Reverted RC4 is now allowed only on whitelisted sites

Published: | Categories: Privacy & Security


Mozilla and other major browser vendors have agreed to stop supporting the insecure RC4 cipher suites, deprecated since Firefox 36, finally in early . As per the deprecation plan, the whitelist allowing certain sites to use RC4 has been applied to the Beta and Release channels, in addition to Firefox Nightly and Developer Edition. That means users will see the Untrusted Connection error message on various non-whitelisted RC4-enabled sites.

Starting with Firefox 44, the RC4 support will be disabled by default on all channels. Web servers must be upgraded as soon as possible to use stronger cipher suites.

Update: This change has been reverted because the UI that allows temporarily using RC4 is not ready yet.