Forums

Is it possible for you to disable the RC4 encryption algorithm for my website? I have been told that it is vulnerable to fairly simple attacks that could end up revealing the actual data being sent back and forth between a user and a website. Thanks!

That's a good point. Originally, RC4 was the only way to mitigate the BEAST attack from the server, but since then, RC4 has been discovered to be weak. There are now other server-side mitigations to BEAST and most clients also have client-side defenses, so there's no good reason to continue using RC4. We will do some testing and probably disable RC4 for everyone.