Skip to main content

Microsoft will end support for RC4 encryption in Edge and IE11 next month

microsoft will end support for rc4 encryption in edge and ie11 next month edgebrowserdata
Microsoft has announced that it will end support for RC4 encryption in its Microsoft Edge and Internet Explorer 11 web browsers next month. On April 12, it will no longer provide support for the RC4 cipher, as it has been proven to be cryptographically insecure. Some attacks have been able to compromise it in just a few days, or even hours.

One such attack was demonstrated by security researchers at the Usenix conference last year, where it only took them about 52 hours to crack.

As a result, any sites that use it have been an attractive target. The cipher has been around since 1987, and the likes of Microsoft and Mozilla have been warning about its aging reliability for a while now. In February of last year, the Internet Engineering Task Force moved to prohibit the use of RC4 with TLS over security fears.

Both Google and Mozilla killed off their use of RC4 in January with the launches of Chrome 48 and Firefox 44. Microsoft is now following suit and has been advising web services to move over to TLS 1.2 instead as soon as possible.

“Microsoft Edge and Internet Explorer 11 only utilize RC4 during a fallback from TLS 1.2 or 1.1 to TLS 1.0. A fallback to TLS 1.0 with RC4 is most often the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack,” said Brent Mills, senior program manager at Windows Experience. “For this reason, RC4 will be entirely disabled by default for Microsoft Edge and Internet Explorer users on Windows 7, Windows 8.1 and Windows 10 starting April 12.”

As for how this will affect the end users, it’s unlikely that you will notice anything different according to Mills. RC4 will be simply be disabled by default for all users for Windows 7, 8, 8.1, and 10.

“The percentage of insecure web services that support only RC4 is known to be small and shrinking,” said Mills. However, if you do happen to visit a site that’s secured by RC4, it will be flagged as insecure in Internet Explorer 11 and Edge once the algorithm is put out to pasture.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Microsoft's Edge browser uses a virtual machine to quarantine itself from malware
microsoft edge click to run flash header

Intent on winning over more of the enterprise browser market, Microsoft has unveiled a new security feature it's calling “Windows Defender Application Guard.” It’s a mouthful, but it will reportedly make Edge one of the most secure browsers available. The feature uses a “mini virtual PC” to isolate Edge from the rest of your system, effectively quarantining the entire browser to prevent malware from gaining access to sensitive files.

“Even if an untrusted site successfully loads malware, the malware is unable to reach beyond the isolated container to steal data or permanently compromise devices or the network,” Microsoft wrote in a blog post detailing the new security features.

Read more
Microsoft Edge will halt Flash-based objects in Windows 10 Anniversary Edition
1150218 autosave v1 2 microsoft edge win 10 icon

Microsoft released Build 14316 of Windows 10 to insiders on the Fast ring just days ago, and revealed that the company released two new extensions for the Microsoft Edge browser while updating three existing extensions. What the company did NOT reveal in its launch announcement was a specific change it made to the browser: auto-pausing content that is not central to a web page. Essentially, the browser will pause Flash-based animation and will require the user to click on the content if he\she wants it to play.

So why has Microsoft made this change? According to John Hazen, Principal Program Manager Lead of Microsoft Edge, this move will not only “significantly” reduce power consumption, but improve the performance of the browser and web page. However, not all Flash objects will be loaded in a paused state. Games and videos that are “central” to the page will not be touched by the Edge browser.

Read more
Microsoft bleeds IE users to Google, Chrome on top by mid-year
microsoft bleeds ie users to google chrome on top by mid year internet explorer

As users abandon Microsoft's once dominant Web browser, Google appears to be reaping the benefits. According to the latest data from Net Applications, Microsoft's share of the desktop browser market has plummeted by roughly 11 percent over the last 10 months. Alternatively, Google has picked up nearly all of that market share in new Chrome users.

At this rate of growth, Google will likely overtake Microsoft as the new Web browser leader. The only bright spot for Microsoft is Edge usage doubled over the last month, rising from 1.5 percent in January to 3 percent in February on one version of the Windows 10 software.

Read more