Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211862

Disable all RC4 cipher suites on JDK 7

    Details

      Description

      All RC4-based TLS cipher suites should be disabled on JDK 7. Only RC4_40 suites are disabled. The other RC4 suites are currently available but not enabled by default. To use them they must be explicitly enabled by an application, for example, by calling `SSLSocket.setEnabledCipherSuites`. Due to the age and insecurity of RC4, these cipher suites should no longer be available without additional intervention by the user or administrator through the `jdk.tls.disabledAlgorithms` security property.

      All RC4 suites are disabled on JDK 8 and up.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coffeys Sean Coffey
                Reporter:
                mullan Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: