How we built it

Remove RC4 (removed)

RC4 is a 28 year old cipher that has done remarkably well, but it is now the subject of several, significant attacks. The IETF has decided that RC4 is sufficiently bad to warrant a statement that it must no longer be used (RFC 7465). When Chrome makes an HTTPS connection it has an implicit duty to do what it can to ensure that the connection is secure. At this point, the use of RC4 in an HTTPS connection is falling below that bar.




Established standard

Status in Chromium

Removed (launch bug) in:

  • Chrome for desktop release 48
  • Chrome for Android release 48
  • Chrome for iOS release 48
  • Android WebView release 48

Consensus & Standardization


Last updated on 2015-11-17