Ok so then the issue would be with the server that hosts a site. Would then ecart use whatever cipher is on the server. I ask because of this:
RC4 Cipher Disablement
In an effort to ensure that all of your server-to-server communications with the Authorize.Net platform (both transactional and otherwise) maintain the highest levels of security, we will be disabling the RC4 cipher suite during the first half of 2016. A follow-up notification will be sent out once specific dates for the disablement are ready for the sandbox and production environments.
So I will focus on the server and assume that ecart will use whatever cipher is installed on the hosting server. Doe sthat sound like a sound plan?