Microsoft disables RC4 in Microsoft Edge and IE11 with the latest update
1 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Last year, Microsoft announced their decision to end the support of the RC4 cipher in Microsoft Edge and Internet Explorer 11 in early 2016. Back in April, they said that this change will be released as part of April’s cumulative security updates on April 12th, 2016. But this was delayed based on customer feedback. Today, they are releasing KB3151631 with the August 9, 2016 cumulative updates for Windows and IE, which disables RC4 in Microsoft Edge (Windows 10) and IE11 (Windows 7 and newer). With this update, the RC4 cipher will be disabled by default and will not be used during TLS fallback negotiations.
The percentage of insecure web services that support only RC4 is known to be small and shrinking.
If your web service relies on RC4, you will need to take action. Since 2013, Microsoft has recommended that customers enable TLS 1.2 in their services and remove support for RC4. For additional details, please see Security Advisory 2868725. For supported ciphers, and additional information on ciphers see: Cipher Suites in TLS/SSL (Schannel SSP).
Read more about it here.
User forum
1 messages