The IETF TLS-WG is likely (my opinion) to soon put out an RFC that, basically deprecates RC4.
We have customers with many embedded devices (old web TV's, almost every game
console, etc), not just browsers. But for OpenSSL and in particular new code,
dropping RC4 is the thing to do.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]; Twitter: RichSalz
