Details

      Description

      RC4-based TLS cipher suites are considered obsolete and should no longer be used. RC4-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "RC4" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "RC4" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling RC4 must be followed by adding RC4-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

      Note that prior to this change, RC4_40 (but not all RC4) suites were disabled via the `jdk.tls.disabledAlgorithms` security property. All RC4 suites are already disabled in JDK 8u60 and later JDK releases.

        Attachments

          Activity

            People

            • Assignee:
              mullan Sean Mullan
              Reporter:
              mullan Sean Mullan
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: