On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote: > On 2014-01-09 06:41, Kurt Roeckx wrote: > >I'm considering if we should also drop support for RC4 on the > >client side. At least IE11 on windows 8.1 doesn't do RC4, but does > >do 3DES. > > I started a scan of Alexa's top 1 million websites. It's going to > take a few days to have all the results. > So far, 21 out of 1396 websites scanned support neither AES or 3DES.
For all the ones I looked it, they only have RC4 enabled. So I have to wonder, do are those sites that people in general use without ssl? Or does IE11 have some fallback mechanism that it enables RC4 if it first fails to negiotate a protocol? Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
