-
Sub-task
-
Resolution: Delivered
-
P3
-
7u211, 8u192, 9
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8210266 | 7u211 | Clifford Wayne | P3 | Resolved | Delivered | |
JDK-8210267 | 6u115 | Clifford Wayne | P3 | Closed | Withdrawn |
The system property `jdk.tls.client.cipherSuites` can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property `jdk.tls.server.cipherSuites` can be used for customization on the server side.
The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicitly setting enabled cipher suites will override the system properties.
Refer to the [Java Cryptography Architecture Standard Algorithm Name Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) for the standard JSSE cipher suite names, and the [Java Cryptography Architecture Oracle Providers Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html) for the cipher suite names supported by the SunJSSE provider.
Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.
Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicitly setting enabled cipher suites will override the system properties.
Refer to the [Java Cryptography Architecture Standard Algorithm Name Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html) for the standard JSSE cipher suite names, and the [Java Cryptography Architecture Oracle Providers Documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html) for the cipher suite names supported by the SunJSSE provider.
Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.
Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
- backported by
-
JDK-8210266 Release Note: Support for Customization of Default Enabled Cipher Suites via System Properties
-
- Resolved
-
-
JDK-8210267 Release Note: Support for Customization of Default Enabled Cipher Suites via System Properties
-
- Closed
-