+1-888-690-2424

BEAST and RC4

Bruce Morton

In order to mitigate a BEAST attack, the advice is to prioritize RC4 cipher suites on your Web server to avoid the use of vulnerable cypher block chaining (CBC) suites. But how well do the clients support RC4?

Ivan Ristić of Qualys did some tests at SSL Labs and saw that only 45 of 48,481 unique IP addresses (0.09 percent) did not support RC4. Of those, he concludes that most disabled RC4 for one reason or another.

The recommendation is still to prioritize RC4 cipher suites; however with such great support of RC4, you may be able to eliminate your Web server’s support for CBC.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.

0 Comments

Add to the Conversation