RC4 is a 28 year old cipher that has done remarkably well, but it is now the subject of several, significant attacks. The IETF has decided that RC4 is sufficiently bad to warrant a statement that it must no longer be used (RFC 7465). When Chrome makes an HTTPS connection it has an implicit duty to do what it can to ensure that the connection is secure. At this point, the use of RC4 in an HTTPS connection is falling below that bar.
Demo
Documentation
Specification
Status in Chromium
Removed (tracking bug) in:
- Chrome for desktop release 48
- Chrome for Android release 48
- Chrome for iOS release 48
- Android WebView release 48
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- In development
- In development
- No signal
- No signals
Owners
Search tags
rc4, tls, ssl,Last updated on 2021-02-04