> Please correct me if my understanding is wrong, basically this attack is > triggered based on the design of RC4. > openssl is one of the implementers of RC4 algo. There are biases in the stream created by RC4. In theory, and adversary could use the biases to as a launchpad to recover plain text (but I seem to recall it needs a lot of cipher text). RC4 has been wounded again, but it has not been broken. > I am not sure if there will be any design change or openssl will try to > disable RC4 support... Probably not. Just add "!RC4" to you cipher suite list to remove it if you don't want it. For example, "HIGH:!ADH:!RC4:!MD5". > But, Is disabling RC4 algo usage in the applications which are using openssl > a better approach? Thanks In TLS 1.2, you have the AES/GCM cipher suites. You also have the upcoming ChaCha20/Poly1305 cipher suites. (ChaCha20/Poly1305 is predicated on the TLS Working Group choosing to adopt them, see https://www.ietf.org/mail-archive/web/tls/current/msg15722.html). In TLS 1.1 and below, you only have block ciphers if you remove RC4. You'll have to make due with AES/CBC (or another block cipher). Jeff
