[aklug] Re: PSA: RC4 being disabled in IE and Edge on April 12

From: Royce Williams <royce@tycho.org>
Date: Thu Mar 17 2016 - 07:56:04 AKDT

For those of you trapped in operating systems written by a company
that decided to arbitrarily reinvent the record separator, that
attachment can be opened in Wordpad to be read. ;)


On Thu, Mar 17, 2016 at 7:53 AM, Royce Williams <royce@tycho.org> wrote:
> tl;dr: If IE can't get to your site on April 12, this is why; act now. :)
> Summary post:
> https://blogs.windows.com/msedgedev/2016/03/16/rc4-will-no-longer-be-supported-in-microsoft-edge-and-ie11-beginning-in-april/
> Technical post:
> https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4/
> Depending on your cipher order, this may make your largest
> customer/visitor base unable to reach your sites. You are more likely
> to be impacted if your site shows as "RC4 on" here, and no TLS 1.2
> support:
> http://www.techsolvency.com/tls/
> ... but you'll need to check your own config and your Qualys results
> (linked from each record in my results).
> The first MS post above has guidance for evaluation methods and fixes.
> From my cached results, ~1600 Alaskan sites are potentially affected.
> List attached (I hope). These are all the sites that appear to A) not
> support TLS 1.2, and B) still use RC4-based ciphers. The actual list
> of affected sites is probably lower, but these are the sites that
> should be checked more closely.
> Royce
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Mar 17 06:14:14 2016

This archive was generated by hypermail 2.1.8 : Thu Mar 17 2016 - 06:14:14 AKDT