What can happen if I remove TLS_RSA_WITH_RCA_128_SHA from my server's cipher suite?
I run a website that supports many clients via web services. I'm setting up some new certificates and load balancers and when doing ssllabs's server test, it's flagging all my ciphers as OK except TLS_RSA_WITH_RC4_128_SHA. What would be the impact of removing this cipher? In other words, what clients might have issues connecting without it?
AIUI if you want to support IE 6 then you basically have to support at least one of TLS_RSA_WITH_RC4_128_SHA or TLS_RSA_WITH_3DES_EDE_CBC_SHA . Both have their problems. RC4 has severe keystream bias issues. CBC has been hit by padding and IV related attacks (BEAST, POODLE etc). The general consensus at the moment seems to be that if you need to support IE 6 then TLS_RSA_WITH_3DES_EDE_CBC_SHA is a lesser evil than TLS_RSA_WITH_RC4_128_SHA