Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211862 Disable all RC4 cipher suites on JDK 7
  3. JDK-8213423

Release Note: Disabled All RC4 TLS Cipher Suites on JDK 7

    XMLWordPrintable

    Details

      Description

      RC4-based TLS cipher suites are considered obsolete and should no longer be used. RC4-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "RC4" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "RC4" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling RC4 must be followed by adding RC4-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

      Note that prior to this change, RC4_40 (but not all RC4) suites were disabled via the `jdk.tls.disabledAlgorithms` security property. All RC4 suites are already disabled in JDK 8u60 and later JDK releases.

        Attachments

          Activity

            People

            Assignee:
            mullan Sean Mullan
            Reporter:
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: