Internet Explorer 11 is the first browser to make Internet connections more secure and reliable by reducing the use of vulnerable ciphersuites, such as RC4 and by using the latest security standards, TLS 1.2, by default. With these changes in IE11, you can have peace of mind when accessing your critical personal information on social media, banking, commerce, and other sites. These advances build on our continued work to make IE the most secure browser in key areas such as
socially engineered attacks.
IE11 Reduces Use of Vulnerable RC4 Cipher Suite
IE11 takes a big step toward better security by reducing the use of the vulnerable RC4 cipher suite. RC4 is a stream cipher that is widely supported—and often preferred—by TLS servers. However, recent studies such as those by
AlFardan suggest exploits in the RC4 key stream that can be used to recover some encrypted data. RC4 has other weaknesses as well, as discovered by
Paul,
Mantin, and
Fluhrer. Based on these studies, the
industry consensus is that RC4 has a variety of cryptographic weaknesses, and RC4 exploits are now practical.We have
proposed changes to the TLS standard, so that other browsers and industry players can follow our lead in securing the Web.
