7 Replies Latest reply: Apr 23, 2014 8:12 AM by Zoltán Halassy

W8.1(IE11) vs RC4

Rob_T

posted on Oct 21, 2013 11:52 AM

Hi,

fyr

8.1 RTM/GA seems to support RC4 by default again (while Preview did not by Default http://technet.microsoft.com/en-us/library/dn303404.aspx )

BR,
Rob

W8.1(IE11) vs RC4

Ivan Ristic posted on Oct 23, 2013 2:49 AM (in response to Rob_T)

Hi Rob,

How did you test?

I downloaded Windows 8.1 Enterprise trial today and it does not support RC4.
Like Show 0 Likes (0)
- W8.1(IE11) vs RC4
  
  Rob_T posted on Oct 23, 2013 10:15 AM (in response to Ivan Ristic)
  
  Hi, i used a fresh Setup Win8.1 Pro (activated) and updated with latest GA Patches. I can open a only RC4 secured page. https://www.ssllabs.com/ssltest/analyze.html?d=www.bsi.bund.de IE Show me "SSL 3.0, RC4 " I did not opened RC4 manually, as well when i doublecheck the registry [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers] there are no any RC4 entries. BR, Rob
  
  Like Show 0 Likes (0)
  - W8.1(IE11) vs RC4
    
    Ivan Ristic posted on Oct 23, 2013 11:00 AM (in response to Rob_T)
    
    IIRC, RC4 is not 100% disabled in Windows 8.1, but it's not available in the first handshake. Then, if that first handshake fails, IE11 will downgrade the connection a couple of times, finally reaching SSL 3, where I guess RC4 is supported.
    
    I will have a look at that when I add the downgrade functionainto to the handshake simulator.
    
    Like Show 0 Likes (0)
    - W8.1(IE11) vs RC4
      
      Rob_T posted on Oct 23, 2013 11:13 AM (in response to Ivan Ristic)
      
      Hi, yes that would explain that. BR, Rob
      
      Like Show 0 Likes (0)
      - Re: W8.1(IE11) vs RC4
        
        Rob_T posted on Nov 15, 2013 10:52 AM (in response to Rob_T)
        
        Hi Ivan,
        
        other OS will now also act like 8.1 https://technet.microsoft.com/en-us/security/advisory/2868725
        
        BR, Rob
        
        Like Show 0 Likes (0)
        
        Re: W8.1(IE11) vs RC4
        
        Rob_T posted on Nov 15, 2013 10:56 AM (in response to Rob_T)
        
        Hi, some update RC4 is still available on W7/W8.0 after the patch. You Need to tweak the "SCH_USE_STRONG_CRYPTO" See also http://msdn.microsoft.com/en-us/library/Windows/desktop/aa379809(v=vs.85).aspx BR, Rob
        
        Like Show 0 Likes (0)
    - W8.1(IE11) vs RC4
      
      Zoltán Halassy posted on Apr 23, 2014 8:12 AM (in response to Ivan Ristic)
      
      Hello!
      
      If you look at this:
      
      https://www.ssllabs.com/ssltest/analyze.html?d=ebank.khb.hu&s=193.245.73.147
      
      This server seem to fail on Windows 8.1, Internet Explorer 11, but the connection actually works. First it tries with TLSv1.2 without RC4, then it retries with TLSv1 with RC4.
      
      Like Show 0 Likes (0)