JDK-8209658 : Release Note: Disabled All DES TLS Cipher Suites
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 6u211,7u201,8u191,11.0.1,12
  • Priority: P3
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2018-08-17
  • Updated: 2019-04-09
  • Resolved: 2018-08-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 6 JDK 7 JDK 8
11.0.1Resolved 6u211Resolved 7u201Resolved 8u191Resolved
DES-based TLS cipher suites are considered obsolete and should no longer be used.  DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the `jdk.tls.disabledAlgorithms` security property.  These cipher suites can be reactivated by removing "DES" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method.  In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the `jdk.tls.disabledAlgorithms` security property.
See release note text in Description section.