Note-to-self: Security Advisory 2868725: Recommendation to disable RC4

Source: http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

Resumé:

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations.

Microsoft recommends TLS1.2 with AES-GCM as a more secure alternative which will provide similar performance.

See also:

TechNet Blogs » Security Research & Defense : http://blogs.technet.com/b/srd/

And other interesting reading material referenced in the blog:

http://blog.cryptographyengineering.com/

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s