Insecure-Encryption-Function RC4/EN
Check for RC4 encryption method
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Outdated RC4 encryption not supported |
Result negativ | Outdated RC4 encryption supported |
Description | Your web server/website is configured to continue supporting the RC4 encryption feature, which is now considered insecure. This weakens your connections and can lead to an attacker decrypting your data. |
Background | The long-established encryption algorithm RC4 has been considered insecure for many years. Security researchers are aware of many critical gaps. In 2015, the IETF (Internet Engineering Task Force) banned the use of RC4 for TLS Connections in RFC7465. |
Consequence | Attackers can use RC4 encryption to potentially decrypt the communication between your website and your customer's browser, as RC4 has known vulnerabilities. This can be used to read passwords, form data or credit card information and misuse them for criminal purposes. |
Solution/Tips | If Outdated RC4 encryption supported was reported, deactivate support for the RC4 encryption. |