RC4 cipher is no longer supported in Internet Explorer 11 or Microsoft Edge (2024)

Warning:The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see Internet Explorer 11 desktop app retirement FAQ.

About this update

There is consensus across the industry that the RC4 cipher is no longer cryptographically secure, and therefore RC4 support is being removed with this update. With this change, Microsoft Edge and Internet Explorer 11 are aligned with the most recent versions of Google Chrome and Mozilla Firefox.

For detailed information about RC4 cipher removal in Microsoft Edge and Internet Explorer 11, see RC4 will no longer be supported in Microsoft Edge and IE11.

If you want to turn on RC4 support, see details in the More information section.

How to get this update

For Internet Explorer 11 in Windows 8.1or Windows 7

Install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. Additionally, see the technical information about the most recent cumulative security update for Internet Explorer.

Note This update was first included in the MS16-095: Security update for Internet Explorer: August 9, 2016.

For Internet Explorer 11 and Microsoft Edge in Windows 10

To have this change apply for Internet Explorer 11 and Microsoft Edge in Windows 10 or Windows 10 version 1511, you must install one of the following updates:

KB3176492 Cumulative update for Windows 10: August 9, 2016
KB3176493 Cumulative update for Windows 10 Version 1511: August 9, 2016
See Also
The remote service supports the use of the RC4 cipher.Server cipher suites and TLS requirements - Power Platform How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH {Easy Way}How to disable 3DES and RC4 on Windows Server 2019? - Microsoft Q&A

More Information

Update any servers that rely on RC4 ciphers to a more secure cipher suite, which you can find in the most recent priority list of ciphers.

If you have the need to do so, you can turn on RC4 support by enabling SSL3. To have us do this for you, go to the "Here's an easy fix" section. If you prefer to do this manually, go to the "Let me fix it myself" section.

Note (risk): Using this workaround increases your risk, as the RC4 ciphers are considered insecure, and SSL3 as a whole was disabled by default with the April 2015 security updates for Internet Explorer because of known vulnerabilities. We consider this workaround a last resort, and you should either update the server or request that the server owner update the list of supported cipher suites in compliance with Update to add new cipher suites to Internet Explorer and Microsoft Edge in Windows (KB3161639).

Here's an easy fix

To turn on RC4 support automatically, click the Download button. In the File Download dialog box, click Run or Open, and then follow the steps in the easy fix wizard.

Notes

This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
If you are not on the computer that has the problem, save the easy fix solution to a flash drive or a CD and then run it on the computer that has the problem.

Let me fix it myself

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

You can also turn on RC4 support by enabling SSL3 in either settings or through the registry manually.

Method 1: Internet Options settings

To turn on SSL3 in Microsoft Edge or Internet Explorer through settings, follow these steps (be aware that the Microsoft Edge uses the Internet Explorer 11 settings; there is no way to do this in the Microsoft Edge UI):

Start Internet Explorer.
Go to Internet Options > Advanced > Settings > Security > Use SSL 3.0.

Method 2: Registry Editor

To turn on SSL3 through the registry:

Start Registry Editor to modify the registry entry:
- In Windows 10, go to Start, enter regedit in the Search Windows box, and then select regedit.exe in the search results.
- In Windows 8.1, move your mouse to the upper-right corner, click Search, type regedit in the search text box, and then click regedit.exe in the search results.
Locate and then select the following registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols Note If you don’t have SecureProtocols registry entry added, you can follow these steps:
1. Locate and then select the following registry subkey:
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
2. On the Edit menu, point to New, and then click DWORD Value.
3. Type SecureProtocols, and then press Enter.
Change the current SecureProtocols value by setting the fifth bit to 1.
For example, if the current value is "0x0a80," setting the fifth bit of "0x0a80" will produce the value "0x0aa0" ("0x0a80 | 0x0020 = 0x0aa0").

Ifyou enable SSL3, some secure siteswill fail to load,youmight try to see what’s going wrong by enabling Fiddler’s HTTPS Decryption feature and re-visiting the site.For more information, seeMisbehaving HTTPS Servers impair TLS 1.1 and TLS 1.2.

References

Learn about the terminology that Microsoft uses to describe software updates.