Description
XDCR SSL uses RC4 by default, according the code comments this was chosen to mitigate BEAST (Browser Exploit Against SSL/TLS) http://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack
RC4 is no longer considered secure, http://blog.cloudflare.com/killing-rc4-the-long-goodbye/
With TLS 1.2, which Erlang R16 supports, BEAST is no longer a threat so AES should now be used.
Looks like XDCR uses TLS but RC4 cipher is still supported.
Solution -
RC4 should be removed from the allowable cipher list.