RC4 cipher suites detected on status.slack.com

A group of researchers (Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt) have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm which become apparent in TLS ciphertexts when the same plaintext is repeatedly encrypted. This vulnerability affects Server. Attack details RC4 cipher suites (TLS1 on port 443): TLS1_CK_RSA_WITH_RC4_128_SHA - High strength TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA - High strength The impact of this vulnerability An attacker can recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. How to fix this vulnerability The most effective countermeasure against this attack is to stop using RC4 in TLS. Consult web references for more information about this attack and how to protect against it.