Forum Discussion

Noel_C__180670's avatar
Noel_C__180670
Icon for Nimbostratus rankNimbostratus
Dec 20, 2014

TLS1.x Padding Vulnerability Workaround and EAS

Hello, I'd like to employ the workaround described in SOL15882 where I'll have to create a custom cipher string using RC4-SHA ciphers. The SOL states "clients that do not support the RC4-SHA cipher will fail to establish a connection to the virtual server". Our virtual server is where our Exchange Active Sync (EAS) clients connect to. I would like to know which EAS clients, if any, would be impacted by this change. Any advice would be greatly appreciated!

 

3 Replies

  • RC4 has been around quite a while and I don't think any devices have deprecated it yet. If a device doesn't support it it would more likely be because it was disabled by the user or a policy. Its usually a pretty safe bet that the user will not have disabled RC4. I would however recommend patching sooner rather than later as RC4 is considered to be weak at this point and will soon be considered insecure.

     

  • i agree with Brad, i would expect RC4 to be pretty broadly supported. but do remember that using RC4 is not advised by a large group and i suspect the support is going to go away pretty soon.

     

    so plan that upgrade sooner then later.

     

  • Thanks guys. I plan on upgrading to the latest and greatest within the next several weeks!