RC4 is a 28 year old cipher that has done remarkably well, but it is now the subject of several, significant attacks. The IETF has decided that RC4 is sufficiently bad to warrant a statement that it must no longer be used (RFC 7465). When Chrome makes an HTTPS connection it has an implicit duty to do what it can to ensure that the connection is secure. At this point, the use of RC4 in an HTTPS connection is falling below that bar.




Specification link

Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium


Removed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • In development
  • No signal
  • No signals


Search tags

rc4, tls, ssl,

Last updated on 2021-02-04