Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8162362 Introduce system property to control enabled ciphersuites
  3. JDK-8162786

Release Note: Support for Customization of Default Enabled Cipher Suites via System Properties




        The system property `jdk.tls.client.cipherSuites` can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property `jdk.tls.server.cipherSuites` can be used for customization on the server side.
        The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicitly setting enabled cipher suites will override the system properties.
        Refer to the [Java Cryptography Architecture Standard Algorithm Name Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) for the standard JSSE cipher suite names, and the [Java Cryptography Architecture Oracle Providers Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html) for the cipher suite names supported by the SunJSSE provider.
        Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
        Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.

        Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.


            Issue Links



                • Assignee:
                  xuelei Xue-Lei Fan
                  xuelei Xue-Lei Fan
                • Votes:
                  0 Vote for this issue
                  2 Start watching this issue


                  • Created: