Google clarified this week exactly when it plans to disable support for the RC4 stream cipher and the SSLv3 protocol on the company’s SMTP servers and Gmail’s web servers.
It turns out the end will come sooner than later; the company announced it will begin to disable both a month from now, on June 16.
Adam Langley, a security engineer with the company, announced last fall that Google was planning on moving away from both RC4 and SSLv3, citing a long history of weakness in the cipher and protocol. Langley initially failed to provide a timeline but acknowledged the company was looking to rid Chrome, Android, webcrawlers, and SMTP servers of RC4 and SSLv3 in the medium term.
Researchers have been poking holes in both platforms for years.
As it is, RC4 will be 29 years old this year. For nearly half of the cipher’s existence, researchers have been aware of a weakness that could allow an attacker to decrypt the keystream.
In a talk at a USENIX conference last summer, researchers demonstrated a RC4 attack that dramatically reduces cookie decryption, and in turn, plaintext recovery time. It was more than three years ago that a professor outlined a weakness in the cipher that could let an attacker compromise a victim’s session with a site protected by TLS.
Attacks over the years like POODLE and BEAST have been a thorn in the side of SSLv3 and while browser vendors were quick to remove fallback to SSLv3 in wake of those attacks, it wasn’t until last year that the protocol was dealt what may have been its death knell. An Internet Standards Track document published by the Internet Engineering Task Force (IETF) in June outright called SSLv3 “not sufficiently secure” and prohibited any fallback to SSLv3 in new applications.
Google’s been proactive as of late when it comes to purging old, outdated, and vulnerable protocols from its products.
The company announced earlier this week that by the year’s end, save for a few sites, it would phase out the oft-targeted Flash and make HTML5 the default for rich media in its Chrome browser. The company announced at the tail end of last year that it would deprecate SHA-1 certificates in January and that by January 2017, or July 1 of this year, block the cryptographic hash function in Chrome.
The company is urging any organizations on Google Apps still using either RC4 or SSLv3 to update to a more modern TLS configuration. In particular, Google singled out some groups it feels may still be using SSLv3, including inbound/outbound gateways, third-party emailers, and systems using SMTP relay, and called on them to update.
“After this change, servers sending messages via SSLv3 and RC4 will no longer be able to exchange mail with Google’s SMTP servers, and some users using older and insecure mail clients won’t be able to send mail,” the company wrote in a post to its Google Apps Updates blog Tuesday