RC4 no longer considered secure

  |   Lukas Pokorny

The security of RC4 encryption algorithm has been questionable for many years. But despite well-founded concerns, this has remained a popular TLS/SSL cipher not only due to its speed, but also as a countermeasure against "BEAST" attack targeting block ciphers using CBC mode in SSL 3.0 and TLS 1.0. As of now, almost all HTTPS servers still support RC4 ciphers and many even prefer them.

This is almost certainly going to change soon. Last month, researchers have been able to exploit RC4's invariance weakness vulnerability to faciliate Bar mitzvah attack, by which an attacker can retrieve about 64 bytes of encrypted information of a very small fraction of TLS/SSL connections that happen to use weak keys. Even though the likelihood of being compromised by a Bar Mitzvah attack is low, it looks like this could be the final straw for the RC4 encryption algorithm.

Disabling RC4 in TLS/SSL

Since RC4 is no longer believed to be secure, particularly when used in TLS/SSL protocol, we have decided to disable it by default in the latest release of our components (2015 R3). It can still be enabled when needed for interoperability reasons, but it's not recommended.

Affected components:

If you are using one of these components, we strongly recommend disabling RC4 ciphers in TLS/SSL using the following code:

var client = new Ftp(); // applies to Imap, Pop3 and Smtp objects as well  

// disable all RC4-based ciphers (recommended)
// (works with 2012 R3 and higher)
// (the "anonymous" ciphers have never been enabled by default)
client.Settings.SslAllowedSuites &=  
    TlsCipherSuite.DH_anon_EXPORT_WITH_RC4_40_MD5 |
    TlsCipherSuite.DH_anon_WITH_RC4_128_MD5 |
    TlsCipherSuite.DHE_DSS_EXPORT1024_WITH_RC4_56_SHA |
    TlsCipherSuite.DHE_DSS_WITH_RC4_128_SHA |
    TlsCipherSuite.RSA_EXPORT1024_WITH_RC4_56_SHA |
    TlsCipherSuite.RSA_EXPORT_WITH_RC4_40_MD5 |
    TlsCipherSuite.RSA_WITH_RC4_128_SHA |

// enable RC4-based ciphers that were considered
// 'secure enough' until recently (not recommended)
client.Settings.SslAllowedSuites |=  
    TlsCipherSuite.DHE_DSS_WITH_RC4_128_SHA |

client.Connect("server", SslMode.Explicit);