Safest ciphers to use with the BEAST? (TLS 1.0 exploit) I've read that RC4 is immune

Now that the BEAST is public knowledge, TLS 1.0 is NOT safe to use (nor is SSL 3.0). I have seen reports that the RC4 cipher is unaffected (and is widely supported). Is that true?

I know that TLS 1.1 is immune. But out of the 1,000,000 most popular SSL/TLS enabled websites, only a few (221) support TLS 1.1 or higher.

The exploit is restricted to browsers because it requires JavaScript or Browser Plugins via MITM. PayPal.com is vulnerable, as of this writing.


Solution 1:

Correct; RC4 is a stream cipher, and is not affected.

The flaw is in CBC message construction, so the ciphers using CBC (there's a bunch, but AES and 3DES are the most popular) are all affected.