RC4, CBC, what the …?
BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”
BEAST and RC4
In order to mitigate a BEAST attack, the advice is to prioritize RC4 cipher suites on your Web server to avoid the use of vulnerable cypher block chaining (CBC) suites. But how well do the clients support RC4? Ivan Ristić of Qualys did some tests at SSL Labs and saw that only 45 of 48,481 unique [Read More...]