The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
jdstrand> this is a protocol problem not specific to openssl. Using openssl
as a placeholder until more information is available
jdstrand> marking low for now until more information is available. At present,
naive attacks need tens to hundreds of millions of TLS connections. Optimized
attacks are not present yet.
jdstrand> marking deferred since there is no consensus on what to do (we can't
just disable RC4)
mdeslaur> marking as ignored since there is no actionable item
Updated: 2014-03-21 19:14:35 UTC (commit 7867)