JDK-8213423 : Release Note: Disabled All RC4 TLS Cipher Suites on JDK 7
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7u211
  • Priority: P3
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2018-11-06
  • Updated: 2019-01-24
  • Resolved: 2018-11-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7u211Resolved
Description
RC4-based TLS cipher suites are considered obsolete and should no longer be used. RC4-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "RC4" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "RC4" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling RC4 must be followed by adding RC4-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

Note that prior to this change, RC4_40 (but not all RC4) suites were disabled via the `jdk.tls.disabledAlgorithms` security property. All RC4 suites are already disabled in JDK 8u60 and later JDK releases.