We published a first plaintext recovery attack of RC4 in the broadcast setting where same plaintext is encrypted by different user keys at FSE 2013 (earlier than AlFardan-Bernstein-Paterson-Poettering-Schuldt Results).

[1] Takanori ISOBE, Toshihiro OHIGASHI, Yuhei WATANABE, and Masakatu MORII, "Full Plaintext Recovery Attack on Broadcast RC4," Proc. the 20th International Workshop on Fast Software Encryption (FSE 2013), Mar. 10-13, 2013. (Submission deadline: November 12, 2012)

The broadcast setting is easily converted into the multi session setting of SSL/TLS.

Summary of results of our paper is as follows

Our attack can recover ANY byte of first 257 bytes of the plaintext by using around 2^32 ciphetexts.

Our attack can also recover later bytes (after 258 bytes) by using 2^34 ciphertexts.

In addition, we give theoritical reasons why first 255 bytes of the keystream have such strong biases.

Pre-proceedings version of this paper and its slide are available at (paper) and (slide).