While looking at SSL/TLS in a little more detail, I noticed that many websites default to RC4 which Firefox characterizes “High-grade Encryption” (Tools->Page Info, General and Security Tabs) but which is characterized by Wikipedia as “RC4 has weaknesses that argue against its use in new systems”. RC4 is used because it is much faster than AES. (Web servers can drive 15-20% more traffic with RC4 (128) than with 3DES (EDE). Based on actual results, but YMMV.) Example websites using RC4 include my credit union, a well known online savings account provider, and my 401K provider. Algorithm negotiation is built into the TLS protocol, so you can tweak your Firefox configuration so that your browser no longer offers to use the RC4 protocol. To change your Firefox configuration, surf to about:config and promise to be careful. Search on rc4
security.ssl2.rc4_128 default boolean false<br /> security.ssl2.rc4_40 default boolean false<br /> security.ssl3.ecdh_ecdsa_rc4_128_sha default boolean true<br /> security.ssl3.ecdh_rsa_rc4_128_sha default boolean true<br /> security.ssl3.ecdhe_ecdsa_rc4_128_sha default boolean true<br /> security.ssl3.ecdh_rsa_rc4_128_sha default boolean true<br /> security.ssl3.rsa_1024_rc4_56_sha default boolean false<br /> security.ssl3.rsa_rc4_128_md5 default boolean true<br /> security.ssl3.rsa_rc4_40_md5 default boolean true

Double click on the ones that are marked true to turn them off. Surf out to your bank and voila, you are now (most likely) using AES instead of RC4. (In my Firefox configuration, turning off only RC4 left 3DES still enabled, so if you want to be sure to use AES, you have to turn off the DES options also. Even with DES still enabled, AES-128 was the negotiated algorithm for the financial institutions that I tested.)

Do I think that this is necessary? No, not really. I *do* wonder why an algorithm suite as weak as 40 bit RC4 combined with MD5 is still turned on by default, but in general I believe that crypto is the least of your security worries. But I enjoyed the experiment and I consider this a silent vote for better web security which is now cast every time that I surf out to a secure site.

If you run a webserver, you can tweak your SSLCipherSuite setting to remove RC4 from the algorithms that you offer. See the Apache documentation at http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.

If you are interested in a more rigorous treatment of the performance aspects of this topic, I highly recommend the paper by Li Zhao, Ravi Iyer, Srihari Makineni, and Laxmi Bhuyan entitled Anatomy and Performance of SSL Processing.