[TLS] Prohibiting RC4 Cipher Suites
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 21 August 2013 20:59 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D590D21F9F2B for <tls@ietfa.amsl.com>; Wed, 21 Aug 2013 13:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[AWL=-1.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMHXqAp0YtRh for <tls@ietfa.amsl.com>; Wed, 21 Aug 2013 13:59:22 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0209.outbound.protection.outlook.com [207.46.163.209]) by ietfa.amsl.com (Postfix) with ESMTP id B0E3421F9FD5 for <tls@ietf.org>; Wed, 21 Aug 2013 13:59:14 -0700 (PDT)
Received: from BL2PR03MB194.namprd03.prod.outlook.com (10.255.230.142) by BL2PR03MB194.namprd03.prod.outlook.com (10.255.230.142) with Microsoft SMTP Server (TLS) id 15.0.745.25; Wed, 21 Aug 2013 20:59:04 +0000
Received: from BL2PR03MB194.namprd03.prod.outlook.com ([169.254.14.159]) by BL2PR03MB194.namprd03.prod.outlook.com ([169.254.14.218]) with mapi id 15.00.0745.000; Wed, 21 Aug 2013 20:59:03 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Prohibiting RC4 Cipher Suites
Thread-Index: Ac6esIChBWliS7Z2TPWoD9XjLTgjuQ==
Date: Wed, 21 Aug 2013 20:59:02 +0000
Message-ID: <2a98812c79804000ad1e74557a10125a@BL2PR03MB194.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::3]
x-forefront-prvs: 0945B0CC72
x-forefront-antispam-report: SFV:NSPM; SFS:(26614003)(189002)(199002)(53754006)(4396001)(74316001)(65816001)(69226001)(56776001)(59766001)(77982001)(76482001)(54316002)(54356001)(74706001)(53806001)(47736001)(47976001)(81542001)(49866001)(76796001)(80022001)(15202345003)(76176001)(50986001)(81342001)(76576001)(74366001)(76786001)(81686001)(31966008)(16236675002)(74876001)(19580385001)(80976001)(19300405004)(51856001)(46102001)(83072001)(77096001)(56816003)(74662001)(33646001)(19580395003)(47446002)(83322001)(81816001)(79102001)(63696002)(74502001)(24736002)(3826001); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB194; H:BL2PR03MB194.namprd03.prod.outlook.com; CLIP:2001:4898:80e8:ed31::3; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_2a98812c79804000ad1e74557a10125aBL2PR03MB194namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 03
X-MS-Exchange-CrossPremises-AuthSource: BL2PR03MB194.namprd03.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 2001:4898:80e8:ed31::3
X-MS-Exchange-CrossPremises-avstamp-service: 1.0
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-MS-Exchange-CrossPremises-ContentConversionOptions: False; 00160000; True; ; iso-8859-1
X-OrganizationHeadersPreserved: BL2PR03MB194.namprd03.prod.outlook.com
Subject: [TLS] Prohibiting RC4 Cipher Suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 20:59:25 -0000
Hello All, RC4 is a widely deployed cipher, which is commonly preferred by TLS servers: our tests show ~40% of the high-traffic HTTPS sites pick RC4 if IE offers this cipher. A significant percentage of web sites and e-mail servers have only RC4 enabled, so a client cannot altogether disable RC4 without breaking interoperability. At the same time, attacks on RC4 are improving (e.g. http://www.isg.rhul.ac.uk/tls/), to the point that practical exploits are possible. I have posted a new Internet-Draft "Prohibiting RC4 Cipher Suites" (draft-popov-tls-prohibiting-rc4-00<http://datatracker.ietf.org/doc/draft-popov-tls-prohibiting-rc4/>) to deprecate the use of RC4 cipher suites in TLS. Looking forward to comments and feedback on the draft, Andrei Popov
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Paterson, Kenny
- [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Andrei Popov
- Re: [TLS] Prohibiting RC4 Cipher Suites Yaron Sheffer
- [TLS] Prohibiting RC4 Cipher Suites Andrei Popov