SSL Cipher changes in MS15-031 - Is RC4 killed or not? RRS feed

  • Question

  • Hi!

    I'm not sure which forum would be the right Place for this topic, but let's try this one..

    I'm a bit confused of the actual impact of installing MS15-031.

    On the "workarounds" part of the kb article, MS presents a customer with a list of SSL Ciphers that can be manually imported to Computers,

    to fix the FREAK issue. In this list, all RC4 ciphers are removed, as well as many others (like RSA/SHA1 based AES ciphers).

    I installed the update kb3046049 on a test Computer and sniffed the client hello - packets, and to my surprise RC4 and SHA1/RSA ciphers are still there?

    So is it so that the actual impact of the kb3046049 is different than the impact of the workaround suggested?

    How the TLS handshake is modified so that downgrade no longer happens, or is the fix done simply by disallowing unsecure ciphers?

    In case that the kb article just removes unsecure Ciphers, what ciphers does it remove since the ones that are removed by the suggested workaround, are still in use after applying the patch?

    So I'm looking for painfully detailed technical explanation. :)

    Antti Laatikainen IT Security Manager Santen Europe

    Wednesday, March 11, 2015 2:20 PM