JDK-8162786 : Release Note: Support for Customization of Default Enabled Cipher Suites via System Properties
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 6u115,7u211,8u192
  • Priority: P3
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2016-07-29
  • Updated: 2019-04-09
  • Resolved: 2017-04-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8
6u115Resolved 7u211Resolved 8u192Resolved
Description
The system property `jdk.tls.client.cipherSuites` can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property `jdk.tls.server.cipherSuites` can be used for customization on the server side.
 
The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites.  All other supported cipher suites are disabled for this default setting.  Unrecognized or unsupported cipher suite names specified in properties are ignored.  Explicitly setting enabled cipher suites will override the system properties.
 
Refer to the [Java Cryptography Architecture Standard Algorithm Name Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) for the standard JSSE cipher suite names, and the [Java Cryptography Architecture Oracle Providers Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html) for the cipher suite names supported by the SunJSSE provider.
 
Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
 
Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.

Warning:  These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time.  We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.