Browser Makers To End RC4 Support In Early 2016

msm1267 writes: Google, Microsoft and Mozilla today announced they've settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers. Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 (and Microsoft Edge) respectively will also do so in the January-February timeframe. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.

Re:Older browsers

[jonwil]

Assuming you aren't on a browser that is so old it doesn't support more secure algorithms (AES I believe is the one everyone should be using instead of RC4) then what will happen is that people still using RC4 certificates will switch to AES certificates and your browser will be more secure as a result.

I hope not

[Viol8]

I'm waiting for Firefox 69 - Porn Edition to be released. The way their version numbers are going up that'll be around this time next year.

Re:I hope not

[l0n3s0m3phr34k]

I'm hoping version 42 will have come type of reference in it, but I don't know if the coders are the type to always have a towel with them.

Re:I hope not

[Flavianoep]

If Firefox 44 comes in Jan., 2016, I guess that by the end of the year they will have caught up with Google Chrome.

Re: I hope not

[BarbaraHudson]

Firefox 69 the porn edition will down on you on a regular basis. Their marketing motto will be "Firefox 69 sux even more".

Re: I hope not

[arglebargle_xiv]

Firefox 69 the porn edition will down on you on a regular basis. Their marketing motto will be "Firefox 69 sux even more".

Years ago, back in the days of IE 6, I had a t-shirt made that said "Firefox sucks less". Your comment there just reminded me that if I'd had the same shirt done today, it'd have to be "Firefox sucks more". Sigh.

Re: Older browsers

[dreamchaser]

Most people stuck using older browsers have to do so due to applications at work written specifically to the quirks of said browsers. Even an old, old personally owned system can be upgraded to newer browser versions.

Re:Older browsers

[rudy_wayne]

Let's assume for a second that changing browsers isn't possible. Will this affect those of us who are stuck using older browsers, such as FireFox 10 and IE6?

You're assuming that every website in the universe will automagically abandon RC4 between now and January.

I have had to keep RC4 enabled because of websites I need to access who still use it. Yes, I tried to contact them, and yes, they are completely clueless.

Re:Older browsers

[ledow]

In the same way nobody really writes web browsers for DOS anymore - yes.

You might find a niche project that lets you bring those heap-of-old-junk browsers onto the net via some proxy or setting change or patch or similar, but it'll be unofficial and unsupported.

And nobody with a website will care, they'll just tell you to upgrade. Like nobody will sell you new versions of Microsoft Office for DOS - stick with it on what you have and watch as you can't view other's content in newer formats, or upgrade.

Nobody's saying leap to Windows 10 here. We're saying stop using a browser that's over THREE TIMES AS OLD as an obsolete computer (e.g. 2001 for IE6) to secure your banking transactions when it has known security flaws that CANNOT be fixed.

Re: Older browsers

[quetwo]

Keep one old browser for that specific application, and upgrade the rest. I still keep my copy of Firefox downgraded to some stupid old version because of my ERP system, but I use Chrome at the latest.

Re:Older browsers

[arth1]

Nobody's saying leap to Windows 10 here. We're saying stop using a browser that's over THREE TIMES AS OLD as an obsolete computer (e.g. 2001 for IE6)

Obsolete? Let me check my main computer.
% grep name /proc/cpuinfo
model name : Intel(R) Pentium(R) III CPU family 1133MHz
A browser three times that age would have had to be made in 1973...

But it's not even obsolete. It runs up-to-date patched software, does all its tasks, and handles admirably. It's no more obsolete than a well maintained car from 2001 is.

Re:Why wait?

[TheCycoONE]

Presumably so that people running servers who are not up in the know about cipher suites, now finally have some incentive to take a look (because they ignored earlier security reports - they didn't have any 'impact'). Once they find out they're using RC4 they need to figure out how to pick different ciphers, and maybe upgrade their web server and ssl library. Maybe it's far fetched, but browser makers are pretty conservative about 'breaking the web' for anyone.

RC4

[rossdee]

end support for Release Candidate 4?

Does this mean there will be fewer (beta) versions?

Re: What about Cyberdog?

[0xdeaddead]

Maybe one of those new powermac with a 601 powerpc and system 8.5!

Or just install a/ux and build a ssl proxy

Re:Why wait?

[Gr8Apes]

I'd say slap big fat hairy warning signs about the web site being insecure today, and turn it off in the next release. The admins will figure it out very very quickly that something's rotten in their web site configuration.

Re: Older browsers

[Gr8Apes]

Keep one old browser for that specific application, and upgrade the rest. I still keep my copy of Firefox downgraded to some stupid old version because of my ERP system, but I use Chrome at the latest.

Because sending all my browsing habits to Google is secure!

Re:Older browsers

[Opyros]

nobody really writes web browsers for DOS anymore

As a matter of fact, a gopher browser(!) for DOS just got a new version.

Re:Older browsers

[arth1]

If you compile it yourself it would run just fine...

Bingo. Gentoo is very nice that way.

Re:What about Cyberdog?

[tepples]

I still run Cyberdog on my System 7 Quadra box. What options do I have?

Buy a modern Mac mini and see how many of the apps on your Quadra also run in Basilisk II.