Title: A research study: Usage of RC4 stream cipher in SSL configurations of web servers used by Sri Lankan Financial Institutes

Issue Number: Vol. 7, No. 2
Year of Publication: Jun - 2018
Page Numbers: 111-118
Authors: Tharindu D.B Weerasinghe, Chamara Disanayake
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002375


The security of the Internet is mainly based on Secure Socket Layer (SSL) or its successor Transport Layer Security (TLS). To secure the on-line transactions, the organizations widely use the particular protocol(s) in their web portals. In SSL, a lot of cipher suits are used as encryption algorithms. RC4 is the most commonly used stream cipher (although it is regarded as a weak cipher) and it is used in SSL as an encryption algorithm. SSL is the most renowned security protocol for pursuating a secure link between a web server and a browser. Nonetheless the stream cipher RC4 is found to be vulnerable for various attacks. The main objective of this research study is to find-out the usage of RC4 stream cipher in on-line web portals of Sri Lankan Financial Sector, as well as the awareness level of the IT and Security administrators and managers of some of the selected banks which are geographically based in Sri Lanka, regarding the usage of RC4 in SSL.