Windows Update has deprecated support for the RC4 cipher


On a Windows-based computer that's configured to use a set of cipher suites other than the default Windows set, you discover that you can no longer download updates from Windows Update.


This issue affects computers that have relied on the RC4 cipher to connect with Windows Update. Windows Update has changed its connection security protocols to end support for the RC4 cipher. The RC4 cipher is now disabled by default, and it's no longer used during TLS fallback negotiations.

For security purposes, Windows Update is complying with Security Advisory 2868725, which recommends removing support for RC4. Therefore, Windows Update has discontinued support for the RC4 cipher. If your computer is configured to use only cipher suites that are not supported by Windows Update (such as those that include RC4), this will prevent the computer from obtaining updates through Windows Update.


Since 2013, Microsoft has recommended that customers enable TLS 1.2 on their services and remove support for RC4. For more information, see Security Advisory 2868725.

Alternative ciphers, such as AES, will continue to work. For more information about cipher suites and about which ciphers are supported in Windows, see Cipher suites in TLS/SSL (Schannel SSP).

To mitigate this issue, enable cipher suites that use alternative ciphers that are supported by Windows Update, such as AES.