JDK-8211862 : Disable all RC4 cipher suites on JDK 7
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-10-08
  • Updated: 2018-11-15
  • Resolved: 2018-10-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7u211 b02Fixed
Related Reports
Relates :  
Relates :  
Sub Tasks
JDK-8213423 :  
Description
All RC4-based TLS cipher suites should be disabled on JDK 7. Only RC4_40 suites are disabled. The other RC4 suites are currently available but not enabled by default. To use them they must be explicitly enabled by an application, for example, by calling `SSLSocket.setEnabledCipherSuites`. Due to the age and insecurity of RC4, these cipher suites should no longer be available without additional intervention by the user or administrator through the `jdk.tls.disabledAlgorithms` security property.

All RC4 suites are disabled on JDK 8 and up.