Update: 13th September 2016:
Microsoft have since disabled support for the RC4 algorithm in August 2016. They were the final major browser vendor to remove support. I very much welcome this change.
Update: 15th April 2016:
The Microsoft blog post mentioned below has now been updated to include that the RC4 algorithm will now not be disabled in the Microsoft security updates for April 2016 that have now have arrived. No further timelines/deadlines were provided.
In my opinion, I hope that this algorithm is disabled sooner rather than later after it was first considered to no longer be secure enough for use in 2013 it’s removal from active service has already taken too long.
Update: 1st April 2016:
Microsoft in a blog post published in March announced that they would be dropping support for RC4 within Edge and Internet Explorer 11 when the security updates for these products are released on the 12th of April. Within that post Microsoft provide a reference/advice for website administrators to migrate from RC4.
Update: 26th January 2016:
As mentioned within a separate blog post, as scheduled Mozilla removed support for the RC4 algorithm with their release of Firefox 44. Further details are available within that blog post.
Update: 10th January 2016:
Last month when Google made available the beta version of Google Chrome 48; the release notes (see the “Minor changes” section at the end of that post) mentioned that the RC4 cipher would no longer be supported going forward. This fact was reiterated in a later blog post in December announcing the gradual phasing out of SHA-1. This also aligns with Mozilla and Microsoft’s timeline of early 2016.
Further update: On the 20th of January Google made available Chrome version 48 via their Stable release channel making the removal of the RC4 algorithm available to a much wider audience.
Early last week 3 of the top browser vendors, Mozilla, Google and Microsoft announced their joint plans to remove support for the RC4 encryption algorithm used to secure some HTTPS websites in early 2016.
Why Is This Change Significant?
As mentioned in Google’s discussion, RC4 is a 28 year old encryption algorithm that has successfully secured connections between servers and client devices during that time. However as I mentioned in a previous blog post and which Google references the same research paper as example 2 (among others), an increasing number of attacks are becoming possible on RC4. Google also mentions the IEFT’s decision stating that RC4 should no longer be used. Since the use of RC4 puts the information that it is attempting to secure at potential (but growing) risk RC4 should no longer be considered fit for purpose. Further background on this upcoming changes is provided in this InfoWorld blog post.
For web browser users, simply continue to keep your preferred web browser up to date to receive these changes in early 2016.
Update: 24th September 2015: Google have provided more advice and information regarding their transition away from RC4 and SSL v3 in this blog post.
Update: 7th February 2016:
In early 2013 Qualys published a thorough blog post with recommendations on transitioning from RC4.
I hope that the above advice/notice is helpful in preparing for this upcoming change.