The NSA-introduced vulnerability is likely the Dual_EC_DRBG pseudo-random number generator, which wise people have long suspected. It's also fair to assume that the NSA can break RC4 in some way mere mortals can't -- RC4 has been known to be weak for a long time, it's only being revived now because of the BEAST vulnerabilities. See https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html for a good jumping off point. For concrete security suggestions: * Don't enable FIPS mode in OpenSSL. (Dual_EC_DRBG is only used in FIPS mode.) * Make sure your application supports TLS 1.2. (This will allow you to safely avoid RC4.) * Make sure your linux kernel includes https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=… (see https://plus.google.com/u/0/117091380454742934025/posts/XeApV5DKwAj ) * Look closely at your routers and firewalls. --scott ps. If you are running Windows, you might want to take a closer look at Dual_EC_DRBG; it is apparently a standard RNG there. You might also be suspicious of the built-in hardware RNG on your intel/etc processor, I would guess windows probably uses the HWRNG directly. -- ( http://cscott.net/ )