14 DAY TRIAL // By the end of February 2016, you'll have seen the last of RC4 encryption in browsers like Chrome, Firefox, Internet Explorer, and Edge, their parent companies have announced.
The once mighty RC4 encryption algorithm, used in popular Web technologies like WEP, WPA, SSH, TLS/SSL, RDP, PDF, Kerberos, SASL, Skype, and BitTorrent, has seen its glory days come and go.
With security experts slashing it to pieces in their research papers and hackers using its exposed flaws to mount their attacks, RC4's popularity decreased so much that the creators of the TLS protocol, the Internet Engineering Task Force (IETF), outright prohibited its usage within TLS anymore.
Things turned even uglier for RC4 yesterday, when, in a series of inter-connected announcements, three of the five major browser makers announced that they plan to remove RC4 support from future versions of their products altogether, practically twisting the knife that was already left in RC4's back by the IETF announcement.
RC4 support will be removed by late February 2016
So, starting with the early part of 2016, browser makers like Mozilla, Microsoft and Google will drop RC4 support from Firefox, Internet Explorer, Edge, and Chrome.
In a detailed timeline, Mozilla has announced it intends to disable RC4 starting with Firefox 44, which is officially scheduled for release on January 26, 2016.
This is no big deal since its internal data shows that only 0,08% of its userbase were currently using it, RC4 being partly disabled since Firefox 37.
The Chrome team, on the other hand, didn't provide an exact date or version, but they committed to removing RC4 support in the Stable channel around January or February 2016.
While these two announcements came buried deep in Google Grup talk pages, Microsoft announced it on its official blog, saying that "Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations." This announcement will affect both browsers of the company, IE and Edge.