“Should we use RC4 or AES-CBC ?” This is a legitimate question. Many have heard of the highly publicized attacks against AES-CBC (CRIME, BEAST etc) and lean towards RC4. If asked (granted no one asks me), my answer would be: If you can control web servers (not feasible in all situations) and users’ browsers (almost impossible), upgrade to TLS 1.2 and go with AES-GCM. However, not many browsers supported these and to be honest, more users trumps loss of security in many cases.
RC4 was a masterpiece for its time (it still is) but it has extreme biases in its PRNG and attacks are prevalent  and because it only takes a seed (with no nonce), if a key is re-used, one can find the XOR of plaintexts by XOR-ing two ciphertexts. A recent demonstration of this weakness was in the popular “Whatsapp” application where the same key was used in both directions . Granted This was an application design flaw but Whatsapp has quite the security history (google Whatsapp and IMEI).
A few days ago Microsoft released security advisory 2868725 “Recommendation to disable RC4.” They found out that less than 4% of their 5 million sample websites only worked with RC4 (although from my personal experience RC4 share is probably higher) .
IE 11 turns TLS 1.2 on by default .
A day after I wrote the draft of this blog post, Adam Langley (author of patches in links 4 and 5) wrote a blogpost named "A roster of TLS cipher suites weaknesses" . He discusses the strengths and weaknesses of the aforementioned three different ciphersuites (RC4, AES-CBC and AES-GCM) on top of Chacha20,Poly1305 (if you do not know why the numbers are not powers of 2, google it :D).
tl;dr: seems like AES-GCM is the flavor of the month. More and more browsers are supporting it, it may be a good time to start moving towards it.
PS: I know, I will get the contact page fixed soon (tm).