Clients breaking after avoiding RC4-MD5

Question

As per http://projects.webappsec.org/w/page/13246945/Insufficient%20Transport%20Layer%20Protection , we have been recommended to stop using RC4-MD5.

The clients supported by our Application are IE 8 and above, Safari 5 and above, Chrome 18 and above , FF 12 and above, Mobile safari for iPhone, iPad.
Ofcourse we want to avoid BEAST and CRIME attacks.
Will there be any issues if we stop using RC4-MD5 on supported clients or any other issue ?

please read this first: http://security.stackexchange.com/a/32498/485 — Rory Alsop, Oct 15 '13 at 19:09
Thanks Rory for the link .. but we have been advised by security team to phase out this. So wanted to analyze the impact on clients. — Novice User, Oct 15 '13 at 19:24

score 1 · Answer 1 · answered Oct 15 '13 at 21:12

Unless you need to be FIPS compliant I wouldn't disable rc4 md5. You can simply prefer it as a last resort. You can configure your webservers in such a way that they will only resort to rc4md5 if the client does not support any other ciphers you offer. This way you needn't worry about supporting legacy clients.

To my knowledge older phones sometimes only supported RC4 MD5 (from the pre smartphone era).

score 0 · Answer 2 · edited Oct 07 '21 at 06:58

Any client which implements SSL 3.0, TLS 1.0 or TLS 1.1 necessarily uses implementations of both MD5 and SHA-1, since both functions are used in the internal mechanism for deriving symmetric keys from the shared secret obtained from the key exchange algorithm (this mechanism is called the PRF). Therefore, it is highly improbable that a client may support RC4-MD5 but not RC4-SHA1 cipher suites. Therefore, removing support for RC4-MD5 should not break anything as long as you keep support for RC4-SHA1.

For BEAST, see this answer. Summary: BEAST may work only on browsers which have gone at least two years without patching, at which point BEAST is the least of their worries; they have much bigger holes wide open. In any case, BEAST is an attack on the client, not on the server. I'd say that BEAST is now moot (an interesting application of a known cryptographic vulnerability, but not a real threat nowadays). You usually need to "do something" about BEAST not to improve security, but to appease some auditors who believe that check-lists can replace thinking when applied to technology that they do not understand.

For CRIME, cipher suite is (mostly) irrelevant. You "fix" CRIME by not using TLS-level compression. Existing browsers don't support it anyway (they never have, or they stopped doing it some time ago).

When I type "safari beast" in Google I get suggestions for trips to Africa... — Tom Leek, Oct 16 '13 at 15:54
According to [some blog](http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers) Safari on OS X before 10.9 (not iOS) is vulnerable. — CodesInChaos, Oct 16 '13 at 15:59
Apparently, MacOS X 10.8+ and iOS 5+ support TLS 1.1 and 1.2, which are BEAST-immune; and that's actually a better way to do protection against BEAST. I don't know for Safari on Windows systems (if they use the OS-provided SSL support then they benefit from the same 1/n-1 split as IE). — Tom Leek, Oct 16 '13 at 15:59

Clients breaking after avoiding RC4-MD5

2 Answers2