On January 5, 2015 GitHub’s web encryption protocol will drop support for RC4 — an older suite of authentication and encryption algorithms with a number of known vulnerabilities.
As a result, people using Internet Explorer on computers running Windows XP will no longer be able to access github.com. Windows XP, which is no longer updated by Microsoft, runs an outdated version of Secure Socket Layer and is susceptible to attacks.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1631153,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,dev,","session":"C"}']In order to access GitHub after it loses support for RC4, GitHub recommended that users upgrade to a newer version of Windows or access GitHub using Chrome or Firefox browsers.
In a blog post from November 2013 encouraging developers to disable RC4, Microsoft noted that 43 percent of websites use the cipher suite. The software company went on to elaborate the problems with the key-scheduling algorithm in RC4 and recommended that developers switch to using Transport Layer Security version 1.2.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
Many influential companies are urging developers to phase out support for long-standing security protocols like RC4. Another security standard that has come under scrutiny this year is SSL — thanks to both the Heartbleed and POODLE vulnerabilities. Because SSL is so widely used, companies like PayPal are slowly phasing out support for the web encryption protocol by disabling older versions.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More