Enabling RC4 cipher suite for Spring Boot Application

1.9k views Asked by At

I am trying to enable RC4 cipher suites in Spring Boot Application(The application supports only JSEE cipher suites http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html)

The above link has so many RC4 cipher suites, what all the cipher suites should be enabled to avoid BEAST attack? Is there a way to support RC4 cipher only for TLS v1.0 in Spring Boot Application?

1

There are 1 answers

2
Robert On

Your information is a bit outdated. Yes, RC4 can be used to mitigate BEAST attack. The positive factor of RC4 regarding BEAST is that it is a stream cipher, not a block cipher.

However the RC4 as an encryption algorithm has several weaknesses which can be used to attack the encryption itself.

Therefore the general security recommendation is to disable RC4 ciphers at all.

Better upgrade your systems and use TLS 1.2 connections only. This prevents BEAST as well.