The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
jdstrand> this is a protocol problem not specific to openssl. Using openssl
as a placeholder until more information is available
jdstrand> marking low for now until more information is available. At present,
naive attacks need tens to hundreds of millions of TLS connections. Optimized
attacks are not present yet.
jdstrand> marking deferred since there is no consensus on what to do (we can't
just disable RC4)
Updated: 2013-11-25 21:14:19 UTC (commit 7483)