RC4 is an encryption cipher used in protocols such as SSL / TLS . RC4 ciphers have long been considered problematic because of their vulnerability to a number of cryptographic weaknesses that can be exploited. To know more about RC4 vulnerabilities, have a look at the current IETF draft .
We wish to bring to your attention that due to these security vulnerabilities , we will be phasing out support for the RC4 encryption algorithm from 30th June 2015 .
We will stop extending support to the following RC4 ciphers for our SSL / TLS protocols.
TLS _ RSA _ WITH_RC4_128_ SHA
TLS _ ECDHE _ RSA _ WITH_RC4_128_ SHA
Analysis of connections to Zoho services show that only 0. 1% of users utilize RC4 in their protocols. As a Zoho user, depending on how you access Zoho services, there are two cases in which this can affect you -
Accessing Zoho services t hrough API calls:
If you have configured your integration to access Zoho services through API calls, you may need to re-configure your current integration so that it uses a more secure alternative such as AES . If your integration was provided by a third-party vendor please do get in touch with them and re-configure your integration. I f you are uncertain of your current integration, please provide us the name of your third-party vendor or a copy of your code snippet so that we can assist you.
Accessing Zoho services through browser:
If you are accessing Zoho services using Internet Explorer(IE6 or less) on Windows XP ( or lower) you will not be able to access zoho.com. Similarly , people who access Zoho services through outdated browsers on devices such as old mobile phones will not be able to access zoho.com.
As a workaround, we strongly recommend Windows XP users to switch to a newer version of Windows. If this is not possible, you will need to use updated versions of browsers such as Firefox/ Chrome to access zoho.com.
Please keep in mind that failure to make these changes before 30th June 2015 will render you unable to access Zoho services.
Please write back to us at security@zohocorp.com if you need any clarification.
Regards,
Zoho Security Team.