Good-bye SHA-1, RC4

Good-bye SHA-1, RC4

The world has evolved and we've now entered a time when our best security measures just are no longer good enough.

As part of this month's patching efforts, it's important to know that Microsoft has decided to set end-of-support dates for two security protocols, SHA-1 and RC4.

SHA-1 was published in 1995 and RC4 in the good old days of 1987. The NIST actually recommended moving away from SHA-1 in 2005 due to evidence of attacks, but Microsoft has just set the support for SHA-1 to end in 2016. After 2016, Microsoft will stop recognizing SHA-1 certificates.

RC4, on the other hand, is part of an update this month that allows companies to methodically move away from supporting the security protocol.

Per Microsoft…

(The) update provides tools for customers to test and disable RC4. The launch of Internet Explorer 11 (IE 11) and Windows 8.1 provide more secure defaults for customers out of the box. IE 11 enables TLS1.2 by default and no longer uses RC4-based cipher suites during the >TLS handshake. Details on this can be found at the IEBlog: IE11 Automatically Makes Over 40% of the Web More Secure While Making Sure Sites Continue to Work

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.