JDK-8163326 : Update the default enabled cipher suites preference
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-08-06
  • Updated: 2019-09-26
  • Resolved: 2019-04-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13
13 b16Fixed
Related Reports
CSR :  
JDK-8219545 - Update the default enabled cipher suites preference
Relates :  
JDK-8204636 - Improvement of TLS 1.3 implementation
Sub Tasks
JDK-8219551 :  
Release Note: Updated the Default Enabled Cipher Suites Preference - Closed
Description
At present, the SunJSSE provider prefers the better performance of key exchange and digital signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.

Forward secrecy should be preferable first.  If the DHE ephemeral key limitation get resolved, the order should be changed to ECDHE-ECDSA, ECDHE-RSA, DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.
Comments
Fix it when the FFDHE get more popular in the industry, probably when TLS 1.3 get released.
06-09-2017