The IETF is callng for comments on a draft proposal that RC4 no longer be supported by clients and servers negotiating TLS connections.
The closing date for comments is the 10th December.
Will Qualsys be amending the SSL checks to penalise RC4 more strongly? A server using nothing but RC4 can still get an A- grade despite it being a weak cipher and not supporting forward secrecy.
In fact examples such as bank.barclays.co.uk (major online banking portal) still rates an A- grade despite triggering multiple warnings (SHA 1 cert, RC4, No Forward Secrecy, SSL 3, etc) which doesn't seem right when sites which do none of those things, but which don't support forward secrecy with ancient versions of Internet Explorer get capped at an A.