00a0 Very few servers rely exclusively on RC4, so most users should experience minimal disruption.<\/p>\n<p><strong>The Rise and Gradual Fall of RC4<\/strong><\/p>\n<p>Developed in 1987 by Ron Rivest, the <a href=\"https:\/\/en.wikipedia.org\/wiki\/RC4\">RC4 cipher<\/a> has been a staple of cryptography for almost 30 years.\u00a0 For many years, RC4 was widely used by HTTPS servers: first because it was faster than contemporary alternatives, and later because it was immune to attacks that other ciphers were vulnerable to, such as <a href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security#BEAST_attack\">BEAST<\/a>.<\/p>\n<p>Over the years, however, cryptanalysis of RC4 has resulted in better and better attacks against it.\u00a0 It has been known since 1995 that RC4 has <a href=\"http:\/\/www.impic.org\/papers\/WeakKeys-report.pdf\">certain biases<\/a> that make it easier to attack.\u00a0 Recently, <a href=\"http:\/\/www.isg.rhul.ac.uk\/tls\/\">several<\/a> <a href=\"https:\/\/www.imperva.com\/docs\/HII_Attacking_SSL_when_using_RC4.pdf\">practical<\/a> <a href=\"http:\/\/www.rc4nomore.com\/\">attacks<\/a> against RC4-protected HTTPS sessions have been demonstrated.\u00a0 This led the IETF to publish\u00a0<a href=\"https:\/\/tools.ietf.org\/html\/rfc7465\">RFC 7465<\/a>, which forbids the use of RC4 in TLS.<\/p>\n<p>At the same time, newer ciphers such as <a href=\"https:\/\/tools.ietf.org\/html\/rfc5288\">AES-GCM<\/a> have been created, which are as fast as RC4 on modern hardware, and are also immune to attacks such as BEAST.\u00a0 Most web servers support these newer ciphers, and the majority of Firefox TLS transactions already use them.<\/p>\n<p><strong>Deprecation of RC4 in Firefox<\/strong><\/p>\n<p>Until recently, RC4 was fully supported by Firefox to maintain compatibility with older servers, but over the past year, we&#8217;ve been gradually removing support.<\/p>\n<p>In <a href=\"https:\/\/developer.mozilla.org\/en-US\/Firefox\/Releases\/36#Security\">Firefox 36<\/a> (released in February 2015), we took the first step by making RC4 a &#8220;fallback-only&#8221; cipher.\u00a0 With that change, Firefox would first try to communicate with the server using secure ciphers, before &#8220;falling back&#8221; to RC4.\u00a0 As a result, Firefox would only use RC4 if the server didn&#8217;t support anything better.\u00a0 That was a major step; over the course of the following weeks, RC4 usage by Firefox dropped from around 27% of TLS transactions to less than 0.5%.<\/p>\n<p>In <a href=\"https:\/\/developer.mozilla.org\/en-US\/Firefox\/Releases\/38#Security\">Firefox 38<\/a> (released in May 2015), we took a further step by disabling RC4 almost entirely in our pre-release Nightly and Developer Edition products, leaving it enabled only for a small whitelist of sites.\u00a0 Web developers using those products to test their sites will have already seen breakage if their site requires RC4.\u00a0 Perhaps as a result of this, RC4 usage by Firefox has continued to gradually decline, to the point where it&#8217;s currently used in only 0.08% of TLS transactions.<\/p>\n<p><strong>Disabling RC4 by Default<\/strong><\/p>\n<p>RC4 will no longer be offered by default in TLS fallback beginning with Firefox 44, set to be released on January 26, 2016. As a result, Firefox will refuse to negotiate RC4 with web servers. We are announcing this change now in order to provide website operators with time to update their websites.<\/p>\n<p>As noted above, the share of Firefox TLS communications using RC4 has fallen from approximately 27% at the end of 2014 to only .08% at present.\u00a0 As such, Mozilla expects the impact from this change to be minimal and localized to a small number of websites that currently only offer RC4 and are unable to upgrade prior to January.<\/p>\n<p>Mozilla maintains a <a href=\"https:\/\/wiki.mozilla.org\/Security\/Server_Side_TLS\">set of guidelines on TLS configurations<\/a> and a <a href=\"https:\/\/mozilla.github.io\/server-side-tls\/ssl-config-generator\/\">TLS configuration generator<\/a> to assist website operators in the selecting a secure configuration for their websites. Although it is recommended that website operators remove the availability of RC4 entirely, those that require compatibility with older clients such as Internet Explorer 6 may want to continue to offer RC4.\u00a0 As long as more modern ciphers suites containing AES are also available, Firefox will use those more secure options instead of RC4.<\/p>\n<p>Users that would like to disable RC4 fallback prior to the January release may set the <em>security.tls.unrestricted_rc4_fallback<\/em> setting inside of about:config to <em>false<\/em>.\u00a0 After that preference is set to false by default in Firefox 44, users that still require RC4 may re-enable it by setting it back to <em>true<\/em>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As part of our commitment to protect the privacy of our users, Mozilla will disable the insecure RC4 cipher in Firefox in late January 2016, beginning with Firefox 44. Mozilla &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/\">Read more<\/a><\/p>\n","protected":false},"author":1227,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,847,69,45499],"tags":[45513,45499,335],"coauthors":[282912],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Deprecating the RC4 Cipher - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"April King\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/\",\"name\":\"Deprecating the RC4 Cipher - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2015-09-11T17:08:07+00:00\",\"dateModified\":\"2016-09-30T09:48:02+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/cab208d1e0249bd2da73bc39c3d542b7\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Deprecating the RC4 Cipher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/cab208d1e0249bd2da73bc39c3d542b7\",\"name\":\"April King\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/dd59dfe8e9604d209d11d9a03e8ab3a6\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b874e43ec7b59fdca0b4f9b8c3b7cc1b?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b874e43ec7b59fdca0b4f9b8c3b7cc1b?s=96&d=identicon&r=g\",\"caption\":\"April King\"},\"description\":\"IRC: April\",\"sameAs\":[\"https:\/\/pokeinthe.io\/\",\"https:\/\/x.com\/aprilmpls\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Deprecating the RC4 Cipher - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/","twitter_misc":{"Written by":"April King","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/","url":"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/","name":"Deprecating the RC4 Cipher - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2015-09-11T17:08:07+00:00","dateModified":"2016-09-30T09:48:02+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/cab208d1e0249bd2da73bc39c3d542b7"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2015\/09\/11\/deprecating-the-rc4-cipher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Deprecating the RC4 Cipher"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/cab208d1e0249bd2da73bc39c3d542b7","name":"April King","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/dd59dfe8e9604d209d11d9a03e8ab3a6","url":"https:\/\/secure.gravatar.com\/avatar\/b874e43ec7b59fdca0b4f9b8c3b7cc1b?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b874e43ec7b59fdca0b4f9b8c3b7cc1b?s=96&d=identicon&r=g","caption":"April King"},"description":"IRC: April","sameAs":["https:\/\/pokeinthe.io\/","https:\/\/x.com\/aprilmpls"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2029"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1227"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2029"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2029\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2029"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}