United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8076221 : Disable RC4 cipher suites

Details
Type:
Enhancement
Submit Date:
2015-03-30
Status:
Closed
Updated Date:
2017-05-17
Project Name:
JDK
Resolved Date:
2015-04-15
Component:
security-libs
OS:
Sub-Component:
javax.net.ssl
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Relates:

Sub Tasks

Description
The proposal [1] to prohibit RC4 has been accepted by IETF. We should add RC4 to "jdk.tls.disabledAlgorithms" security property.

[1] https://tools.ietf.org/html/rfc7465
                                    

Comments
You can also use the -Djava.security.properties command line option to override the jdk.tls.disabledAlgorithms security property and re-enable RC4, ex:

  java -Djava.security.properties=my.java.security ...

where my.java.security is a file containing the property without RC4:

  jdk.tls.disabledAlgorithms=SSLv3
                                     
2015-05-27
Suggested release note:

RC4-based TLS ciphersuites (e.g. TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). Accordingly, RC4-based TLS ciphersuites have been deactivated by default in the Oracle JSSE implementation by adding "RC4" to "jdk.tls.disabledAlgorithms" security property, and by removing them from the default enabled ciphersuites list. These cipher suites can be reactivated by removing "RC4" form "jdk.tls.disabledAlgorithms" security property in the java.security file or by dynamically calling Security.setProperty(), and also readding them to the enabled ciphersuite list using the SSLSocket/SSLEngine.setEnabledCipherSuites() methods.

                                     
2015-05-19
release-note=yes:

Better to talk about how to re-enable RC4 cipher suites if necessary.  The description depends on whether JDK-8043202 is released in the same time or not.  Please contact me for the release-note review.
                                     
2015-05-06
URL:   http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/23cde932f139
User:  lana
Date:  2015-04-23 01:41:22 +0000

                                     
2015-04-23
URL:   http://hg.openjdk.java.net/jdk9/dev/jdk/rev/23cde932f139
User:  xuelei
Date:  2015-04-15 07:37:49 +0000

                                     
2015-04-15
Code review: http://mail.openjdk.java.net/pipermail/security-dev/2015-April/011991.html
                                     
2015-04-14



Hardware and Software, Engineered to Work Together